On 06/28/2016 02:39 AM, Paolo Bonzini wrote:
> When doing a read-modify-write cycle, QEMU uses the iovec after returning
> from blk_aio_pwritev.  m25p80 puts the iovec on the stack of blk_aio_pwritev's
> caller, which causes trouble in this case.  This has been a problem
> since commit 243e6f6 ("m25p80: Switch to byte-based block access",
> 2016-05-12) started doing writes at a smaller granularity than 512 bytes.
> In principle however it could have broken before when using -drive
> if=mtd,cache=none on a disk with 4K native sectors.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  hw/block/m25p80.c | 23 ++++++++++++++---------
>  1 file changed, 14 insertions(+), 9 deletions(-)
> 

Reviewed-by: Eric Blake <eblake@redhat.com>

and thanks for tracking this one down

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org