summaryrefslogtreecommitdiff
path: root/hw
diff options
context:
space:
mode:
authorFam Zheng <famz@redhat.com>2015-11-23 08:41:20 +0800
committerStefan Hajnoczi <stefanha@redhat.com>2015-11-24 09:27:49 +0800
commit466138dc689b6b14f31d5d20316affb4b4efd177 (patch)
tree3e174681776a6d36a270ddfc6fa004b055971c9c /hw
parentc9f6856ded10602147ca1d1806e7afb545430fd9 (diff)
downloadqemu-466138dc689b6b14f31d5d20316affb4b4efd177.tar.gz
qemu-466138dc689b6b14f31d5d20316affb4b4efd177.tar.bz2
qemu-466138dc689b6b14f31d5d20316affb4b4efd177.zip
virtio-blk: Move resetting of req->mr_next to virtio_blk_handle_rw_error
"werror=report" would free the req in virtio_blk_handle_rw_error, we mustn't write to it in that case. Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1448239280-15025-1-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'hw')
-rw-r--r--hw/block/virtio-blk.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 848f3fe3e1..756ae5ce63 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -72,6 +72,9 @@ static int virtio_blk_handle_rw_error(VirtIOBlockReq *req, int error,
VirtIOBlock *s = req->dev;
if (action == BLOCK_ERROR_ACTION_STOP) {
+ /* Break the link as the next request is going to be parsed from the
+ * ring again. Otherwise we may end up doing a double completion! */
+ req->mr_next = NULL;
req->next = s->rq;
s->rq = req;
} else if (action == BLOCK_ERROR_ACTION_REPORT) {
@@ -112,10 +115,6 @@ static void virtio_blk_rw_complete(void *opaque, int ret)
* happen on the other side of the migration).
*/
if (virtio_blk_handle_rw_error(req, -ret, is_read)) {
- /* Break the link in case the next request is added to the
- * restart queue and is going to be parsed from the ring again.
- */
- req->mr_next = NULL;
continue;
}
}