On Fri, 2018-07-20 at 15:21 -0400, Douglas Gilbert wrote: > /* Complete the processing of the thread that queued a SCSI command to this > @@ -4459,6 +4462,11 @@ static int schedule_resp(struct scsi_cmnd *cmnd, > struct sdebug_dev_info *devip, > sd_dp->issuing_cpu = raw_smp_processor_id(); > sd_dp->defer_t = SDEB_DEFER_WQ; > schedule_work(&sd_dp->ew.work); > + if (unlikely(sqcp->inj_cmd_abort)) { > + blk_abort_request(cmnd->request); > + sdev_printk(KERN_INFO, sdp, "abort request tag %d\n", > + cmnd->request->tag); > + } > } > if (unlikely((SDEBUG_OPT_Q_NOISE & sdebug_opts) && > (scsi_result == device_qfull_result)))
Should the sdev_printk() call occur before the blk_abort_request() call to avoid that the sdev_printk() call triggers a use-after-free? Does the above change cause schedule_resp() to call both blk_abort_request() and scsi_done()? I think that's wrong. A SCSI driver should call one of these two functions but not both. Thanks, Bart.