From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36288) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a9ppJ-0004nM-Nk for qemu-devel@nongnu.org; Fri, 18 Dec 2015 02:51:46 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a9ppG-0008Qv-HK for qemu-devel@nongnu.org; Fri, 18 Dec 2015 02:51:45 -0500 Received: from mx1.redhat.com ([209.132.183.28]:53507) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a9ppG-0008Qr-CU for qemu-devel@nongnu.org; Fri, 18 Dec 2015 02:51:42 -0500 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (Postfix) with ESMTPS id CEF5431D8A2 for ; Fri, 18 Dec 2015 07:51:41 +0000 (UTC) Date: Fri, 18 Dec 2015 15:51:37 +0800 From: Fam Zheng Message-ID: <20151218075137.GF25529@ad.usersys.redhat.com> References: <1450374401-31352-1-git-send-email-pbonzini@redhat.com> <1450374401-31352-44-git-send-email-pbonzini@redhat.com> <20151218005716.GD25529@ad.usersys.redhat.com> <5673A227.4@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5673A227.4@redhat.com> Subject: Re: [Qemu-devel] [PULL 43/45] scsi: always call notifier on async cancellation List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paolo Bonzini Cc: qemu-devel@nongnu.org On Fri, 12/18 07:05, Paolo Bonzini wrote: > > > On 18/12/2015 01:57, Fam Zheng wrote: > > Oh hang on, in scsi_req_dequeue, if req->enqueued is already false, the > > matching scsi_req_unref is never called. > > The matching unref for scsi_req_cancel_async's ref is in > scsi_req_cancel_complete. You're right that there is a leak if > we get to the second cancellation with req->aiocb, and we should > never get there with !req->aiocb. So the patch is wrong, but > we should add some documentation instead of plainly reverting it: > > diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c > index 00bddc9..378bf4d 100644 > --- a/hw/scsi/scsi-bus.c > +++ b/hw/scsi/scsi-bus.c > @@ -1759,6 +1759,17 @@ void scsi_req_cancel_async(SCSIRequest *req, Notifier *notifier) > if (notifier) { > notifier_list_add(&req->cancel_notifiers, notifier); > } > + if (req->io_canceled) { > + /* Canceling a second time after scsi_req_cancel_complete > + * is a programming error, hence a blk_aio_cancel_async is > + * pending; when it finishes, scsi_req_cancel_complete > + * will be called and will call the notifier we just > + * added. Just wait for that. > + */ > + assert(req->aiocb); > + return; > + } > + /* Dropped in scsi_req_cancel_complete. */ > scsi_req_ref(req); > scsi_req_dequeue(req); > req->io_canceled = true; > @@ -1775,6 +1784,8 @@ void scsi_req_cancel(SCSIRequest *req) > if (!req->enqueued) { > return; > } > + assert(!req->io_canceled); > + /* Dropped in scsi_req_cancel_complete. */ > scsi_req_ref(req); > scsi_req_dequeue(req); > req->io_canceled = true; > > Does this look sane? > Yes, it looks correct to me. Fam