From: Viswas G Date: Tue, 11 Aug 2015 09:36:28 +0000 (+0530) Subject: pm80xx: Fix for Incorrect DMA Unmapping of SG List X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3b700e341144f278b8248418991c086d09b7137b;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git pm80xx: Fix for Incorrect DMA Unmapping of SG List In pm8001_ccb_task_free(), the dma unmapping is done based on ccb->n_elem value. This should be initialized to zero in the task_abort(). Otherwise, pm8001_ccb_task_free() will try for dma_unmap_sg() which is invalid for task abort and can lead to kernel crash. Changes From V1: None Signed-off-by: Viswas G Reviewed-by: Suresh Thiagarajan Reviewed-by: Hannes Reinecke Reviewed-by: Jack Wang Reviewed-by: Tomas Henzl Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c index 48f4627e05a4..949198c01ced 100644 --- a/drivers/scsi/pm8001/pm8001_sas.c +++ b/drivers/scsi/pm8001/pm8001_sas.c @@ -790,6 +790,7 @@ pm8001_exec_internal_task_abort(struct pm8001_hba_info *pm8001_ha, ccb->device = pm8001_dev; ccb->ccb_tag = ccb_tag; ccb->task = task; + ccb->n_elem = 0; res = PM8001_CHIP_DISP->task_abort(pm8001_ha, pm8001_dev, flag, task_tag, ccb_tag);