On Fri, 2018-07-20 at 15:21 -0400, Douglas Gilbert wrote:
> /* Complete the processing of the thread that queued a SCSI command to this
> @@ -4459,6 +4462,11 @@ static int schedule_resp(struct scsi_cmnd *cmnd,
> struct sdebug_dev_info *devip,
> sd_dp->issuing_cpu = raw_smp_processor_id();
> sd_dp->defer_t = SDEB_DEFER_WQ;
> schedule_work(&sd_dp->ew.work);
> + if (unlikely(sqcp->inj_cmd_abort)) {
> + blk_abort_request(cmnd->request);
> + sdev_printk(KERN_INFO, sdp, "abort request tag %d\n",
> + cmnd->request->tag);
> + }
> }
> if (unlikely((SDEBUG_OPT_Q_NOISE & sdebug_opts) &&
> (scsi_result == device_qfull_result)))
Should the sdev_printk() call occur before the blk_abort_request() call to
avoid that the sdev_printk() call triggers a use-after-free?
Does the above change cause schedule_resp() to call both blk_abort_request()
and scsi_done()? I think that's wrong. A SCSI driver should call one of
these two functions but not both.
Thanks,
Bart.
