From 12f26aa1b172a32604fedcb98d68c7aef268d6ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20H=C3=B8gsberg?= Date: Tue, 10 Apr 2007 18:11:20 -0400 Subject: [PATCH] firewire: Only free ORBs that completed the initial transaction. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In some situations we can receive the ORB status write before we have received the ORB pointer write response. When this happens, we assume that the fw_transaction is finished and free the ORB struct containing the fw_transaction. This fix make the status write logic only accept status writes for ORBs where the initial ORB pointer write transaction finished. Signed-off-by: Kristian Høgsberg Signed-off-by: Stefan Richter --- drivers/firewire/fw-sbp2.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/firewire/fw-sbp2.c b/drivers/firewire/fw-sbp2.c index a7525234c862..c1e93165efdb 100644 --- a/drivers/firewire/fw-sbp2.c +++ b/drivers/firewire/fw-sbp2.c @@ -293,7 +293,8 @@ sbp2_status_write(struct fw_card *card, struct fw_request *request, spin_lock_irqsave(&card->lock, flags); list_for_each_entry(orb, &sd->orb_list, link) { if (status_get_orb_high(status) == 0 && - status_get_orb_low(status) == orb->request_bus) { + status_get_orb_low(status) == orb->request_bus && + orb->rcode == RCODE_COMPLETE) { list_del(&orb->link); break; } @@ -968,6 +969,8 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done) goto fail_alloc; } + /* Initialize rcode to something not RCODE_COMPLETE. */ + orb->base.rcode = -1; orb->base.request_bus = dma_map_single(device->card->device, &orb->request, sizeof orb->request, DMA_TO_DEVICE);