On 11/26/12 05:44, David Dillow wrote:
Once we know we have an issue with the QP, there is no point trying to
send anything else down the pipe. This also allows us to consolidate
code in the SCSI EH path.
[ ... ]
@@ -1683,7 +1681,7 @@ static int srp_send_tsk_mgmt(struct srp_target_port *target,
struct srp_iu *iu;
struct srp_tsk_mgmt *tsk_mgmt;
- if (srp_is_removed(target))
+ if (target->state)
return -1;
Hi Dave,
After I posted the patch on which the above patch has been based I
realized that testing the connection state at the start of
srp_send_tsk_mgmt() is not sufficient to avoid QPN use-after-free. If a
DREQ is received by the initiator after the above test has been
performed and before the task management function has been sent it is
still possible to send a task management function over a closed QP. I'd
like to address this in a different way - see also the thread called
"SCSI LLDs, the SCSI error handler and host resource lifetime" on the
linux-scsi mailing list (November 20,
http://marc.info/?t=135342155500003&r=1). Sorry for the confusion I caused.
Bart.
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
