ahci: clear aiocb in ncq_cb

Similar to existing fixes for IDE (87ac25fd) and ATAPI (7f951b2d), the AIOCB must be cleared in the callback. Otherwise, we may accidentally try to reset a dangling pointer in bdrv_aio_cancel() from a port reset. Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1474575040-32079-2-git-send-email-jsnow@redhat.com Signed-off-by: John Snow <jsnow@redhat.com> (cherry picked from commit df403bc58859c893ebd0accda07678e84d15dc5d) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
author: John Snow <jsnow@redhat.com> 2016-09-26 14:33:37 -0400
committer: Michael Roth <mdroth@linux.vnet.ibm.com> 2016-11-02 16:41:36 -0500
commit: 54c26b7340a6d76278a6c182afd6861626068b4a (patch)
tree: 34aff95b0589b561b3c5b5874385c5e3e5f7e861
parent: f5436d1daba9d5c50c9dc7240e9561e429c5aac4 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index f3438ad78a..63ead21047 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -948,6 +948,7 @@ static void ncq_cb(void *opaque, int ret)
     NCQTransferState *ncq_tfs = (NCQTransferState *)opaque;
     IDEState *ide_state = &ncq_tfs->drive->port.ifs[0];
 
+    ncq_tfs->aiocb = NULL;
     if (ret == -ECANCELED) {
         return;
     }
author	John Snow <jsnow@redhat.com>	2016-09-26 14:33:37 -0400
committer	Michael Roth <mdroth@linux.vnet.ibm.com>	2016-11-02 16:41:36 -0500
commit	54c26b7340a6d76278a6c182afd6861626068b4a (patch)
tree	34aff95b0589b561b3c5b5874385c5e3e5f7e861
parent	f5436d1daba9d5c50c9dc7240e9561e429c5aac4 (diff)