From 8bd8199f708c41fd779e2b84a7bcc1b8cdb5b753 Mon Sep 17 00:00:00 2001
From: Alexander Graf <alex@csgraf.de>
Date: Wed, 6 May 2009 02:58:48 +0200
Subject: AIO deletion race fix

When deleting an fd event there is a chance the object doesn't get
deleted, but only ->deleted set positive and deleted somewhere later.

Now, if we create a handler for the fd again before the actual
deletion occurs, we end up writing data into an object that has
->deleted set, which is obviously wrong.

I see two ways to fix this:

1. Don't return ->deleted objects in the search
2. Unset ->deleted in the search

This patch implements 1. which feels safer to do. It fixes AIO issues
I've seen with curl, as libcurl unsets fd event listeners pretty
frequently.

Signed-off-by: Alexander Graf <alex@csgraf.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---
 aio.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/aio.c b/aio.c
index 200320c979..11fbb6c0c5 100644
--- a/aio.c
+++ b/aio.c
@@ -44,7 +44,8 @@ static AioHandler *find_aio_handler(int fd)
 
     LIST_FOREACH(node, &aio_handlers, node) {
         if (node->fd == fd)
-            return node;
+            if (!node->deleted)
+                return node;
     }
 
     return NULL;
-- 
cgit v1.2.1