From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:46669)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jan.kiszka@web.de>) id 1QJ9NU-0006MN-GY
	for qemu-devel@nongnu.org; Sun, 08 May 2011 15:10:53 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jan.kiszka@web.de>) id 1QJ9NT-0006LX-Dr
	for qemu-devel@nongnu.org; Sun, 08 May 2011 15:10:52 -0400
Received: from fmmailgate02.web.de ([217.72.192.227]:36968)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jan.kiszka@web.de>) id 1QJ9NT-0006LK-6W
	for qemu-devel@nongnu.org; Sun, 08 May 2011 15:10:51 -0400
Message-ID: <4DC6EAB5.4040607@web.de>
Date: Sun, 08 May 2011 21:10:45 +0200
From: Jan Kiszka <jan.kiszka@web.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig629DA090BE62E2F74A8E725E"
Sender: jan.kiszka@web.de
Subject: [Qemu-devel] ahci: crash after duplicate bh registration
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alexander Graf <agraf@suse.de>
Cc: qemu-devel <qemu-devel@nongnu.org>

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig629DA090BE62E2F74A8E725E
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Hi Alex,

I've seen crashes caused by ahci_check_cmd_bh unregistering a NULL bh.
It looks like ahci_dma_set_inactive can a called while there is already
a bh hanging around. Patch below cures the issue, but I have no clue if
such an invocation order is valid at all.

Jan

---

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index e2ed2ad..7870030 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -1066,9 +1066,11 @@ static int ahci_dma_set_inactive(IDEDMA *dma)
=20
     ad->dma_cb =3D NULL;
=20
-    /* maybe we still have something to process, check later */
-    ad->check_bh =3D qemu_bh_new(ahci_check_cmd_bh, ad);
-    qemu_bh_schedule(ad->check_bh);
+    if (!ad->check_bh) {
+        /* maybe we still have something to process, check later */
+        ad->check_bh =3D qemu_bh_new(ahci_check_cmd_bh, ad);
+        qemu_bh_schedule(ad->check_bh);
+    }
=20
     return 0;
 }


--------------enig629DA090BE62E2F74A8E725E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk3G6rgACgkQitSsb3rl5xTXbgCgpLqcc3ZlFQLvsQoQTg4Ufjki
LrwAoIKIBu0ngB4EWe1KNQ4XSZYgi3hY
=ryWu
-----END PGP SIGNATURE-----

--------------enig629DA090BE62E2F74A8E725E--