On Thu, 12/17 18:46, Paolo Bonzini wrote:
> This was found by code inspection. If the request is cancelled twice,
> the notifier is never called on the second cancellation request,
> and hence for example a TMF might never finish.
>
> All the calls in scsi_req_cancel_async are idempotent, so the change
> is safe.
>
> Reviewed-by: Fam Zheng <f...@redhat.com>
> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
> Message-Id: <1450290827-30508-2-git-send-email-pbonz...@redhat.com>
> ---
> hw/scsi/scsi-bus.c | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
> index a600074..00bddc9 100644
> --- a/hw/scsi/scsi-bus.c
> +++ b/hw/scsi/scsi-bus.c
> @@ -1759,9 +1759,6 @@ void scsi_req_cancel_async(SCSIRequest *req, Notifier
> *notifier)
> if (notifier) {
> notifier_list_add(&req->cancel_notifiers, notifier);
> }
> - if (req->io_canceled) {
> - return;
> - }
> scsi_req_ref(req);
> scsi_req_dequeue(req);
> req->io_canceled = true;
> --
> 2.5.0
>
>
>
Oh hang on, in scsi_req_dequeue, if req->enqueued is already false, the
matching scsi_req_unref is never called. Won't it be leaked?
Fam
