Anthony Liguori writes ("Re: [Qemu-devel] [PATCH] [ide] Check that asynchronous
(DMA) submission succeeds"):
It's generally dangerous to call callbacks from the code that is issuing
a bdrv_aio_ operation. A malicious guest could potentially force the
emulation into an infinite loop.
I'm not sure exactly what you mean but I'm sure that this is not a
problem in this case. In my patch ide_dma_submit_check is called from
two places:
* ide_read_dma_cb, with ide_read_dma_cb as the callback argument
* ide_write_dma_cb, with ide_write_dma_cb as the callback argument
In both places the only situation where the callback is reentered
immediately is if the aio submission failed. So in that case we
recursively enter the callback function, and we do so exactly once
since we're going to execute the error handling case (ret==-1).
Note that the call to ide_dma_submit_check is at the end of
ide_{read,write}_dma_cb precisely to avoid any kind of reentrancy
problem.