> --- a/hw/scsi-bus.c
> +++ b/hw/scsi-bus.c
> @@ -136,6 +136,7 @@ SCSIRequest *scsi_req_alloc(size_t size, SCSIDevice *d,
> uint32_t tag, uint32_t l
> SCSIRequest *req;
>
> req = qemu_mallocz(size);
> + req->refcount = 2;
> req->bus = scsi_bus_from_device(d);
> req->dev = d;
> req->tag = tag;
A little comment explaining why we start out with a reference count of 2
would be useful here. Might be worth making that a top of the function
block comment explaning the function a bit more while you're at it.
> void scsi_req_free(SCSIRequest *req)
> {
> - scsi_req_dequeue(req);
> + assert(req->refcount == 0);
> qemu_free(req);
> }
Is there any reason to keep a free function? The pattern should be
that people just call the function to decrement the reference count,
and that frees the structure when it hits zero. In the current model
that would mean moving the freeing out of ->free_req into scsi_req_unref,
but that seems pretty sensible anyway.
