If the AIO thread is still calling io_getevents() while the exit path calls io_destroy(), it will segfault. Wait for the thread to finish before destroying the context. Reviewed-by: Andre Przywara <andre.przywara@xxxxxxx> Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@xxxxxxx> --- disk/aio.c | 5 +++-- include/kvm/disk-image.h | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/disk/aio.c b/disk/aio.c index 1fcf36857..277ddf7c9 100644 --- a/disk/aio.c +++ b/disk/aio.c @@ -99,7 +99,6 @@ static void *disk_aio_thread(void *param) int disk_aio_setup(struct disk_image *disk) { int r; - pthread_t thread; /* No need to setup AIO if the disk ops won't make use of it */ if (!disk->ops->async) @@ -110,7 +109,7 @@ int disk_aio_setup(struct disk_image *disk) return -errno; io_setup(AIO_MAX, &disk->ctx); - r = pthread_create(&thread, NULL, disk_aio_thread, disk); + r = pthread_create(&disk->thread, NULL, disk_aio_thread, disk); if (r) { r = -errno; close(disk->evt); @@ -126,6 +125,8 @@ void disk_aio_destroy(struct disk_image *disk) if (!disk->async) return; + pthread_cancel(disk->thread); + pthread_join(disk->thread, NULL); close(disk->evt); io_destroy(disk->ctx); } diff --git a/include/kvm/disk-image.h b/include/kvm/disk-image.h index adc9fe465..2275e2343 100644 --- a/include/kvm/disk-image.h +++ b/include/kvm/disk-image.h @@ -69,6 +69,7 @@ struct disk_image { #ifdef CONFIG_HAS_AIO io_context_t ctx; int evt; + pthread_t thread; #endif /* CONFIG_HAS_AIO */ const char *wwpn; const char *tpgt; -- 2.21.0