On Thu, 2009-05-21 at 10:55 +0900, Tejun Heo wrote: > James Bottomley wrote: > > commit e8939a50466fd963eb1ba9118c34b9ffb7ff6aa6 > > Author: Tejun Heo <tj@xxxxxxxxxx> > > Date: Fri May 8 11:54:16 2009 +0900 > > > > block: implement and enforce request peek/start/fetch > > > > Added a BUG_ON(blk_queued_rq(req)) to the top of blk_finish_req(). > > Unfortunately, this checks whether req->queuelist is empty. This list > > is doing double duty both as the queue list and the tag list, so tagged > > requests come in here with this not empty and boom (the tag list is > > emptied by blk_queue_end_tag() lower down). > > > > Fix this by moving the BUG_ON to below the end tag we also seem > > vulnerable to this in blk_requeue_request() as well. I think all uses > > of blk_queued_rq() need auditing because the check is clearly wrong in > > the tagged case. > > > > Signed-off-by: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> > > Oops, > > Acked-by: Tejun Heo <tj@xxxxxxxxxx> > > There are also some drivers which use queuelist for internal purposes > after dequeueing, which also screws up blk_queued_rq() test in > addition to being questionable practice to begin with. Maybe we would > be better off with a flag? Either is fine by me ... could we get some fix in, please? I'm currently carrying this below the merge-base on the SCSI postmerge tree to prevent my main build server oopsing under SCSI testing ... I'm a bit surprised we haven't had more reports from linux-oops ... but you can bet that if Jens moves libata to generic tag use, that will change ... James -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
