ide: Fix ide_dma_cancel When cancelling a request, bdrv_aio_cancel may decide that it waits for completion of a request rather than for cancellation. IDE therefore can't abandon its DMA status before calling bdrv_aio_cancel; otherwise the callback of a completed request would use invalid data. Signed-off-by: Kevin Wolf <kwolf@redhat.com>

commit: 38d8dfa193e9a45f0f08b06aab2ba2a94f40a041 [log] [tgz]
author: Kevin Wolf <kwolf@redhat.com> Tue May 04 16:35:24 2010 +0200
committer: Kevin Wolf <kwolf@redhat.com> Mon May 17 10:20:04 2010 +0200
tree: 3c7a9183a45ebd11f4c16f7900c5b13e8684abcc
parent: 20be49e47e82f1b9fdc33810e1c4d7121871eafa [diff]
diff --git a/hw/ide/core.c b/hw/ide/core.c
index b0165bc..066fecb 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c

@@ -2838,10 +2838,6 @@
 void ide_dma_cancel(BMDMAState *bm)
 {
     if (bm->status & BM_STATUS_DMAING) {
-        bm->status &= ~BM_STATUS_DMAING;
-        /* cancel DMA request */
-        bm->unit = -1;
-        bm->dma_cb = NULL;
         if (bm->aiocb) {
 #ifdef DEBUG_AIO
             printf("aio_cancel\n");
@@ -2849,6 +2845,10 @@
             bdrv_aio_cancel(bm->aiocb);
             bm->aiocb = NULL;
         }
+        bm->status &= ~BM_STATUS_DMAING;
+        /* cancel DMA request */
+        bm->unit = -1;
+        bm->dma_cb = NULL;
     }
 }
commit	38d8dfa193e9a45f0f08b06aab2ba2a94f40a041	[log] [tgz]
author	Kevin Wolf <kwolf@redhat.com>	Tue May 04 16:35:24 2010 +0200
committer	Kevin Wolf <kwolf@redhat.com>	Mon May 17 10:20:04 2010 +0200
tree	3c7a9183a45ebd11f4c16f7900c5b13e8684abcc
parent	20be49e47e82f1b9fdc33810e1c4d7121871eafa [diff]