On Fri, 2018-07-20 at 15:21 -0400, Douglas Gilbert wrote: +AD4- /+ACo- Complete the processing of the thread that queued a SCSI command to this +AD4- +AEAAQA- -4459,6 +-4462,11 +AEAAQA- static int schedule+AF8-resp(struct scsi+AF8-cmnd +ACo-cmnd, struct sdebug+AF8-dev+AF8-info +ACo-devip, +AD4- sd+AF8-dp-+AD4-issuing+AF8-cpu +AD0- raw+AF8-smp+AF8-processor+AF8-id()+ADs- +AD4- sd+AF8-dp-+AD4-defer+AF8-t +AD0- SDEB+AF8-DEFER+AF8-WQ+ADs- +AD4- schedule+AF8-work(+ACY-sd+AF8-dp-+AD4-ew.work)+ADs- +AD4- +- if (unlikely(sqcp-+AD4-inj+AF8-cmd+AF8-abort)) +AHs- +AD4- +- blk+AF8-abort+AF8-request(cmnd-+AD4-request)+ADs- +AD4- +- sdev+AF8-printk(KERN+AF8-INFO, sdp, +ACI-abort request tag +ACU-d+AFw-n+ACI-, +AD4- +- cmnd-+AD4-request-+AD4-tag)+ADs- +AD4- +- +AH0- +AD4- +AH0- +AD4- if (unlikely((SDEBUG+AF8-OPT+AF8-Q+AF8-NOISE +ACY- sdebug+AF8-opts) +ACYAJg- +AD4- (scsi+AF8-result +AD0APQ- device+AF8-qfull+AF8-result))) Should the sdev+AF8-printk() call occur before the blk+AF8-abort+AF8-request() call to avoid that the sdev+AF8-printk() call triggers a use-after-free? Does the above change cause schedule+AF8-resp() to call both blk+AF8-abort+AF8-request() and scsi+AF8-done()? I think that's wrong. A SCSI driver should call one of these two functions but not both. Thanks, Bart.
