Re: [PATCH v3 2/2] virtio-scsi: add error handling

From: Hu Tao
Date: Sat Mar 10 2012 - 23:01:43 EST


On Mon, Dec 19, 2011 at 01:03:08PM +0100, Paolo Bonzini wrote:

> -/* These are still stubs. */
> static void virtscsi_complete_free(void *buf)
> {
> struct virtio_scsi_cmd *cmd = buf;
>
> + if (cmd->comp)
> + complete_all(cmd->comp);
> mempool_free(cmd, virtscsi_cmd_pool);
> }
>
> @@ -306,12 +308,79 @@ out:
> return ret;
> }
>
> +static int virtscsi_tmf(struct virtio_scsi *vscsi, struct virtio_scsi_cmd *cmd)
> +{
> + DECLARE_COMPLETION_ONSTACK(comp);
> + int ret;
> +
> + cmd->comp = ∁
> + ret = virtscsi_kick_cmd(vscsi, vscsi->ctrl_vq, cmd);
> + if (ret < 0)
> + return FAILED;
> +
> + wait_for_completion(&comp);
> + if (cmd->resp.tmf.response != VIRTIO_SCSI_S_OK &&
> + cmd->resp.tmf.response != VIRTIO_SCSI_S_FUNCTION_SUCCEEDED)
> + return FAILED;

Is there a race here that the cmd may have been already freed (by
virtscsi_complete_free) after waking up from the completion?

diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c
index 3f20678..7cba05d 100644
--- a/drivers/scsi/virtio_scsi.c
+++ b/drivers/scsi/virtio_scsi.c
@@ -175,7 +175,8 @@ static void virtscsi_complete_free(void *buf)

if (cmd->comp)
complete_all(cmd->comp);
- mempool_free(cmd, virtscsi_cmd_pool);
+ else
+ mempool_free(cmd, virtscsi_cmd_pool);
}

static void virtscsi_ctrl_done(struct virtqueue *vq)
@@ -305,7 +306,7 @@ out:
static int virtscsi_tmf(struct virtio_scsi *vscsi, struct virtio_scsi_cmd *cmd)
{
DECLARE_COMPLETION_ONSTACK(comp);
- int ret;
+ int ret = SUCCESS;

cmd->comp = &comp;
ret = virtscsi_kick_cmd(vscsi, vscsi->ctrl_vq, cmd);
@@ -315,9 +316,10 @@ static int virtscsi_tmf(struct virtio_scsi *vscsi, struct virtio_scsi_cmd *cmd)
wait_for_completion(&comp);
if (cmd->resp.tmf.response != VIRTIO_SCSI_S_OK &&
cmd->resp.tmf.response != VIRTIO_SCSI_S_FUNCTION_SUCCEEDED)
- return FAILED;
+ ret = FAILED;

- return SUCCESS;
+ mempool_free(cmd, virtscsi_cmd_pool);
+ return ret;
}

static int virtscsi_device_reset(struct scsi_cmnd *sc)


> +
> + return SUCCESS;
> +}

--
Thanks,
Hu Tao
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/