Allow nested qemu_bh_poll() after BH deletion
Without this, qemu segfaults when a BH handler first deletes its BH and then calls another function which involves a nested qemu_bh_poll() call. This can be reproduced by generating an I/O error (e.g. with blkdebug) on an IDE device and using rerror/werror=stop to stop the VM. When continuing the VM, qemu segfaults. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
This commit is contained in:
parent
ee752da74f
commit
7887f6201f
5
async.c
5
async.c
@ -137,11 +137,12 @@ QEMUBH *qemu_bh_new(QEMUBHFunc *cb, void *opaque)
|
|||||||
|
|
||||||
int qemu_bh_poll(void)
|
int qemu_bh_poll(void)
|
||||||
{
|
{
|
||||||
QEMUBH *bh, **bhp;
|
QEMUBH *bh, **bhp, *next;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
for (bh = async_context->first_bh; bh; bh = bh->next) {
|
for (bh = async_context->first_bh; bh; bh = next) {
|
||||||
|
next = bh->next;
|
||||||
if (!bh->deleted && bh->scheduled) {
|
if (!bh->deleted && bh->scheduled) {
|
||||||
bh->scheduled = 0;
|
bh->scheduled = 0;
|
||||||
if (!bh->idle)
|
if (!bh->idle)
|
||||||
|
Loading…
Reference in New Issue
Block a user