[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] aio: Fix use-after-free in cancellation path
From: |
Stefan Hajnoczi |
Subject: |
Re: [Qemu-devel] [PATCH v2] aio: Fix use-after-free in cancellation path |
Date: |
Tue, 20 May 2014 15:16:22 +0200 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Tue, May 20, 2014 at 10:00:47AM +0800, Fam Zheng wrote:
> diff --git a/thread-pool.c b/thread-pool.c
> index fbdd3ff..d4984ba 100644
> --- a/thread-pool.c
> +++ b/thread-pool.c
> @@ -223,6 +223,7 @@ static void thread_pool_cancel(BlockDriverAIOCB *acb)
> }
> pool->pending_cancellations--;
> }
> + event_notifier_ready(&pool->notifier);
> qemu_mutex_unlock(&pool->lock);
> }
event_notifier_ready() doesn't need pool->lock. Can you call it outside
the lock or am I missing something?
Stefan