On Thu, Sep 1, 2011 at 3:31 PM, Kevin Wolf <kw...@redhat.com> wrote: > qemu may segfault when a BH handler first deletes a BH and then (possibly > indirectly) calls a nested qemu_bh_poll(). This is because the inner instance > frees the BH and deletes it from the list that the outer one processes. > > This patch deletes BHs only in the outermost qemu_bh_poll instance. > > Commit 7887f620 already tried to achieve the same, but it assumed that the BH > handler would only delete its own BH. With a nested qemu_bh_poll(), this isn't > guaranteed, so that commit wasn't enough. Hope this one fixes it for real. > > Signed-off-by: Kevin Wolf <kw...@redhat.com> > --- > async.c | 24 ++++++++++++++++-------- > 1 files changed, 16 insertions(+), 8 deletions(-)
Seems okay as a fix. Stefan
