On Thu, 08/21 17:52, Stefan Hajnoczi wrote: > On Thu, Aug 21, 2014 at 07:56:53PM +0800, Fam Zheng wrote: > > @@ -446,12 +439,25 @@ static void error_callback_bh(void *opaque) > > qemu_aio_release(acb); > > } > > > > +static void blkdebug_aio_cancel_async(BlockDriverAIOCB *blockacb) > > +{ > > + BlkdebugAIOCB *acb = container_of(blockacb, BlkdebugAIOCB, common); > > + blockacb->cb(blockacb->opaque, -ECANCELED); > > + qemu_aio_release(acb); > > +} > > + > > static void blkdebug_aio_cancel(BlockDriverAIOCB *blockacb) > > { > > BlkdebugAIOCB *acb = container_of(blockacb, BlkdebugAIOCB, common); > > qemu_aio_release(acb); > > } > > Both blkdebug_aio_cancel() and blkdebug_aio_cancel_async() look > incorrect. It is not safe to release acb because the > error_callback_bh() BH may still be scheduled. > > I guess we don't hit this problem because the error injection happens > within the same event loop iteration. In practice no one ever calls > blkdebug_aio_cancel()? >
I'll drop this patch and send a separate fix for blkdebug_aio_cancel. Fam