ahci: clear aiocb in ncq_cb

Similar to existing fixes for IDE (87ac25fd) and ATAPI (7f951b2d), the AIOCB must be cleared in the callback. Otherwise, we may accidentally try to reset a dangling pointer in bdrv_aio_cancel() from a port reset. Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1474575040-32079-2-git-send-email-jsnow@redhat.com Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
author: John Snow <jsnow@redhat.com> 2016-09-26 14:33:37 -0400
committer: Michael Roth <mdroth@linux.vnet.ibm.com> 2016-09-28 11:54:06 -0500
commit: 9ea7a46e2674edc84f056fc66c6f642d88b0c9ee (patch)
tree: 1c8ec211323a9021017a1f3a4b051e0989aecd56 /hw
parent: 1c57ced0c47f2df8fc06b2f697a399074d715f94 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index a1e651635a..b49fc5cfff 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -948,6 +948,7 @@ static void ncq_cb(void *opaque, int ret)
     NCQTransferState *ncq_tfs = (NCQTransferState *)opaque;
     IDEState *ide_state = &ncq_tfs->drive->port.ifs[0];
 
+    ncq_tfs->aiocb = NULL;
     if (ret == -ECANCELED) {
         return;
     }
author	John Snow <jsnow@redhat.com>	2016-09-26 14:33:37 -0400
committer	Michael Roth <mdroth@linux.vnet.ibm.com>	2016-09-28 11:54:06 -0500
commit	9ea7a46e2674edc84f056fc66c6f642d88b0c9ee (patch)
tree	1c8ec211323a9021017a1f3a4b051e0989aecd56 /hw
parent	1c57ced0c47f2df8fc06b2f697a399074d715f94 (diff)