From: Ian Jackson Date: Fri, 20 Dec 2013 16:34:41 +0000 (+0000) Subject: libxl: ao: Provide manip_refcnt X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~3000 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=bc0b4c80cb61583eba2fd99a21d6a4e337233818;p=xen.git libxl: ao: Provide manip_refcnt Previously we used in_initiator to stop the ao being freed while we were still in the initiator function (which would result in the initiator's call to libxl__ao_inprogress accessing the ao after it had been freed). We are going to introduce a new libxl entrypoint which finds, and operates on, ongoing aos. This function needs the same protection, and might even end up running on the same ao multiple times concurrently. So do this with reference counting instead, with a new variable ao->manip_refcnt. We keep ao->in_initiator because that allows us to keep some useful asserts about the sequencing of libxl__ao_inprogress, etc. Signed-off-by: Ian Jackson Acked-by: Ian Campbell --- v5: Fix typo in commit message. v3: Add a missing space. Mention locking in the comment. --- diff --git a/tools/libxl/libxl_event.c b/tools/libxl/libxl_event.c index 96efb33e26..6d5f9d8c4e 100644 --- a/tools/libxl/libxl_event.c +++ b/tools/libxl/libxl_event.c @@ -33,6 +33,8 @@ static libxl__ao *ao_nested_root(libxl__ao *ao); +static void ao__check_destroy(libxl_ctx *ctx, libxl__ao *ao); + /* * The counter osevent_in_hook is used to ensure that the application @@ -1347,8 +1349,7 @@ static void egc_run_callbacks(libxl__egc *egc) ao->how.callback(CTX, ao->rc, ao->how.u.for_callback); CTX_LOCK; ao->notified = 1; - if (!ao->in_initiator) - libxl__ao__destroy(CTX, ao); + ao__check_destroy(CTX, ao); CTX_UNLOCK; } } @@ -1729,6 +1730,33 @@ int libxl_event_wait(libxl_ctx *ctx, libxl_event **event_r, * - destroy the ao */ + +/* + * A "manip" is a libxl public function manipulating this ao, which + * has a pointer to it. We have to not destroy it while that's the + * case, obviously. Callers must have the ctx locked, obviously. + */ +static void ao__manip_enter(libxl__ao *ao) +{ + assert(ao->manip_refcnt < INT_MAX); + ao->manip_refcnt++; +} + +static void ao__manip_leave(libxl_ctx *ctx, libxl__ao *ao) +{ + assert(ao->manip_refcnt > 0); + ao->manip_refcnt--; + ao__check_destroy(ctx, ao); +} + +static void ao__check_destroy(libxl_ctx *ctx, libxl__ao *ao) +{ + if (!ao->manip_refcnt && ao->notified) { + assert(ao->complete); + libxl__ao__destroy(ctx, ao); + } +} + void libxl__ao__destroy(libxl_ctx *ctx, libxl__ao *ao) { AO_GC; @@ -1810,8 +1838,8 @@ void libxl__ao_complete_check_progress_reports(libxl__egc *egc, libxl__ao *ao) } ao->notified = 1; } - if (!ao->in_initiator && ao->notified) - libxl__ao__destroy(ctx, ao); + + ao__check_destroy(ctx, ao); } libxl__ao *libxl__ao_create(libxl_ctx *ctx, uint32_t domid, @@ -1826,6 +1854,7 @@ libxl__ao *libxl__ao_create(libxl_ctx *ctx, uint32_t domid, ao->magic = LIBXL__AO_MAGIC; ao->constructing = 1; ao->in_initiator = 1; + ao__manip_enter(ao); ao->poller = 0; ao->domid = domid; LIBXL_INIT_GC(ao->gc, ctx); @@ -1906,11 +1935,7 @@ int libxl__ao_inprogress(libxl__ao *ao, } ao->in_initiator = 0; - - if (ao->notified) { - assert(ao->complete); - libxl__ao__destroy(CTX,ao); - } + ao__manip_leave(CTX, ao); return rc; } diff --git a/tools/libxl/libxl_internal.h b/tools/libxl/libxl_internal.h index 79cdec1410..02314b6116 100644 --- a/tools/libxl/libxl_internal.h +++ b/tools/libxl/libxl_internal.h @@ -469,6 +469,7 @@ struct libxl__ao { */ uint32_t magic; unsigned constructing:1, in_initiator:1, complete:1, notified:1; + int manip_refcnt; libxl__ao *nested_root; int nested_progeny; int progress_reports_outstanding;