I do not have a test case to reproduce this issue. It is seen rarely. The fix
looks good to me, will confirm if I am able to reproduce the error scenario.
Regards
Shaju
On 8/14/19, 4:21 AM, "John Snow" wrote:
On 7/7/19 10:55 PM, shaju.abra...@nutanix.com wrote:
> From: Shaju Abraham
>
> During the IDE DMA transfer for a ISCSI target,when libiscsi encounters
> a SENSE KEY error, it sets the task->sense to the value "COMMAND
ABORTED".
> The function iscsi_translate_sense() later translaters this error to
-ECANCELED
> and this value is passed to the callback function. In the case of IDE
DMA read
> or write, the callback function returns immediately if the value of the
ret
> argument is -ECANCELED.
> Later when ide_cancel_dma_sync() function is invoked the assertion
> "s->bus->dma->aiocb == ((void *)0)" fails and the qemu process gets
terminated.
> Fix the issue by making the value of s->bus->dma->aiocb = NULL when
> -ECANCELED is passed to the callback.
>
> Signed-off-by: Shaju Abraham
> ---
> hw/ide/core.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/hw/ide/core.c b/hw/ide/core.c
> index 6afadf8..78ea357 100644
> --- a/hw/ide/core.c
> +++ b/hw/ide/core.c
> @@ -841,6 +841,7 @@ static void ide_dma_cb(void *opaque, int ret)
> bool stay_active = false;
>
> if (ret == -ECANCELED) {
> +s->bus->dma->aiocb = NULL;
> return;
> }
>
>
Hopefully just as adequately addressed by the patches in
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_jnsnow_qemu_commits_ide=DwICaQ=s883GpUCOChKOHiocYtGcg=sY-XeNqcuy_ruBQ9T7A2LmG6ktyYXXSxRB1ljkxMepI=lmNnHLnsZKEaZkunWBMldNPiL87un4Q2Brtsa0zCKiQ=KGmAtez5AckTpNugzMzxMObkZKQ3A5vIIiukShVYUXM=
but if you wanted to give it a test and confirm for me, I wouldn't be
upset by that.
--js
