On 9/27/24 12:51 AM, Peter Wang (王信友) wrote:
In this section of the UFSHCI 4.0 specification.
4.4.6 (Informative) Processing Abort in MCQ mode: An Implementation
Example
There are three case for MCQ abort:
1. When the host controller has already sent out the SQE
and the UFS device has already responded with the
corresponding response, the CQ Entry will automatically
increment by 1. This case is the simplest, the SQE
will have a corresponding CQE for the host to cleanup
resources.
2. When the host controller has not yet sent out this SQE
(SQ is not empty), the software can fill in 'nullify' to
notify the host controller that there is no need to send
it, and directly fill the corresponding response into the
CQ with OCS: ABORTED. This scenario is also straightforward,
the UFS device won't be aware, and only the host controller
needs to clean up the related resources.
3. When the host controller has already sent out the SQE
and is waiting for the response from the UFS device (CQE),
the software can initiate cleanup to notify the host
controller that there is no need to wait, and directly fill
the corresponding response into the CQ with OCS: ABORTED.
Hi Peter,
Thank you for having drawn my attention to the above text. Regarding
the code changes included in your previous email, do you agree that the
completion code must not call scsi_done() if the CQE status is ABORTED
and if the SCSI command has been aborted by the SCSI core since in this
case calling scsi_done() could result in a use-after-free?
Thanks,
Bart.
