From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1O9bKA-0006eF-2T
	for qemu-devel@nongnu.org; Wed, 05 May 2010 05:55:26 -0400
Received: from [140.186.70.92] (port=57574 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1O9bK8-0006dD-NQ
	for qemu-devel@nongnu.org; Wed, 05 May 2010 05:55:25 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <kwolf@redhat.com>) id 1O9bK6-0001mH-6a
	for qemu-devel@nongnu.org; Wed, 05 May 2010 05:55:24 -0400
Received: from mx1.redhat.com ([209.132.183.28]:46238)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <kwolf@redhat.com>) id 1O9bK5-0001lp-Tu
	for qemu-devel@nongnu.org; Wed, 05 May 2010 05:55:22 -0400
Received: from int-mx03.intmail.prod.int.phx2.redhat.com
	(int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.16])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o459tKq0014639
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <qemu-devel@nongnu.org>; Wed, 5 May 2010 05:55:21 -0400
From: Kevin Wolf <kwolf@redhat.com>
Date: Wed,  5 May 2010 11:54:56 +0200
Message-Id: <1273053296-14290-1-git-send-email-kwolf@redhat.com>
Subject: [Qemu-devel] [PATCH] ide: Fix ide_dma_cancel
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com

When cancelling a request, bdrv_aio_cancel may decide that it waits for
completion of a request rather than for cancellation. IDE therefore can't
abandon its DMA status before calling bdrv_aio_cancel; otherwise the callback
of a completed request would use invalid data.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 hw/ide/core.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 0757528..3cd55e3 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -2838,10 +2838,6 @@ static void ide_dma_restart(IDEState *s, int is_read)
 void ide_dma_cancel(BMDMAState *bm)
 {
     if (bm->status & BM_STATUS_DMAING) {
-        bm->status &= ~BM_STATUS_DMAING;
-        /* cancel DMA request */
-        bm->unit = -1;
-        bm->dma_cb = NULL;
         if (bm->aiocb) {
 #ifdef DEBUG_AIO
             printf("aio_cancel\n");
@@ -2849,6 +2845,10 @@ void ide_dma_cancel(BMDMAState *bm)
             bdrv_aio_cancel(bm->aiocb);
             bm->aiocb = NULL;
         }
+        bm->status &= ~BM_STATUS_DMAING;
+        /* cancel DMA request */
+        bm->unit = -1;
+        bm->dma_cb = NULL;
     }
 }
 
-- 
1.6.6.1