ide: fix halted IO segfault at reset

If one attempts to perform a system_reset after a failed IO request that causes the VM to enter a paused state, QEMU will segfault trying to free up the pending IO requests. These requests have already been completed and freed, though, so all we need to do is NULL them before we enter the paused state. Existing AHCI tests verify that halted requests are still resumed successfully after a STOP event. Analyzed-by: N Laszlo Ersek <lersek@redhat.com> Reviewed-by: N Laszlo Ersek <lersek@redhat.com> Signed-off-by: N John Snow <jsnow@redhat.com> Message-id: 1469635201-11918-2-git-send-email-jsnow@redhat.com Signed-off-by: N John Snow <jsnow@redhat.com>

ide: fix halted IO segfault at reset
If one attempts to perform a system_reset after a failed IO request that causes the VM to enter a paused state, QEMU will segfault trying to free up the pending IO requests. These requests have already been completed and freed, though, so all we need to do is NULL them before we enter the paused state. Existing AHCI tests verify that halted requests are still resumed successfully after a STOP event. Analyzed-by: N Laszlo Ersek <lersek@redhat.com> Reviewed-by: N Laszlo Ersek <lersek@redhat.com> Signed-off-by: N John Snow <jsnow@redhat.com> Message-id: 1469635201-11918-2-git-send-email-jsnow@redhat.com Signed-off-by: N John Snow <jsnow@redhat.com>
87ac25fd · John Snow · 21a21b85 · 87ac25fd
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

hw/ide/core.c hw/ide/core.c +1 -0

未找到文件。
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -823,6 +823,7 @@ static void ide_dma_cb(void *opaque, int ret)
    }
    if (ret < 0) {
        if (ide_handle_rw_error(s, -ret, ide_dma_cmd_to_retry(s->dma_cmd))) {
+            s->bus->dma->aiocb = NULL;
            return;
        }
    }