RE: Debugging scsi abort handling ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> -----Original Message-----
> From: linux-scsi-owner@xxxxxxxxxxxxxxx [mailto:linux-scsi-
> owner@xxxxxxxxxxxxxxx] On Behalf Of Hannes Reinecke
> Sent: Thursday, 28 August, 2014 10:13 AM
> To: Paolo Bonzini; Hans de Goede; Bart Van Assche; SCSI development
> list
> Subject: Re: Debugging scsi abort handling ?
> 
> On 08/28/2014 04:56 PM, Paolo Bonzini wrote:
> > Il 28/08/2014 16:17, Hannes Reinecke ha scritto:
> >>>
> >> As mentioned earlier, as soon as SCSI EH is invoked control
> >> is assumed to be transferred back to the SCSI midlayer.
> >> How the midlayer interprets any return value from the various
> eh_XX
> >> callbacks is immaterial to the LLDD.
> >>
> >> So even if the eh_abort returns FAILED control is still with the
> SCSI
> >> midlayer, so the earlier statements apply.
> >> IE the command will be short-circuited by the block layer anyway
> if
> >> ->scsi_done() is called.
> >
> > As I parsed it, the question is not whether the short-circuiting
> will
> > happen.  It's whether you will have use-after-free bugs or not if
> you
> > call ->scsi_done() after eh_abort returns FAILED.
> >
> > Paolo
> >
> No. Once eh_abort is called control is back with the SCSI midlayer.
> (Read: REQ_ATOM_COMPLETE is set in req->atomic_flags).
> So you can call ->scsi_done() at your hearts content and nothing will
> happen.
> What might happen, though, that the command is already dead and gone
> by
> the time you're calling ->scsi_done() (if you call it after
> eh_abort).
> So there might not _be_ a command upon which you can call -
> >scsi_done()
> to start with.
> 
> Hence any LLDD need to clear up any internal references after a call
> to
> eh_XXX to ensure it doesn't call ->scsi_done() an in invalid command.
> 
> So even if the LLDD returns 'FAILED' upon a call to eh_XXX it _still_
> needs to clear up the internal reference.
> Either that or return 'FAILED' for any later eh_XXX function until
> the
> internal references can be cleared up.
> 

Is the block layer prevented from issuing a new command with the
same tag before the error handling is finished?

---
Rob Elliott    HP Server Storage



��.n��������+%������w��{.n�����{������ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux