[openib-general][patch review] srp: fmr implementation,
Roland Dreier
rdreier at cisco.com
Wed Apr 19 07:29:37 PDT 2006
> > And what if you comment out the line
> > .eh_device_reset_handler = srp_reset_device,
> > does that fix it?
> No
Now I'm really confused.
It seems we lose the connection to the target (BTW -- do you know why
the connection is getting killed)?
So the SCSI midlayer times out commands and tries to abort them. But
we have no connection so the abort fails. The SCSI command shouldn't
get freed now (at least if I'm understanding scsi_error.c correctly).
Then we have no .eh_device_reset_handler so everything should fall
through to calling our .eh_host_reset_handler without freeing any SCSI
commands. And then we crash on a use-after-free of a SCSI command.
So where is that command getting freed on us??
- R.
More information about the general
mailing list