From 7d9f415c12cf5cacda98ec9f20484fc9b60cb3e8 Mon Sep 17 00:00:00 2001
From: John Snow <jsnow@redhat.com>
Date: Tue, 4 Oct 2016 22:48:06 +0200
Subject: [PATCH 3/6] ahci: clear aiocb in ncq_cb

RH-Author: John Snow <jsnow@redhat.com>
Message-id: <1475599686-27671-2-git-send-email-jsnow@redhat.com>
Patchwork-id: 72470
O-Subject: [RHEV-7.3.z qemu-kvm-rhev PATCH 1/1] ahci: clear aiocb in ncq_cb
Bugzilla: 1393736
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

Similar to existing fixes for IDE (87ac25fd) and ATAPI (7f951b2d), the
AIOCB must be cleared in the callback. Otherwise, we may accidentally
try to reset a dangling pointer in bdrv_aio_cancel() from a port reset.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1474575040-32079-2-git-send-email-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
(cherry picked from commit df403bc58859c893ebd0accda07678e84d15dc5d)
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 hw/ide/ahci.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 7b3d07e..629fb1b 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -947,6 +947,7 @@ static void ncq_cb(void *opaque, int ret)
     NCQTransferState *ncq_tfs = (NCQTransferState *)opaque;
     IDEState *ide_state = &ncq_tfs->drive->port.ifs[0];
 
+    ncq_tfs->aiocb = NULL;
     if (ret == -ECANCELED) {
         return;
     }
-- 
1.8.3.1