A verify command is not an actual read (we do not implement compare mode) and thus does not have an AIOCB attached. Do not crash in scsi_dma_complete.
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> --- hw/scsi/scsi-disk.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index f52bd11..c8d2a99 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -244,14 +244,15 @@ done: } } -static void scsi_dma_complete(void *opaque, int ret) +static void scsi_dma_complete_noio(void *opaque, int ret) { SCSIDiskReq *r = (SCSIDiskReq *)opaque; SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); - assert(r->req.aiocb != NULL); - r->req.aiocb = NULL; - bdrv_acct_done(s->qdev.conf.bs, &r->acct); + if (r->req.aiocb != NULL) { + r->req.aiocb = NULL; + bdrv_acct_done(s->qdev.conf.bs, &r->acct); + } if (r->req.io_canceled) { goto done; } @@ -277,6 +278,14 @@ done: } } +static void scsi_dma_complete(void *opaque, int ret) +{ + SCSIDiskReq *r = (SCSIDiskReq *)opaque; + + assert(r->req.aiocb != NULL); + scsi_dma_complete_noio(opaque, ret); +} + static void scsi_read_complete(void * opaque, int ret) { SCSIDiskReq *r = (SCSIDiskReq *)opaque; @@ -496,7 +505,7 @@ static void scsi_write_data(SCSIRequest *req) if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 || r->req.cmd.buf[0] == VERIFY_16) { if (r->req.sg) { - scsi_dma_complete(r, 0); + scsi_dma_complete_noio(r, 0); } else { scsi_write_complete(r, 0); } -- 1.8.1.4