Check reply-handle == request-handle in the same place, where
recv coroutine number is calculated from reply->handle and it's
correctness checked - in nbd_read_reply_entry.
Also finish nbd_read_reply_entry in case of reply-handle !=
request-handle in the same way as in case of incorrect reply-handle.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com>
---
block/nbd-client.h | 1 +
block/nbd-client.c | 8 ++++++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/block/nbd-client.h b/block/nbd-client.h
index b435754b82..b1900e6a6d 100644
--- a/block/nbd-client.h
+++ b/block/nbd-client.h
@@ -20,6 +20,7 @@
typedef struct {
Coroutine *coroutine;
bool receiving; /* waiting for read_reply_co? */
+ NBDRequest *request;
} NBDClientRequest;
typedef struct NBDClientSession {
diff --git a/block/nbd-client.c b/block/nbd-client.c
index acd8e5d007..5f241ecc22 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -92,7 +92,9 @@ static coroutine_fn void nbd_read_reply_entry(void *opaque)
i = HANDLE_TO_INDEX(s, s->reply.handle);
if (i >= MAX_NBD_REQUESTS ||
!s->requests[i].coroutine ||
- !s->requests[i].receiving) {
+ !s->requests[i].receiving ||
+ s->reply.handle != s->requests[i].request->handle)
+ {
break;
}
@@ -142,6 +144,7 @@ static int nbd_co_send_request(BlockDriverState *bs,
s->requests[i].receiving = false;
request->handle = INDEX_TO_HANDLE(s, i);
+ s->requests[i].request = request;
if (s->quit) {
rc = -EIO;
@@ -189,9 +192,10 @@ static int nbd_co_receive_reply(NBDClientSession *s,
s->requests[i].receiving = true;
qemu_coroutine_yield();
s->requests[i].receiving = false;
- if (s->reply.handle != request->handle || !s->ioc || s->quit) {
+ if (!s->ioc || s->quit) {
ret = -EIO;
} else {
+ assert(s->reply.handle == request->handle);
ret = -s->reply.error;
if (qiov && s->reply.error == 0) {
assert(request->len == iov_size(qiov->iov, qiov->niov));
--
2.11.1
