From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:56899)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1UPuzw-0002Z9-0y
	for qemu-devel@nongnu.org; Wed, 10 Apr 2013 09:23:38 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1UPuzu-00056N-O8
	for qemu-devel@nongnu.org; Wed, 10 Apr 2013 09:23:35 -0400
Received: from mail-bk0-x22b.google.com ([2a00:1450:4008:c01::22b]:58196)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1UPuzu-000567-Hc
	for qemu-devel@nongnu.org; Wed, 10 Apr 2013 09:23:34 -0400
Received: by mail-bk0-f43.google.com with SMTP id jm2so230359bkc.16
	for <qemu-devel@nongnu.org>; Wed, 10 Apr 2013 06:23:33 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Wed, 10 Apr 2013 15:23:27 +0200
Message-Id: <1365600207-21685-1-git-send-email-pbonzini@redhat.com>
Subject: [Qemu-devel] [PATCH] qemu-char: another io_add_watch_poll fix
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: amit.shah@redhat.com, aliguori@us.ibm.com

After attaching the source, we have to remove the reference we hold
to it, because we do not hold anymore a pointer to the source.

If we do not do this, removing the source will not finalize it and
will not drop the "real" I/O watch source.

This showed up when backporting the new flow control patches to older
versions of QEMU that still used select.  The whole select then failed
with EBADF (poll instead will reporting POLLNVAL on a single pollfd)
and QEMU froze.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 qemu-char.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/qemu-char.c b/qemu-char.c
index 37117b5..2caef56 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -610,6 +610,7 @@ static guint io_add_watch_poll(GIOChannel *channel,
                                gpointer user_data)
 {
     IOWatchPoll *iwp;
+    int tag;
 
     iwp = (IOWatchPoll *) g_source_new(&io_watch_poll_funcs, sizeof(IOWatchPoll));
     iwp->fd_can_read = fd_can_read;
@@ -618,7 +619,9 @@ static guint io_add_watch_poll(GIOChannel *channel,
     iwp->fd_read = (GSourceFunc) fd_read;
     iwp->src = NULL;
 
-    return g_source_attach(&iwp->parent, NULL);
+    tag = g_source_attach(&iwp->parent, NULL);
+    g_source_unref(&iwp->parent);
+    return tag;
 }
 
 static GIOChannel *io_channel_from_fd(int fd)
-- 
1.8.1.4