From: Jeff Garzik <jgarzik@pobox.com>

ide-scsi's SCSI EH functions, which operate inside the above lock, wrap
several operations inside

	spin_lock_irq(ide_lock)
	...
	spin_unlock_irq(ide_lock)

Use of the unconditional spin_lock_irq(), as opposed to
spin_lock_irqsave(), corrupts the irq context.

Attached patch (against latest git) updates ide-scsi to simply use the
spin_lock() variant, since we know we are already inside of
spin_lock_irqsave().

Patch untested, but at least the code isn't obviously wrong now...

Cc: James Bottomley <James.Bottomley@steeleye.com>
Cc: Bartlomiej Zolnierkiewicz <B.Zolnierkiewicz@elka.pw.edu.pl>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Dave Jones <davej@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 drivers/scsi/ide-scsi.c |   14 ++++++++------
 1 files changed, 8 insertions(+), 6 deletions(-)

diff -puN drivers/scsi/ide-scsi.c~fix-ide-scsi-eh-locking drivers/scsi/ide-scsi.c
--- 25/drivers/scsi/ide-scsi.c~fix-ide-scsi-eh-locking	2005-05-31 14:12:14.000000000 -0700
+++ 25-akpm/drivers/scsi/ide-scsi.c	2005-05-31 14:12:14.000000000 -0700
@@ -46,6 +46,7 @@
 #include <linux/slab.h>
 #include <linux/ide.h>
 #include <linux/scatterlist.h>
+#include <linux/delay.h>
 
 #include <asm/io.h>
 #include <asm/bitops.h>
@@ -973,7 +974,8 @@ static int idescsi_eh_abort (struct scsi
 	if (test_bit(IDESCSI_LOG_CMD, &scsi->log))
 		printk (KERN_WARNING "ide-scsi: drive did%s become ready\n", busy?" not":"");
 
-	spin_lock_irq(&ide_lock);
+	/* remember, we are inside spin_lock_irq() already */
+	spin_lock(&ide_lock);
 
 	/* If there is no pc running we're done (our interrupt took care of it) */
 	if (!scsi->pc) {
@@ -999,7 +1001,7 @@ static int idescsi_eh_abort (struct scsi
 	}
 
 ide_unlock:
-	spin_unlock_irq(&ide_lock);
+	spin_unlock(&ide_lock);
 no_drive:
 	if (test_bit(IDESCSI_LOG_CMD, &scsi->log))
 		printk (KERN_WARNING "ide-scsi: abort returns %s\n", ret == SUCCESS?"success":"failed");
@@ -1026,7 +1028,8 @@ static int idescsi_eh_reset (struct scsi
 		return FAILED;
 	}
 
-	spin_lock_irq(&ide_lock);
+	/* remember, we are inside spin_lock_irq() already */
+	spin_lock(&ide_lock);
 
 	if (!scsi->pc || (req = scsi->pc->rq) != HWGROUP(drive)->rq || !HWGROUP(drive)->handler) {
 		printk (KERN_WARNING "ide-scsi: No active request in idescsi_eh_reset\n");
@@ -1052,16 +1055,15 @@ static int idescsi_eh_reset (struct scsi
 	HWGROUP(drive)->rq = NULL;
 	HWGROUP(drive)->handler = NULL;
 	HWGROUP(drive)->busy = 1;		/* will set this to zero when ide reset finished */
-	spin_unlock_irq(&ide_lock);
+	spin_unlock(&ide_lock);
 
 	ide_do_reset(drive);
 
 	/* ide_do_reset starts a polling handler which restarts itself every 50ms until the reset finishes */
 
 	do {
-		set_current_state(TASK_UNINTERRUPTIBLE);
 		spin_unlock_irq(cmd->device->host->host_lock);
-		schedule_timeout(HZ/20);
+		msleep(50);
 		spin_lock_irq(cmd->device->host->host_lock);
 	} while ( HWGROUP(drive)->handler );
 
_