On Tue, 04/18 14:36, Paolo Bonzini wrote:
>
>
> On 18/04/2017 12:39, Fam Zheng wrote:
> > + QLIST_FOREACH_SAFE(child, &bs->children, next, tmp) {
> > + BlockDriverState *bs = child->bs;
> > + assert(bs->refcnt > 0);
> > + bdrv_ref(bs);
> > + waited |= bdrv_drain_recurse(bs);
> > + bdrv_unref(bs);
> > }
>
> I think this accesses global state that is not protected by the
> AioContext lock?
Good catch! If called from IOThread, this bdrv_unref is simply wrong, although
in practice it cannot delete bs because of the reference held by the owning
device.
It may be better to wrap the bdrv_ref/bdrv_unref calls with
if (qemu_get_current_aio_context() == qemu_get_aio_context())
because only the main loop needs it.
Will make this hunk a separate patch in v4.
Fam
