diff mbox

[regression] qemu-system-arm: segfault in lsi_do_command

Message ID 4DD15040.7030809@redhat.com
State New
Headers show

Commit Message

Paolo Bonzini May 16, 2011, 4:26 p.m. UTC 
On 05/16/2011 05:58 PM, Kevin Wolf wrote:
> Thanks. Still doesn't make much sense to me, the patch shouldn't change
> anything with respect to a malloc, but I can reproduce a segfault now. I
> think I'll have a closer look tomorrow.

This fixes it on top of my SCSI refactoring series.  Should I send v3
with this one squashed in appropriately?  Or should this be sent later?

Paolo

Comments

Kevin Wolf May 17, 2011, 7:43 a.m. UTC | #1 
Am 16.05.2011 18:26, schrieb Paolo Bonzini:
> On 05/16/2011 05:58 PM, Kevin Wolf wrote:
>> Thanks. Still doesn't make much sense to me, the patch shouldn't change
>> anything with respect to a malloc, but I can reproduce a segfault now. I
>> think I'll have a closer look tomorrow.
> 
> This fixes it on top of my SCSI refactoring series.  Should I send v3
> with this one squashed in appropriately?  Or should this be sent later?

I think I would just include it in your series (and while you're at it,
I think you could include Jonathan's cleanup as well).

Kevin
diff mbox

Patch

diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 2f0ffda..57cfc87 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -167,11 +167,17 @@  int scsi_req_get_sense(SCSIRequest *req, uint8_t *buf, int len)
 
 int32_t scsi_req_enqueue(SCSIRequest *req, uint8_t *buf)
 {
+    int32_t rc;
     assert(!req->enqueued);
     scsi_req_ref(req);
     req->enqueued = true;
     QTAILQ_INSERT_TAIL(&req->dev->requests, req, next);
-    return req->dev->info->send_command(req, buf);
+
+    /* Make sure the request doesn't disappear under send_command's feet.  */
+    scsi_req_ref(req);
+    rc = req->dev->info->send_command(req, buf);
+    scsi_req_unref(req);
+    return rc;
 }
 
 static void scsi_req_dequeue(SCSIRequest *req)