qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [RFC PATCH 2/3] qemu-timer: fix race conditions on freeing

From: Paolo Bonzini
Subject: [Qemu-devel] [RFC PATCH 2/3] qemu-timer: fix race conditions on freeing the timer
Date: Thu, 29 Aug 2013 14:31:00 +0200 
Save the callback and opaque before releasing the mutex, because
the timer could be freed while we do not take the mutex.  Related
to this, ensure the timer is not active before freeing it.

Signed-off-by: Paolo Bonzini <address@hidden>
---
 qemu-timer.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/qemu-timer.c b/qemu-timer.c
index d650247..aa22801 100644
--- a/qemu-timer.c
+++ b/qemu-timer.c
@@ -316,6 +316,7 @@ void timer_init(QEMUTimer *ts,
 
 void timer_free(QEMUTimer *ts)
 {
+    timer_del(ts);
     g_free(ts);
 }
 
@@ -410,7 +411,9 @@ bool timerlist_run_timers(QEMUTimerList *timer_list)
     QEMUTimer *ts;
     int64_t current_time;
     bool progress = false;
-   
+    QEMUTimerCB *cb;
+    void *opaque;
+
     if (!timer_list->clock->enabled) {
         return progress;
     }
@@ -423,13 +426,16 @@ bool timerlist_run_timers(QEMUTimerList *timer_list)
             qemu_mutex_unlock(&timer_list->active_timers_lock);
             break;
         }
+
         /* remove timer from the list before calling the callback */
         timer_list->active_timers = ts->next;
         ts->next = NULL;
+        cb = ts->cb;
+        opaque = ts->opaque;
         qemu_mutex_unlock(&timer_list->active_timers_lock);
 
         /* run the callback (the timer list can be modified) */
-        ts->cb(ts->opaque);
+        cb(opaque);
         progress = true;
     }
     return progress;
-- 
1.8.3.1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]