ap->active_tag was cleared in ata_qc_free(). This left ap->active_tag
dangling after ata_qc_complete(). Spurious interrupts inbetween could
incorrectly access the qc. Clear active_tag in ata_qc_complete().
This change is necessary for later EH changes.
Signed-off-by: Tejun Heo <htejun@xxxxxxxxx>
---
drivers/scsi/libata-core.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
7054ad3067bb27d6070a75f90afd14fafd3f5527
diff --git a/drivers/scsi/libata-core.c b/drivers/scsi/libata-core.c
index 142a3a8..763dd66 100644
--- a/drivers/scsi/libata-core.c
+++ b/drivers/scsi/libata-core.c
@@ -4083,8 +4083,6 @@ void ata_qc_free(struct ata_queued_cmd *
qc->flags = 0;
tag = qc->tag;
if (likely(ata_tag_valid(tag))) {
- if (tag == ap->active_tag)
- ap->active_tag = ATA_TAG_POISON;
qc->tag = ATA_TAG_POISON;
clear_bit(tag, &ap->qactive);
}
@@ -4098,6 +4096,9 @@ void __ata_qc_complete(struct ata_queued
if (likely(qc->flags & ATA_QCFLAG_DMAMAP))
ata_sg_clean(qc);
+ /* command should be marked inactive atomically with qc completion */
+ qc->ap->active_tag = ATA_TAG_POISON;
+
/* atapi: mark qc as inactive to prevent the interrupt handler
* from completing the command twice later, before the error handler
* is called. (when rc != 0 and atapi request sense is needed)
--
1.2.4
-
: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
