aboutsummaryrefslogtreecommitdiff
path: root/hw/scsi
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2015-12-18 09:54:53 +0100
committerPaolo Bonzini <pbonzini@redhat.com>2016-01-15 18:57:32 +0100
commit3daa41078aedf227ec98b0d1c9d56b77b6d20153 (patch)
tree274c184376395b9234f8d15adfa0115d2a97639e /hw/scsi
parent5a57acb66f19ee52723aa05b8afbbc41c3e9ec99 (diff)
downloadqemu-3daa41078aedf227ec98b0d1c9d56b77b6d20153.zip
qemu-3daa41078aedf227ec98b0d1c9d56b77b6d20153.tar.gz
qemu-3daa41078aedf227ec98b0d1c9d56b77b6d20153.tar.bz2
scsi: revert change to scsi_req_cancel_async and add assertions
Fam Zheng noticed that the change in commit 36896bf ("scsi: always call notifier on async cancellation", 2015-12-16) could cause a leak of the request; scsi_req_cancel_async now calls scsi_req_ref multiple times for multiple cancellations, but there is only one call to scsi_req_cancel_complete. So revert the patch and instead assert that the problematic case (a call to scsi_req_cancel_async after the aiocb has been completed) cannot happen. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/scsi')
-rw-r--r--hw/scsi/scsi-bus.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
index 00bddc9..378bf4d 100644
--- a/hw/scsi/scsi-bus.c
+++ b/hw/scsi/scsi-bus.c
@@ -1759,6 +1759,15 @@ void scsi_req_cancel_async(SCSIRequest *req, Notifier *notifier)
if (notifier) {
notifier_list_add(&req->cancel_notifiers, notifier);
}
+ if (req->io_canceled) {
+ /* A blk_aio_cancel_async is pending; when it finishes,
+ * scsi_req_cancel_complete will be called and will
+ * call the notifier we just added. Just wait for that.
+ */
+ assert(req->aiocb);
+ return;
+ }
+ /* Dropped in scsi_req_cancel_complete. */
scsi_req_ref(req);
scsi_req_dequeue(req);
req->io_canceled = true;
@@ -1775,6 +1784,8 @@ void scsi_req_cancel(SCSIRequest *req)
if (!req->enqueued) {
return;
}
+ assert(!req->io_canceled);
+ /* Dropped in scsi_req_cancel_complete. */
scsi_req_ref(req);
scsi_req_dequeue(req);
req->io_canceled = true;