On 04/16/2015 03:49 PM, Don Brace wrote: > From: Webb Scales <[email protected]> > > Don't return from the abort request until the target command is complete. > Mark outstanding commands which have a pending abort, and do not send them > to the host if we can avoid it. > > If the current command has been aborted, do not call the SCSI command > completion routine from the I/O path: when the abort returns successfully, > the SCSI mid-layer will handle the completion implicitly. > > The following race was possible in theory. > > 1. LLD is requested to abort a scsi command > 2. scsi command completes > 3. The struct CommandList associated with 2 is made available. > 4. new io request to LLD to another LUN re-uses struct CommandList > 5. abort handler follows scsi_cmnd->host_scribble and > finds struct CommandList and tries to aborts it. > > Now we have aborted the wrong command. > > Fix by resetting the scsi_cmd field of struct CommandList > upon completion and making the abort handler check that > the scsi_cmd pointer in the CommadList struct matches the > scsi_cmnd that it has been asked to abort. > > Reviewed-by: Scott Teel <[email protected]> > Reviewed-by: Kevin Barnett <[email protected]> > Signed-off-by: Webb Scales <[email protected]> > Signed-off-by: Don Brace <[email protected]>
Reviewed-by: Tomas Henzl <[email protected]> Tomas -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
