From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46787)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1Xbe1K-0006sW-Jr
	for qemu-devel@nongnu.org; Tue, 07 Oct 2014 19:18:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1Xbe1B-0007SZ-It
	for qemu-devel@nongnu.org; Tue, 07 Oct 2014 19:18:18 -0400
Received: from mail-qc0-x22a.google.com ([2607:f8b0:400d:c01::22a]:53002)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1Xbe1B-0007Rk-E6
	for qemu-devel@nongnu.org; Tue, 07 Oct 2014 19:18:09 -0400
Received: by mail-qc0-f170.google.com with SMTP id m20so6785688qcx.15
	for <qemu-devel@nongnu.org>; Tue, 07 Oct 2014 16:18:08 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <543474AC.2050502@redhat.com>
Date: Wed, 08 Oct 2014 01:18:04 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <20141007223616.4736.27907.malonedeb@wampee.canonical.com>
	<20141007223616.4736.27907.malonedeb@wampee.canonical.com>
In-Reply-To: <20141007223616.4736.27907.malonedeb@wampee.canonical.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [Bug 1378554] [NEW] qemu segfault in
 virtio_scsi_handle_cmd_req_submit on ARM 32 bit
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Richard W.M. Jones" <rjones@redhat.com>, qemu-devel@nongnu.org

Does this work:

diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index 203e624..c6d4f2e 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -545,11 +545,12 @@ bool virtio_scsi_handle_cmd_req_prepare(VirtIOSCSI *s, VirtIOSCSIReq *req)
 
 void virtio_scsi_handle_cmd_req_submit(VirtIOSCSI *s, VirtIOSCSIReq *req)
 {
-    if (scsi_req_enqueue(req->sreq)) {
-        scsi_req_continue(req->sreq);
+    SCSIRequest *sreq = req->sreq;
+    bdrv_io_unplug(sreq->dev->conf.bs);
+    if (scsi_req_enqueue(sreq)) {
+        scsi_req_continue(sreq);
     }
-    bdrv_io_unplug(req->sreq->dev->conf.bs);
-    scsi_req_unref(req->sreq);
+    scsi_req_unref(sreq);
 }
 
 static void virtio_scsi_handle_cmd(VirtIODevice *vdev, VirtQueue *vq)

?

Paolo