ide-disk: fix flush requests (take 2)
authorBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Sun, 10 Feb 2008 23:32:14 +0000 (00:32 +0100)
committerBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Sun, 10 Feb 2008 23:32:14 +0000 (00:32 +0100)
commit 813a0eb233ee67d7166241a8b389b6a76f2247f9
Author: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Date:   Fri Jan 25 22:17:10 2008 +0100

    ide: switch idedisk_prepare_flush() to use REQ_TYPE_ATA_TASKFILE requests

...

broke flush requests.

Allocating IDE command structure on the stack for flush requests is not
a very brilliant idea:

- idedisk_prepare_flush() only prepares the request and it doesn't wait
  for it to be completed

- there are can be multiple flush requests queued in the queue

Fix the problem (per hints from James Bottomley) by:
- dynamically allocating ide_task_t instance using kmalloc(..., GFP_ATOMIC)
- adding new taskfile flag (IDE_TFLAG_DYN)
- calling kfree() in ide_end_drive_command() if IDE_TFLAG_DYN is set
  (while at it rename 'args' to 'task' and fix whitespace damage)

[ This will be fixed properly before 2.6.25 but this bug is rather
  critical and the proper solution requires some more work + testing. ]

Thanks to Sebastian Siewior and Christoph Hellwig for reporting the
problem and testing patches (extra thanks to Sebastian for bisecting
it to the guilty commmit).

Tested-by: Sebastian Siewior <ide-bug@ml.breakpoint.cc>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Cc: Tejun Heo <htejun@gmail.com>
Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
drivers/ide/ide-disk.c
drivers/ide/ide-io.c
include/linux/ide.h

index 3c69822507e2a59216e8d2690362c961a940579b..aed8b31ca561512bf1f048175a2c88d14102f11a 100644 (file)
@@ -590,20 +590,24 @@ static ide_proc_entry_t idedisk_proc[] = {
 static void idedisk_prepare_flush(struct request_queue *q, struct request *rq)
 {
        ide_drive_t *drive = q->queuedata;
-       ide_task_t task;
+       ide_task_t *task = kmalloc(sizeof(*task), GFP_ATOMIC);
 
-       memset(&task, 0, sizeof(task));
+       /* FIXME: map struct ide_taskfile on rq->cmd[] */
+       BUG_ON(task == NULL);
+
+       memset(task, 0, sizeof(*task));
        if (ide_id_has_flush_cache_ext(drive->id) &&
            (drive->capacity64 >= (1UL << 28)))
-               task.tf.command = WIN_FLUSH_CACHE_EXT;
+               task->tf.command = WIN_FLUSH_CACHE_EXT;
        else
-               task.tf.command = WIN_FLUSH_CACHE;
-       task.tf_flags   = IDE_TFLAG_OUT_TF | IDE_TFLAG_OUT_DEVICE;
-       task.data_phase = TASKFILE_NO_DATA;
+               task->tf.command = WIN_FLUSH_CACHE;
+       task->tf_flags   = IDE_TFLAG_OUT_TF | IDE_TFLAG_OUT_DEVICE |
+                          IDE_TFLAG_DYN;
+       task->data_phase = TASKFILE_NO_DATA;
 
        rq->cmd_type = REQ_TYPE_ATA_TASKFILE;
        rq->cmd_flags |= REQ_SOFTBARRIER;
-       rq->special = &task;
+       rq->special = task;
 }
 
 /*
index e41383fa3a517e7fa17362347eb85d00c71bb054..715379605a7bb55f887eb887832c4765eccab485 100644 (file)
@@ -361,17 +361,21 @@ void ide_end_drive_cmd (ide_drive_t *drive, u8 stat, u8 err)
        spin_unlock_irqrestore(&ide_lock, flags);
 
        if (rq->cmd_type == REQ_TYPE_ATA_TASKFILE) {
-               ide_task_t *args = (ide_task_t *) rq->special;
+               ide_task_t *task = (ide_task_t *)rq->special;
+
                if (rq->errors == 0)
-                       rq->errors = !OK_STAT(stat,READY_STAT,BAD_STAT);
-                       
-               if (args) {
-                       struct ide_taskfile *tf = &args->tf;
+                       rq->errors = !OK_STAT(stat, READY_STAT, BAD_STAT);
+
+               if (task) {
+                       struct ide_taskfile *tf = &task->tf;
 
                        tf->error = err;
                        tf->status = stat;
 
-                       ide_tf_read(drive, args);
+                       ide_tf_read(drive, task);
+
+                       if (task->tf_flags & IDE_TFLAG_DYN)
+                               kfree(task);
                }
        } else if (blk_pm_request(rq)) {
                struct request_pm_state *pm = rq->data;
index 40a01c3592dfe41645e542855297af4afef1970d..23fad89292dfba2c92da02a39079b771dba8e61b 100644 (file)
@@ -906,6 +906,8 @@ enum {
                                          IDE_TFLAG_IN_DEVICE,
        /* force 16-bit I/O operations */
        IDE_TFLAG_IO_16BIT              = (1 << 30),
+       /* ide_task_t was allocated using kmalloc() */
+       IDE_TFLAG_DYN                   = (1 << 31),
 };
 
 struct ide_taskfile {