ahci: clear aiocb in ncq_cb

jnsnow · mdroth · commit 9ea7a46e2674 · 2016-09-28T11:54:06.000-05:00
Similar to existing fixes for IDE (87ac25f) and ATAPI (7f951b2), the AIOCB must be cleared in the callback. Otherwise, we may accidentally try to reset a dangling pointer in bdrv_aio_cancel() from a port reset. Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1474575040-32079-2-git-send-email-jsnow@redhat.com Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
@@ -948,6 +948,7 @@ static void ncq_cb(void *opaque, int ret)
     NCQTransferState *ncq_tfs = (NCQTransferState *)opaque;
     IDEState *ide_state = &ncq_tfs->drive->port.ifs[0];
 
+    ncq_tfs->aiocb = NULL;
     if (ret == -ECANCELED) {
         return;
     }

Original file line number	Diff line number	Diff line change
`@@ -948,6 +948,7 @@ static void ncq_cb(void *opaque, int ret)`
`948`	`948`	`NCQTransferState ncq_tfs = (NCQTransferState )opaque;`
`949`	`949`	`IDEState *ide_state = &ncq_tfs->drive->port.ifs[0];`
`950`	`950`
	`951`	`+ ncq_tfs->aiocb = NULL;`
`951`	`952`	`if (ret == -ECANCELED) {`
`952`	`953`	`return;`
`953`	`954`	`}`