From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58423) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bphkS-0003Yq-TD for qemu-devel@nongnu.org; Thu, 29 Sep 2016 16:16:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bphkP-0004od-7x for qemu-devel@nongnu.org; Thu, 29 Sep 2016 16:16:03 -0400 Received: from mx1.redhat.com ([209.132.183.28]:47886) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bphkP-0004oH-27 for qemu-devel@nongnu.org; Thu, 29 Sep 2016 16:16:01 -0400 From: John Snow Date: Thu, 29 Sep 2016 16:15:54 -0400 Message-Id: <1475180156-5572-3-git-send-email-jsnow@redhat.com> In-Reply-To: <1475180156-5572-1-git-send-email-jsnow@redhat.com> References: <1475180156-5572-1-git-send-email-jsnow@redhat.com> Subject: [Qemu-devel] [PULL 2/4] ahci: clear aiocb in ncq_cb List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, jsnow@redhat.com Similar to existing fixes for IDE (87ac25fd) and ATAPI (7f951b2d), the AIOCB must be cleared in the callback. Otherwise, we may accidentally try to reset a dangling pointer in bdrv_aio_cancel() from a port reset. Signed-off-by: John Snow Reviewed-by: Stefan Hajnoczi Message-id: 1474575040-32079-2-git-send-email-jsnow@redhat.com Signed-off-by: John Snow --- hw/ide/ahci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index f3438ad..63ead21 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -948,6 +948,7 @@ static void ncq_cb(void *opaque, int ret) NCQTransferState *ncq_tfs = (NCQTransferState *)opaque; IDEState *ide_state = &ncq_tfs->drive->port.ifs[0]; + ncq_tfs->aiocb = NULL; if (ret == -ECANCELED) { return; } -- 2.7.4