From 3daa41078aedf227ec98b0d1c9d56b77b6d20153 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 18 Dec 2015 09:54:53 +0100 Subject: scsi: revert change to scsi_req_cancel_async and add assertions Fam Zheng noticed that the change in commit 36896bf ("scsi: always call notifier on async cancellation", 2015-12-16) could cause a leak of the request; scsi_req_cancel_async now calls scsi_req_ref multiple times for multiple cancellations, but there is only one call to scsi_req_cancel_complete. So revert the patch and instead assert that the problematic case (a call to scsi_req_cancel_async after the aiocb has been completed) cannot happen. Signed-off-by: Paolo Bonzini --- hw/scsi/scsi-bus.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c index 00bddc9270..378bf4dfd1 100644 --- a/hw/scsi/scsi-bus.c +++ b/hw/scsi/scsi-bus.c @@ -1759,6 +1759,15 @@ void scsi_req_cancel_async(SCSIRequest *req, Notifier *notifier) if (notifier) { notifier_list_add(&req->cancel_notifiers, notifier); } + if (req->io_canceled) { + /* A blk_aio_cancel_async is pending; when it finishes, + * scsi_req_cancel_complete will be called and will + * call the notifier we just added. Just wait for that. + */ + assert(req->aiocb); + return; + } + /* Dropped in scsi_req_cancel_complete. */ scsi_req_ref(req); scsi_req_dequeue(req); req->io_canceled = true; @@ -1775,6 +1784,8 @@ void scsi_req_cancel(SCSIRequest *req) if (!req->enqueued) { return; } + assert(!req->io_canceled); + /* Dropped in scsi_req_cancel_complete. */ scsi_req_ref(req); scsi_req_dequeue(req); req->io_canceled = true; -- cgit v1.2.3