firewire: Only free ORBs that completed the initial transaction.
In some situations we can receive the ORB status write before we
have received the ORB pointer write response. When this happens,
we assume that the fw_transaction is finished and free the ORB
struct containing the fw_transaction.
This fix make the status write logic only accept status writes
for ORBs where the initial ORB pointer write transaction finished.
Signed-off-by: Kristian Høgsberg <krh@redhat.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
diff --git a/drivers/firewire/fw-sbp2.c b/drivers/firewire/fw-sbp2.c
index a752523..c1e9316 100644
--- a/drivers/firewire/fw-sbp2.c
+++ b/drivers/firewire/fw-sbp2.c
@@ -293,7 +293,8 @@
spin_lock_irqsave(&card->lock, flags);
list_for_each_entry(orb, &sd->orb_list, link) {
if (status_get_orb_high(status) == 0 &&
- status_get_orb_low(status) == orb->request_bus) {
+ status_get_orb_low(status) == orb->request_bus &&
+ orb->rcode == RCODE_COMPLETE) {
list_del(&orb->link);
break;
}
@@ -968,6 +969,8 @@
goto fail_alloc;
}
+ /* Initialize rcode to something not RCODE_COMPLETE. */
+ orb->base.rcode = -1;
orb->base.request_bus =
dma_map_single(device->card->device, &orb->request,
sizeof orb->request, DMA_TO_DEVICE);