All of lore.kernel.org
 help / color / mirror / Atom feed
* [Qemu-devel] [PATCH v2] esp: cancel current request only if some request is in flight
@ 2011-07-09 14:44 Hervé Poussineau
  2011-07-12 21:33 ` Blue Swirl
  0 siblings, 1 reply; 2+ messages in thread
From: Hervé Poussineau @ 2011-07-09 14:44 UTC (permalink / raw)
  To: qemu-devel; +Cc: blauwirbel, Hervé Poussineau

This bug was introduced in 94d3f98a3f3caddd7875f9a11776daeb84962a7b:
scsi_cancel_io was checking if some request was pending before trying
to cancel it, while scsi_req_cancel always cancels the request.

This may lead to a crash of Qemu due to dereferencing a NULL pointer,
as exhibited by NetBSD 5.1 installer on MIPS Magnum emulation.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
---

Changes since v1:
- better commit message

 hw/esp.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/esp.c b/hw/esp.c
index 8e95672..aa50800 100644
--- a/hw/esp.c
+++ b/hw/esp.c
@@ -219,7 +219,7 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf)
     s->ti_rptr = 0;
     s->ti_wptr = 0;
 
-    if (s->current_dev) {
+    if (s->current_req) {
         /* Started a new command before the old one finished.  Cancel it.  */
         scsi_req_cancel(s->current_req);
         s->async_len = 0;
-- 
1.7.5.4

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [Qemu-devel] [PATCH v2] esp: cancel current request only if some request is in flight
  2011-07-09 14:44 [Qemu-devel] [PATCH v2] esp: cancel current request only if some request is in flight Hervé Poussineau
@ 2011-07-12 21:33 ` Blue Swirl
  0 siblings, 0 replies; 2+ messages in thread
From: Blue Swirl @ 2011-07-12 21:33 UTC (permalink / raw)
  To: Hervé Poussineau; +Cc: qemu-devel

Thanks, applied.

2011/7/9 Hervé Poussineau <hpoussin@reactos.org>:
> This bug was introduced in 94d3f98a3f3caddd7875f9a11776daeb84962a7b:
> scsi_cancel_io was checking if some request was pending before trying
> to cancel it, while scsi_req_cancel always cancels the request.
>
> This may lead to a crash of Qemu due to dereferencing a NULL pointer,
> as exhibited by NetBSD 5.1 installer on MIPS Magnum emulation.
>
> Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
> ---
>
> Changes since v1:
> - better commit message
>
>  hw/esp.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/hw/esp.c b/hw/esp.c
> index 8e95672..aa50800 100644
> --- a/hw/esp.c
> +++ b/hw/esp.c
> @@ -219,7 +219,7 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf)
>     s->ti_rptr = 0;
>     s->ti_wptr = 0;
>
> -    if (s->current_dev) {
> +    if (s->current_req) {
>         /* Started a new command before the old one finished.  Cancel it.  */
>         scsi_req_cancel(s->current_req);
>         s->async_len = 0;
> --
> 1.7.5.4
>
>

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-07-12 21:34 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-07-09 14:44 [Qemu-devel] [PATCH v2] esp: cancel current request only if some request is in flight Hervé Poussineau
2011-07-12 21:33 ` Blue Swirl

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.