From 4fbb16d71e7e9a893c665926642122b165c63425 Mon Sep 17 00:00:00 2001

From: John Snow <jsnow@redhat.com>

Date: Wed, 26 Apr 2017 23:49:07 +0200

Subject: [PATCH] ide: fix halted IO segfault at reset

RH-Author: John Snow <jsnow@redhat.com>

Message-id: <20170426234907.21151-2-jsnow@redhat.com>

Patchwork-id: 74905

O-Subject: [RHEL-7.4 qemu-kvm PATCH v2 1/1] ide: fix halted IO segfault at reset

Bugzilla: 1299875

RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>

RH-Acked-by: Laszlo Ersek <lersek@redhat.com>

RH-Acked-by: Markus Armbruster <armbru@redhat.com>

If one attempts to perform a system_reset after a failed IO request

that causes the VM to enter a paused state, QEMU will segfault trying

to free up the pending IO requests.

These requests have already been completed and freed, though, so all

we need to do is NULL them before we enter the paused state.

Existing AHCI tests verify that halted requests are still resumed

successfully after a STOP event.

Analyzed-by: Laszlo Ersek <lersek@redhat.com>

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Signed-off-by: John Snow <jsnow@redhat.com>

Message-id: 1469635201-11918-2-git-send-email-jsnow@redhat.com

Signed-off-by: John Snow <jsnow@redhat.com>

(cherry picked from commit 87ac25fd1fed05a30a93d27dbeb2a4c4b83ec95f)

Signed-off-by: John Snow <jsnow@redhat.com>

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>

Conflicts:

  hw/ide/core.c: Context and formatting of handle_rw_error

---

 hw/ide/core.c | 1 +

 1 file changed, 1 insertion(+)

diff --git a/hw/ide/core.c b/hw/ide/core.c

index 5d40093..5c33735 100644

--- a/hw/ide/core.c

+++ b/hw/ide/core.c

@@ -658,6 +658,7 @@ void ide_dma_cb(void *opaque, int ret)

             op |= BM_STATUS_RETRY_TRIM;

         if (ide_handle_rw_error(s, -ret, op)) {

+            s->bus->dma->aiocb = NULL;

             return;

         }

     }

-- 

1.8.3.1