dgit.raspbian.org Git - xen.git/commit

author	Roger Pau Monne <roger.pau@citrix.com>
	Tue, 16 May 2017 07:59:23 +0000 (08:59 +0100)
committer	Wei Liu <wei.liu2@citrix.com>
	Fri, 19 May 2017 13:33:22 +0000 (14:33 +0100)
commit	fd519a51192b97168ab1a9ca3405d75d89341ee2
tree	4ca3ba3bce380cfe871ab2984041bf1cb2264401	tree \| snapshot
parent	728d21b29b48f6c45a8e3677e62bd4655d8f737b	commit \| diff

libxl/devd: fix a race with concurrent device addition/removal

Current code can free the libxl__device inside of the libxl__ddomain_device
before the addition has finished if a removal happens while an addition is
still in process:

  backend_watch_callback
            |
            v
       add_device
            |                 backend_watch_callback
    (async operation)                   |
            |                           v
            |                     remove_device
            |                           |
            |                           V
            |                    device_complete
            |                 (free libxl__device)
            v
     device_complete
  (deref libxl__device)

Fix this by creating a temporary copy of the libxl__device, that's tracked by
the GC of the nested async operation. This ensures that the libxl__device used
by the async operations cannot be freed while being used.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reported-by: Ian Jackson <ian.jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Release-acked-by: Julien Grall <julien.grall@arm.com>

tools/libxl/libxl_device.c		diff \| blob \| history
tools/libxl/libxl_internal.h		diff \| blob \| history