From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:53730) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Rvpqv-0002m1-DW for qemu-devel@nongnu.org; Fri, 10 Feb 2012 07:45:30 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Rvpqo-0006mm-0N for qemu-devel@nongnu.org; Fri, 10 Feb 2012 07:45:25 -0500 Received: from mx1.redhat.com ([209.132.183.28]:9208) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Rvpqn-0006m8-OP for qemu-devel@nongnu.org; Fri, 10 Feb 2012 07:45:17 -0500 From: Kevin Wolf Date: Fri, 10 Feb 2012 13:47:42 +0100 Message-Id: <1328878064-4907-14-git-send-email-kwolf@redhat.com> In-Reply-To: <1328878064-4907-1-git-send-email-kwolf@redhat.com> References: <1328878064-4907-1-git-send-email-kwolf@redhat.com> Subject: [Qemu-devel] [PATCH 13/15] AHCI: Fix port reset race List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: anthony@codemonkey.ws Cc: kwolf@redhat.com, qemu-devel@nongnu.org From: Alexander Graf bdrv_aio_cancel() can trigger bdrv_aio_flush() which makes all aio that is currently in flight finish. So what we do is: port reset detect ncq in flight cancel ncq delete ncq sg list at which point we have double freed the sg list. Instead, with this patch we do: port reset detect ncq in flight cancel ncq check if we are really still in flight delete ncq sg list which makes things work and gets rid of the race. Signed-off-by: Alexander Graf Signed-off-by: Kevin Wolf --- hw/ide/ahci.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index c87a6ca..caff7bc 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -560,6 +560,11 @@ static void ahci_reset_port(AHCIState *s, int port) ncq_tfs->aiocb = NULL; } + /* Maybe we just finished the request thanks to bdrv_aio_cancel() */ + if (!ncq_tfs->used) { + continue; + } + qemu_sglist_destroy(&ncq_tfs->sglist); ncq_tfs->used = 0; } -- 1.7.6.5