On 04/16/2015 03:49 PM, Don Brace wrote: > From: Webb Scales <webbnh@xxxxxx> > > Don't return from the abort request until the target command is complete. > Mark outstanding commands which have a pending abort, and do not send them > to the host if we can avoid it. > > If the current command has been aborted, do not call the SCSI command > completion routine from the I/O path: when the abort returns successfully, > the SCSI mid-layer will handle the completion implicitly. > > The following race was possible in theory. > > 1. LLD is requested to abort a scsi command > 2. scsi command completes > 3. The struct CommandList associated with 2 is made available. > 4. new io request to LLD to another LUN re-uses struct CommandList > 5. abort handler follows scsi_cmnd->host_scribble and > finds struct CommandList and tries to aborts it. > > Now we have aborted the wrong command. > > Fix by resetting the scsi_cmd field of struct CommandList > upon completion and making the abort handler check that > the scsi_cmd pointer in the CommadList struct matches the > scsi_cmnd that it has been asked to abort. > > Reviewed-by: Scott Teel <scott.teel@xxxxxxxx> > Reviewed-by: Kevin Barnett <kevin.barnett@xxxxxxxx> > Signed-off-by: Webb Scales <webbnh@xxxxxx> > Signed-off-by: Don Brace <don.brace@xxxxxxxx> Reviewed-by: Tomas Henzl <thenzl@xxxxxxxxxx> Tomas -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
