]> git.proxmox.com Git - mirror_qemu.git/commit
projects / mirror_qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8ab8140) | patch
scsi: protect req->aiocb with AioContext lock
authorStefan Hajnoczi <stefanha@redhat.com>
Tue, 21 Feb 2023 21:22:16 +0000 (16:22 -0500)
committerKevin Wolf <kwolf@redhat.com>
Thu, 23 Feb 2023 18:49:35 +0000 (19:49 +0100)
commit7b7fc3d0102dafe8eb44802493036a526e921a71
tree1e8919c4735b7e602accbaac7e6cfa5400f504aatree
parent8ab8140a04cf771d63e9754d6ba6c1e676bfe507commit | diff
scsi: protect req->aiocb with AioContext lock

If requests are being processed in the IOThread when a SCSIDevice is
unplugged, scsi_device_purge_requests() -> scsi_req_cancel_async() races
with I/O completion callbacks. Both threads load and store req->aiocb.
This can lead to assert(r->req.aiocb == NULL) failures and undefined
behavior.

Protect r->req.aiocb with the AioContext lock to prevent the race.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230221212218.1378734-2-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
hw/scsi/scsi-disk.c diff | blob | blame | history
hw/scsi/scsi-generic.c diff | blob | blame | history
QEMU mirror