From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:44197)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1QPtaW-0003ZN-Ud
	for qemu-devel@nongnu.org; Fri, 27 May 2011 05:44:14 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1QPtaU-0000nr-WE
	for qemu-devel@nongnu.org; Fri, 27 May 2011 05:44:12 -0400
Received: from mx1.redhat.com ([209.132.183.28]:57839)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1QPtaU-0000nk-OC
	for qemu-devel@nongnu.org; Fri, 27 May 2011 05:44:10 -0400
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
	(int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p4R9i9Nn002172
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <qemu-devel@nongnu.org>; Fri, 27 May 2011 05:44:09 -0400
From: Kevin Wolf <kwolf@redhat.com>
Date: Fri, 27 May 2011 11:46:58 +0200
Message-Id: <1306489618-9397-1-git-send-email-kwolf@redhat.com>
Subject: [Qemu-devel] [PATCH] blockdbg: Fix Bottom Half deletion
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com

You can only delete a BH in its BH handler if you don't call a nested
qemu_bh_poll afterwards (the nested one would free the BH and the outer one
segfaults when returning from the BH handler).

To avoid this situation, first call the callback and only then delete the BH.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block/blkdebug.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/block/blkdebug.c b/block/blkdebug.c
index cd9eb80..45bbab8 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -316,8 +316,8 @@ static int blkdebug_open(BlockDriverState *bs, const char *filename, int flags)
 static void error_callback_bh(void *opaque)
 {
     struct BlkdebugAIOCB *acb = opaque;
-    qemu_bh_delete(acb->bh);
     acb->common.cb(acb->common.opaque, acb->ret);
+    qemu_bh_delete(acb->bh);
     qemu_aio_release(acb);
 }
 
-- 
1.7.2.3