[SCSI] iscsi_tcp: fix xmittask oops
authorMike Christie <michaelc@cs.wisc.edu>
Wed, 8 Nov 2006 21:58:33 +0000 (15:58 -0600)
committerJames Bottomley <jejb@mulgrave.(none)>
Fri, 10 Nov 2006 00:41:48 +0000 (09:41 +0900)
XMSTATE_SOL_HDR could be set when the xmit thread tests it, but there may
not be anything on the r2tqueue yet. Move the XMSTATE_SOL_HDR set
before the addition to the queue to make sure that when we pull something
off it it is valid. This does not add locks around the xmstate test or make
that a atmoic_t because this is a fast path and if it is set when we test it
we can handle it there without the overhead. Later on we check the xmitqueue
for all requests with the session lock so we will not miss it.

Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
drivers/scsi/iscsi_tcp.c

index c0b8b33e935caa2f5f19aed2ba52d15e19e0b736..d0b139cccbbc388371f45005e6ae51d00f9e55c5 100644 (file)
@@ -415,8 +415,8 @@ iscsi_r2t_rsp(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask)
        iscsi_solicit_data_init(conn, ctask, r2t);
 
        tcp_ctask->exp_r2tsn = r2tsn + 1;
-       tcp_ctask->xmstate |= XMSTATE_SOL_HDR;
        __kfifo_put(tcp_ctask->r2tqueue, (void*)&r2t, sizeof(void*));
+       tcp_ctask->xmstate |= XMSTATE_SOL_HDR;
        list_move_tail(&ctask->running, &conn->xmitqueue);
 
        scsi_queue_work(session->host, &conn->xmitwork);
@@ -1627,9 +1627,12 @@ static int iscsi_send_sol_pdu(struct iscsi_conn *conn,
        if (tcp_ctask->xmstate & XMSTATE_SOL_HDR) {
                tcp_ctask->xmstate &= ~XMSTATE_SOL_HDR;
                tcp_ctask->xmstate |= XMSTATE_SOL_DATA;
-               if (!tcp_ctask->r2t)
+               if (!tcp_ctask->r2t) {
+                       spin_lock_bh(&session->lock);
                        __kfifo_get(tcp_ctask->r2tqueue, (void*)&tcp_ctask->r2t,
                                    sizeof(void*));
+                       spin_unlock_bh(&session->lock);
+               }
 send_hdr:
                r2t = tcp_ctask->r2t;
                dtask = &r2t->dtask;