firewire: fw-sbp2: fix another small generation access bug
authorStefan Richter <stefanr@s5r6.in-berlin.de>
Sat, 9 Aug 2008 18:22:17 +0000 (20:22 +0200)
committerStefan Richter <stefanr@s5r6.in-berlin.de>
Wed, 15 Oct 2008 20:21:10 +0000 (22:21 +0200)
queuecommand() looked at the remote and local node IDs before it read
the bus generation.  The corresponding race with sbp2_reconnect updating
these data was probably impossible to happen though because the current
code blocks the SCSI layer during reconnection.  However, better safe
than sorry, especially if someone later improves the code to not block
the SCSI layer.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
drivers/firewire/fw-sbp2.c

index 5d8411afcedb4d27e4ff0ee4681553320a17cc56..ef0b9b419c27a6cbdd4216916368641f3968df17 100644 (file)
@@ -1423,7 +1423,7 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
        struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
        struct sbp2_command_orb *orb;
        unsigned int max_payload;
-       int retval = SCSI_MLQUEUE_HOST_BUSY;
+       int generation, retval = SCSI_MLQUEUE_HOST_BUSY;
 
        /*
         * Bidirectional commands are not yet implemented, and unknown
@@ -1467,6 +1467,9 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
        if (cmd->sc_data_direction == DMA_FROM_DEVICE)
                orb->request.misc |= cpu_to_be32(COMMAND_ORB_DIRECTION);
 
+       generation = device->generation;
+       smp_rmb();    /* sbp2_map_scatterlist looks at tgt->address_high */
+
        if (scsi_sg_count(cmd) && sbp2_map_scatterlist(orb, device, lu) < 0)
                goto out;
 
@@ -1479,7 +1482,7 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
        if (dma_mapping_error(device->card->device, orb->base.request_bus))
                goto out;
 
-       sbp2_send_orb(&orb->base, lu, lu->tgt->node_id, lu->generation,
+       sbp2_send_orb(&orb->base, lu, lu->tgt->node_id, generation,
                      lu->command_block_agent_address + SBP2_ORB_POINTER);
        retval = 0;
  out: