On Mon, Nov 22, 2010 at 10:15 AM, Hannes Reinecke <[email protected]> wrote: > @@ -86,13 +90,19 @@ static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, > uint32_t tag, > > req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun); > r = DO_UPCAST(SCSIDiskReq, req, req); > - r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE); > + r->iov_buf = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE); > + r->iov = qemu_mallocz(sizeof(struct iovec)); > + r->iov[0].iov_base = r->iov_buf; > + r->iov_num = 1; > return r; > } > > static void scsi_remove_request(SCSIDiskReq *r) > { > - qemu_vfree(r->iov.iov_base); > + qemu_vfree(r->iov);
r->iov was allocated with qemu_mallocz(). It should be freed with qemu_free(). Stefan
