>> Any variable shared between the top/bottom halves of a driver should
>> be declared volatile unless there is a very good reason not to.
> Bah, I should double-check before hitting Send... Of course, the
> above is restricted to variables written in the interrupt handler and
> tested elsewhere.

I don't see that as "of course"; indeed, I don't see it that way at
all.

top half:
	/* don't interchange the order of these assignments! */
	sc->foo = ....
	sc->state = XXX_ST_FOO;
	...
	(interrupt occurs)

bottom half:
	/* have we made it to state foo yet? */
	if (sc->state == XXX_ST_FOO) {
		sc->foo->....
		...
	}

If the assignment to foo gets cached (maybe it gets heavily used very
soon in the top half) but the assignment to state doesn't, the bottom
half may use a bogus pointer.

No, I see no reason to restrict it to variables written in the
interrupt handler and tested everywhere.  I agree with the
double-quote: any variable shared between halves should be declared
volatile, absent some compelling reason not to.

Otherwise, you (a) need to have splx() force the compiler to push
cached values and (b) need to protect all accesses to shared data with
spl*(), even when this is abstractly unnecessary (and actually
unnecessary if volatile is used as it was designed to be used).

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B