From: =?utf-8?q?Kristian_H=C3=B8gsberg?= Subject: firewire: Only free ORBs that completed the initial transaction. Date: Tue, 10 Apr 2007 18:11:20 -0400 In some situations we can receive the ORB status write before we have received the ORB pointer write response. When this happens, we assume that the fw_transaction is finished and free the ORB struct containing the fw_transaction. This fix make the status write logic only accept status writes for ORBs where the initial ORB pointer write transaction finished. Signed-off-by: Kristian Høgsberg Signed-off-by: Stefan Richter --- drivers/firewire/fw-sbp2.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/drivers/firewire/fw-sbp2.c b/drivers/firewire/fw-sbp2.c index c768834..bec15af 100644 --- a/drivers/firewire/fw-sbp2.c +++ b/drivers/firewire/fw-sbp2.c @@ -293,7 +293,8 @@ sbp2_status_write(struct fw_card *card, struct fw_request *request, spin_lock_irqsave(&card->lock, flags); list_for_each_entry(orb, &sd->orb_list, link) { if (status_get_orb_high(status) == 0 && - status_get_orb_low(status) == orb->request_bus) { + status_get_orb_low(status) == orb->request_bus && + orb->rcode == RCODE_COMPLETE) { list_del(&orb->link); break; } @@ -968,6 +969,8 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done) goto fail_alloc; } + /* Initialize rcode to something not RCODE_COMPLETE. */ + orb->base.rcode = -1; orb->base.request_bus = dma_map_single(device->card->device, &orb->request, sizeof orb->request, DMA_TO_DEVICE); -- 1.5.0.5