On Sun, Jul 07, 2019 at 07:55:03PM -0700, shaju.abraham@nutanix.com wrote: Reviewed-by: Stefan Hajnoczi CCing John Snow, IDE maintainer. You can use scripts/get_maintainer.pl -f hw/ide/core.c to find out who to send patches to. Stefan > From: Shaju Abraham > > During the IDE DMA transfer for a ISCSI target,when libiscsi encounters > a SENSE KEY error, it sets the task->sense to the value "COMMAND ABORTED". > The function iscsi_translate_sense() later translaters this error to -ECANCELED > and this value is passed to the callback function. In the case of IDE DMA read > or write, the callback function returns immediately if the value of the ret > argument is -ECANCELED. > Later when ide_cancel_dma_sync() function is invoked the assertion > "s->bus->dma->aiocb == ((void *)0)" fails and the qemu process gets terminated. > Fix the issue by making the value of s->bus->dma->aiocb = NULL when > -ECANCELED is passed to the callback. > > Signed-off-by: Shaju Abraham > --- > hw/ide/core.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/hw/ide/core.c b/hw/ide/core.c > index 6afadf8..78ea357 100644 > --- a/hw/ide/core.c > +++ b/hw/ide/core.c > @@ -841,6 +841,7 @@ static void ide_dma_cb(void *opaque, int ret) > bool stay_active = false; > > if (ret == -ECANCELED) { > + s->bus->dma->aiocb = NULL; > return; > } > > -- > 1.9.4 > >