diff options
author | Alexander Graf <agraf@suse.de> | 2012-01-30 23:29:47 +0100 |
---|---|---|
committer | Kevin Wolf <kwolf@redhat.com> | 2012-02-09 16:17:51 +0100 |
commit | c9b308d20b642c106048f088ccc31f2aa7cf59ba (patch) | |
tree | 16185fd57de00dd04d669d0e2c4bdb2db3e4409d /hw | |
parent | ea8f978ffef325ab2fd0edcf5f24b6dcec6078f3 (diff) | |
download | qemu-c9b308d20b642c106048f088ccc31f2aa7cf59ba.zip qemu-c9b308d20b642c106048f088ccc31f2aa7cf59ba.tar.gz qemu-c9b308d20b642c106048f088ccc31f2aa7cf59ba.tar.bz2 |
AHCI: Fix port reset race
bdrv_aio_cancel() can trigger bdrv_aio_flush() which makes all aio
that is currently in flight finish. So what we do is:
port reset
detect ncq in flight
cancel ncq
delete ncq sg list
at which point we have double freed the sg list. Instead, with this
patch we do:
port reset
detect ncq in flight
cancel ncq
check if we are really still in flight
delete ncq sg list
which makes things work and gets rid of the race.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'hw')
-rw-r--r-- | hw/ide/ahci.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index c87a6ca..caff7bc 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -560,6 +560,11 @@ static void ahci_reset_port(AHCIState *s, int port) ncq_tfs->aiocb = NULL; } + /* Maybe we just finished the request thanks to bdrv_aio_cancel() */ + if (!ncq_tfs->used) { + continue; + } + qemu_sglist_destroy(&ncq_tfs->sglist); ncq_tfs->used = 0; } |