pm80xx: Fix for Incorrect DMA Unmapping of SG List

In pm8001_ccb_task_free(), the dma unmapping is done based on
ccb->n_elem value. This should be initialized to zero in the
task_abort(). Otherwise, pm8001_ccb_task_free() will try for
dma_unmap_sg() which is invalid for task abort and can lead to
kernel crash.

Changes From V1:
None

Signed-off-by: Viswas G <Viswas.G@pmcs.com>
Reviewed-by: Suresh Thiagarajan <Suresh.Thiagarajan@pmcs.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Jack Wang <jinpu.wang@profitbricks.com>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>

diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c
index 48f4627e05a4b3de61658532567ff26933e2e732..949198c01ced6df9afb496b52e221ec70e41a769 100644 (file)
--- a/drivers/scsi/pm8001/pm8001_sas.c
+++ b/drivers/scsi/pm8001/pm8001_sas.c
@@ -790,6 +790,7 @@ pm8001_exec_internal_task_abort(struct pm8001_hba_info *pm8001_ha,
                ccb->device = pm8001_dev;
                ccb->ccb_tag = ccb_tag;
                ccb->task = task;
+               ccb->n_elem = 0;
 
                res = PM8001_CHIP_DISP->task_abort(pm8001_ha,
                        pm8001_dev, flag, task_tag, ccb_tag);