On 08/28/2014 04:56 PM, Paolo Bonzini wrote:
Il 28/08/2014 16:17, Hannes Reinecke ha scritto:
As mentioned earlier, as soon as SCSI EH is invoked control
is assumed to be transferred back to the SCSI midlayer.
How the midlayer interprets any return value from the various eh_XX
callbacks is immaterial to the LLDD.
So even if the eh_abort returns FAILED control is still with the SCSI
midlayer, so the earlier statements apply.
IE the command will be short-circuited by the block layer anyway if
->scsi_done() is called.
As I parsed it, the question is not whether the short-circuiting will
happen. It's whether you will have use-after-free bugs or not if you
call ->scsi_done() after eh_abort returns FAILED.
Paolo
No. Once eh_abort is called control is back with the SCSI midlayer.
(Read: REQ_ATOM_COMPLETE is set in req->atomic_flags).
So you can call ->scsi_done() at your hearts content and nothing will
happen.
What might happen, though, that the command is already dead and gone by
the time you're calling ->scsi_done() (if you call it after eh_abort).
So there might not _be_ a command upon which you can call ->scsi_done()
to start with.
Hence any LLDD need to clear up any internal references after a call to
eh_XXX to ensure it doesn't call ->scsi_done() an in invalid command.
So even if the LLDD returns 'FAILED' upon a call to eh_XXX it _still_
needs to clear up the internal reference.
Either that or return 'FAILED' for any later eh_XXX function until the
internal references can be cleared up.
Cheers,
Hannes
--
Dr. Hannes Reinecke zSeries & Storage
hare@xxxxxxx +49 911 74053 688
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: J. Hawn, J. Guild, F. Imendörffer, HRB 16746 (AG Nürnberg)
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
