From 12f26aa1b172a32604fedcb98d68c7aef268d6ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kristian=20H=C3=B8gsberg?= <krh@redhat.com>
Date: Tue, 10 Apr 2007 18:11:20 -0400
Subject: [PATCH] firewire: Only free ORBs that completed the initial
 transaction.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In some situations we can receive the ORB status write before we
have received the ORB pointer write response.  When this happens,
we assume that the fw_transaction is finished and free the ORB
struct containing the fw_transaction.

This fix make the status write logic only accept status writes
for ORBs where the initial ORB pointer write transaction finished.

Signed-off-by: Kristian Høgsberg <krh@redhat.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
---
 drivers/firewire/fw-sbp2.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/firewire/fw-sbp2.c b/drivers/firewire/fw-sbp2.c
index a7525234c862..c1e93165efdb 100644
--- a/drivers/firewire/fw-sbp2.c
+++ b/drivers/firewire/fw-sbp2.c
@@ -293,7 +293,8 @@ sbp2_status_write(struct fw_card *card, struct fw_request *request,
 	spin_lock_irqsave(&card->lock, flags);
 	list_for_each_entry(orb, &sd->orb_list, link) {
 		if (status_get_orb_high(status) == 0 &&
-		    status_get_orb_low(status) == orb->request_bus) {
+		    status_get_orb_low(status) == orb->request_bus &&
+		    orb->rcode == RCODE_COMPLETE) {
 			list_del(&orb->link);
 			break;
 		}
@@ -968,6 +969,8 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
 		goto fail_alloc;
 	}
 
+	/* Initialize rcode to something not RCODE_COMPLETE. */
+	orb->base.rcode = -1;
 	orb->base.request_bus =
 		dma_map_single(device->card->device, &orb->request,
 			       sizeof orb->request, DMA_TO_DEVICE);
-- 
GitLab