[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PULL 43/45] scsi: always call notifier on async cancel
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PULL 43/45] scsi: always call notifier on async cancellation |
Date: |
Fri, 18 Dec 2015 07:05:27 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 |
On 18/12/2015 01:57, Fam Zheng wrote:
> Oh hang on, in scsi_req_dequeue, if req->enqueued is already false, the
> matching scsi_req_unref is never called.
The matching unref for scsi_req_cancel_async's ref is in
scsi_req_cancel_complete. You're right that there is a leak if
we get to the second cancellation with req->aiocb, and we should
never get there with !req->aiocb. So the patch is wrong, but
we should add some documentation instead of plainly reverting it:
diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
index 00bddc9..378bf4d 100644
--- a/hw/scsi/scsi-bus.c
+++ b/hw/scsi/scsi-bus.c
@@ -1759,6 +1759,17 @@ void scsi_req_cancel_async(SCSIRequest *req, Notifier
*notifier)
if (notifier) {
notifier_list_add(&req->cancel_notifiers, notifier);
}
+ if (req->io_canceled) {
+ /* Canceling a second time after scsi_req_cancel_complete
+ * is a programming error, hence a blk_aio_cancel_async is
+ * pending; when it finishes, scsi_req_cancel_complete
+ * will be called and will call the notifier we just
+ * added. Just wait for that.
+ */
+ assert(req->aiocb);
+ return;
+ }
+ /* Dropped in scsi_req_cancel_complete. */
scsi_req_ref(req);
scsi_req_dequeue(req);
req->io_canceled = true;
@@ -1775,6 +1784,8 @@ void scsi_req_cancel(SCSIRequest *req)
if (!req->enqueued) {
return;
}
+ assert(!req->io_canceled);
+ /* Dropped in scsi_req_cancel_complete. */
scsi_req_ref(req);
scsi_req_dequeue(req);
req->io_canceled = true;
Does this look sane?
Thanks,
Paolo
- [Qemu-devel] [PULL 34/45] memory: reorder MemoryRegion fields, (continued)
- [Qemu-devel] [PULL 34/45] memory: reorder MemoryRegion fields, Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 31/45] linux-user: convert DEBUG_SIGNAL logging to tracepoints, Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 30/45] linux-user: avoid "naked" qemu_log, Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 28/45] xtensa: avoid "naked" qemu_log, Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 35/45] memory: avoid unnecessary object_ref/unref, Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 40/45] rcu: optimize rcu_read_lock, Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 37/45] memory: extract first iteration of address_space_read and address_space_write, Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 41/45] target-i386: kvm: clear unusable segments' flags in migration, Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 43/45] scsi: always call notifier on async cancellation, Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 44/45] coverity: Model g_poll(), Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 33/45] exec: make qemu_ram_ptr_length more similar to qemu_get_ram_ptr, Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 36/45] memory: split address_space_read and address_space_write, Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 38/45] memory: inline a few small accessors, Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 39/45] memory: try to inline constant-length reads, Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 42/45] scsi: use scsi_req_cancel_async when purging requests, Paolo Bonzini, 2015/12/17
- [Qemu-devel] [PULL 45/45] coverity: Model g_memdup(), Paolo Bonzini, 2015/12/17
- Re: [Qemu-devel] [PULL 00/45] KVM, memory, SCSI, qemu_log, Coverity patches for 2015-12-17, Peter Maydell, 2015/12/17