On 11/5/19 7:06 AM, Himanshu Madhani wrote:
> From: Quinn Tran <qutran@xxxxxxxxxxx>
>
> Current code assume abort will remove the original command from the
> active list where scsi_done will not be call. Instead, the eh_abort
> thread will do the scsi_done. That is not the case. Instead, we
> have a double scsi_done calls triggering use after free.
>
> Abort will tell FW to release the command from FW possesion. The
> original command will return to ULP with error in its normal fashion via
> scsi_done. eh_abort path would wait for the original command
> completion before returning. eh_abort path will not perform the
> scsi_done call.
>
> Fixes: 219d27d7147e0 ("scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands")
The intent of commit 219d27d7147e0 was only to fix race conditions and
not to change when scsi_done() is called. Are the double scsi_done()
calls perhaps the result of a recent firmware change? If so, does this
patch break compatibility with firmware versions that do not report an
error status for aborted commands?
Thanks,
Bart.
