From: Greg Kurz <groug@kaod.org>
Date: Tue, 4 Apr 2017 16:06:01 +0000 (+0200)
Subject: 9pfs: fix multiple flush for same request
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=18adde86ddc6dbef865a3d360bf8e15dce85756d;p=qemu.git

9pfs: fix multiple flush for same request

If a client tries to flush the same outstanding request several times, only
the first flush completes. Subsequent ones keep waiting for the request
completion in v9fs_flush() and, therefore, leak a PDU. This will cause QEMU
to hang when draining active PDUs the next time the device is reset.

Let have each flush request wake up the next one if any. The last waiter
frees the cancelled PDU.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
---

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 48babce836..ef47a0a5ad 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -2387,8 +2387,10 @@ static void coroutine_fn v9fs_flush(void *opaque)
          * Wait for pdu to complete.
          */
         qemu_co_queue_wait(&cancel_pdu->complete, NULL);
-        cancel_pdu->cancelled = 0;
-        pdu_free(cancel_pdu);
+        if (!qemu_co_queue_next(&cancel_pdu->complete)) {
+            cancel_pdu->cancelled = 0;
+            pdu_free(cancel_pdu);
+        }
     }
     pdu_complete(pdu, 7);
 }