On Mon, Sep 06, 2021 at 03:44:08PM -0700, Bart Van Assche wrote: > On 9/5/21 23:50, Ming Lei wrote: > > - if (!rq || !refcount_inc_not_zero(&rq->ref)) > > + if (!rq || rq->tag != bitnr || !refcount_inc_not_zero(&rq->ref)) > > rq = NULL; > > Shouldn't the rq->tag != bitnr test happen after the refcount has been > incremented since otherwise rq->tag can change after it has been read and > before the refcount is incremented? rq->tag can change too after its refcount is grabbed. If the rq is released during the iterating, either SCMD_STATE_INFLIGHT is cleared or refcount_inc_not_zero() fails. So this way works. The use case for scsi_host_queue_ready() and scsi EH handling is a bit special. For others, either the iterating needn't to be exact, or queue is frozen. Thanks, Ming
