On Fri, Mar 11, 2022 at 01:43:59PM -0500, David Jeffery wrote: > When aborting a scsi command through fnic, there is a race with the fnic > interrupt handler which can result in the scsi command and its request > being completed twice. If the interrupt handler claims the command by > setting CMD_SP to NULL first, the abort handler assumes the interrupt > handler has completed the command and returns SUCCESS, causing the request > for the scsi_cmnd to be re-queued. > > But the interrupt handler may not have finished the command yet. After it > drops the spinlock protecting CMD_SP, it does memory cleanup before > finally calling scsi_done to complete the scsi_cmnd. If the call to > scsi_done occurs after the abort handler finishes and re-queues the > request, the completion of the scsi_cmnd will advance and try to double > complete a request already queued for retry. > > This patch fixes the issue by moving scsi_done and any other use of > scsi_cmnd to before the spinlock is released by the interrupt handler. This way provides one simple fix for the race between normal completion and abort, looks fine: Reviewed-by: Ming Lei <ming.lei@xxxxxxxxxx> Thanks, Ming
