AIO deletion race fix

When deleting an fd event there is a chance the object doesn't get deleted, but only ->deleted set positive and deleted somewhere later. Now, if we create a handler for the fd again before the actual deletion occurs, we end up writing data into an object that has ->deleted set, which is obviously wrong. I see two ways to fix this: 1. Don't return ->deleted objects in the search 2. Unset ->deleted in the search This patch implements 1. which feels safer to do. It fixes AIO issues I've seen with curl, as libcurl unsets fd event listeners pretty frequently. Signed-off-by: Alexander Graf <alex@csgraf.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2025-08-04 08:13:54 -06:00 · 2009-05-06 02:58:48 +02:00 · 2009-05-06 02:58:48 +02:00 · 79d5ca5617
commit 79d5ca5617
parent d6ecb03610
1 changed files with 2 additions and 1 deletions
--- a/aio.c
+++ b/aio.c
@ -44,7 +44,8 @@ static AioHandler *find_aio_handler(int fd)

    LIST_FOREACH(node, &aio_handlers, node) {
        if (node->fd == fd)
-            return node;
+            if (!node->deleted)
+                return node;
    }

    return NULL;