From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org
Subject: [Qemu-devel] [PATCH 5/6] scsi-disk: do not complete canceled UNMAP requests
Date: Tue, 5 Mar 2013 18:05:24 +0100 [thread overview]
Message-ID: <1362503125-27057-6-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1362503125-27057-1-git-send-email-pbonzini@redhat.com>
Canceled requests should never be completed, and doing that could cause
accesses to a NULL hba_private field.
Cc: qemu-stable@nongnu.org
Reported-by: Stefan Priebe <s.priebe@profihost.ag>
Tested-by: Stefan Priebe <s.priebe@profihost.ag>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/scsi-disk.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
index d411586..6c0ddff 100644
--- a/hw/scsi-disk.c
+++ b/hw/scsi-disk.c
@@ -1478,13 +1478,17 @@ static void scsi_unmap_complete(void *opaque, int ret)
uint32_t nb_sectors;
r->req.aiocb = NULL;
+ if (r->req.io_canceled) {
+ goto done;
+ }
+
if (ret < 0) {
if (scsi_handle_rw_error(r, -ret)) {
goto done;
}
}
- if (data->count > 0 && !r->req.io_canceled) {
+ if (data->count > 0) {
sector_num = ldq_be_p(&data->inbuf[0]);
nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
if (!check_lba_range(s, sector_num, nb_sectors)) {
@@ -1501,10 +1505,9 @@ static void scsi_unmap_complete(void *opaque, int ret)
return;
}
+ scsi_req_complete(&r->req, GOOD);
+
done:
- if (data->count == 0) {
- scsi_req_complete(&r->req, GOOD);
- }
if (!r->req.io_canceled) {
scsi_req_unref(&r->req);
}
--
1.8.1.2
next prev parent reply other threads:[~2013-03-05 17:05 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-05 17:05 [Qemu-devel] [PULL 0/6] SCSI patches for 2013-03-05 Paolo Bonzini
2013-03-05 17:05 ` [Qemu-devel] [PATCH 1/6] iscsi: retry read, write, flush and unmap on unit attention check conditions Paolo Bonzini
2013-03-05 17:05 ` [Qemu-devel] [PATCH 2/6] iscsi: add iscsi_truncate support Paolo Bonzini
2013-03-05 17:05 ` [Qemu-devel] [PATCH 3/6] iscsi: look for pkg-config file too Paolo Bonzini
2013-03-05 17:05 ` [Qemu-devel] [PATCH 4/6] scsi: do not call scsi_read_data/scsi_write_data for a canceled request Paolo Bonzini
2013-03-05 17:05 ` Paolo Bonzini [this message]
2013-03-05 17:05 ` [Qemu-devel] [PATCH 6/6] scsi-disk: handle io_canceled uniformly and correctly Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1362503125-27057-6-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).