On Sat, 2024-09-28 at 16:10 -0700, Bart Van Assche wrote:
>
> Hi Peter,
>
> Thank you for having drawn my attention to the above text. Regarding
> the code changes included in your previous email, do you agree that
> the
> completion code must not call scsi_done() if the CQE status is
> ABORTED
> and if the SCSI command has been aborted by the SCSI core since in
> this
> case calling scsi_done() could result in a use-after-free?
>
> Thanks,
>
> Bart.
Hi Bart,
I'm not quite sure what you mean. Are you suggesting that scsi_done()
should not be called in the case of a SCSI Abort? This should be
unrelated to OCS: ABORTED (MCQ), because in the case of OCS: INVALID
(SDB), scsi_done() might also be called, and calling scsi_done()
should
not cause any issues. This is because it has already been aborted
by the SCSI timeout, so the test bit(SCMD_STATE_COMPLETE) would
directly return. Below is the call flow:
scsi_done
scsi_done_internal
if (unlikely(test_and_set_bit(SCMD_STATE_COMPLETE, &cmd->state)))
return;
Thanks.
Peter
