From 3b700e341144f278b8248418991c086d09b7137b Mon Sep 17 00:00:00 2001
From: Viswas G <Viswas.G@pmcs.com>
Date: Tue, 11 Aug 2015 15:06:28 +0530
Subject: [PATCH] pm80xx: Fix for Incorrect DMA Unmapping of SG List

In pm8001_ccb_task_free(), the dma unmapping is done based on
ccb->n_elem value. This should be initialized to zero in the
task_abort(). Otherwise, pm8001_ccb_task_free() will try for
dma_unmap_sg() which is invalid for task abort and can lead to
kernel crash.

Changes From V1:
None

Signed-off-by: Viswas G <Viswas.G@pmcs.com>

Reviewed-by: Suresh Thiagarajan <Suresh.Thiagarajan@pmcs.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Jack Wang <jinpu.wang@profitbricks.com>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
---
 drivers/scsi/pm8001/pm8001_sas.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c
index 48f4627e05a4..949198c01ced 100644
--- a/drivers/scsi/pm8001/pm8001_sas.c
+++ b/drivers/scsi/pm8001/pm8001_sas.c
@@ -790,6 +790,7 @@ pm8001_exec_internal_task_abort(struct pm8001_hba_info *pm8001_ha,
 		ccb->device = pm8001_dev;
 		ccb->ccb_tag = ccb_tag;
 		ccb->task = task;
+		ccb->n_elem = 0;
 
 		res = PM8001_CHIP_DISP->task_abort(pm8001_ha,
 			pm8001_dev, flag, task_tag, ccb_tag);
-- 
2.34.1