libxl: fix reentrancy hazard in fd event processing

In afterpoll_internal, the callback functions may register and
deregister events arbitrarily.  This means that we need to consider
the reentrancy-safety of the event machinery state variables.

Most of the code is safe but the fd handling is not.  Fix this by
arranging to restart the fd scan loop every time we call one of these
callback functions.

For this loop to terminate, we modify afterpoll_check_fd so that it
returns only once for each of afterpoll's efds.

Another possible solution would be simply to return from
afterpoll_internal after calling efd->func.  That would be a small and
more obviously correct change but would prevent the process from
handling more than one fd event with a single call to poll.

This is apropos of a report from Roger Pau Monne to me (pers.comm.)
of this crash on NetBSD:

  Program terminated with signal 11, Segmentation fault.
  #0  0x00007f7ff743131b in afterpoll_check_fd (poller=<optimized out>, fds=0x7f7ff7b241c0, nfds=7, fd=-1, events=1)
      at libxl_event.c:856
  856             if (fds[slot].fd != fd)

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Reported-by: Roger Pau Monne <roger.pau@citrix.com>
Tested-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>

1 files changed, 1 insertions, 1 deletions

diff --git a/tools/libxl/libxl_internal.h b/tools/libxl/libxl_internal.h
index cfb35ab4a9..691b4f6705 100644
--- a/tools/libxl/libxl_internal.h
+++ b/tools/libxl/libxl_internal.h
@@ -276,7 +276,7 @@ struct libxl__poller {
     int fd_polls_allocd;
 
     int fd_rindices_allocd;
-    int (*fd_rindices)[3]; /* see libxl_osevent_beforepoll */
+    int (*fd_rindices)[3]; /* see libxl_event.c:beforepoll_internal */
 
     int wakeup_pipe[2]; /* 0 means no fd allocated */
 };