diff mbox

[4/8] pm80xx: Fix for Incorrect DMA Unmapping of SG List

Message ID 1438151240-4097-5-git-send-email-Viswas.G@pmcs.com (mailing list archive)
State New, archived
Headers show

Commit Message

Viswas.G@pmcs.com July 29, 2015, 6:27 a.m. UTC 
From: Viswas G <Viswas.G@pmcs.com>

In pm8001_ccb_task_free(), the dma unmapping is done based on
ccb->n_elem value. This should be initialized to zero in the
task_abort(). Otherwise, pm8001_ccb_task_free() will try for
dma_unmap_sg() which is invalid for task abort and can lead to
kernel crash.

Signed-off-by: Viswas G <Viswas.G@pmcs.com>
Signed-off-by: Suresh Thiagarajan <Suresh.Thiagarajan@pmcs.com> 
---
 drivers/scsi/pm8001/pm8001_sas.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

Comments

Hannes Reinecke July 29, 2015, 8:54 a.m. UTC | #1 
On 07/29/2015 08:27 AM, Viswas.G@pmcs.com wrote:
> From: Viswas G <Viswas.G@pmcs.com>
> 
> In pm8001_ccb_task_free(), the dma unmapping is done based on
> ccb->n_elem value. This should be initialized to zero in the
> task_abort(). Otherwise, pm8001_ccb_task_free() will try for
> dma_unmap_sg() which is invalid for task abort and can lead to
> kernel crash.
> 
> Signed-off-by: Viswas G <Viswas.G@pmcs.com>
> Signed-off-by: Suresh Thiagarajan <Suresh.Thiagarajan@pmcs.com> 
> ---
>  drivers/scsi/pm8001/pm8001_sas.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c
> index 4e6955f..b1c5fb9 100644
> --- a/drivers/scsi/pm8001/pm8001_sas.c
> +++ b/drivers/scsi/pm8001/pm8001_sas.c
> @@ -790,6 +790,7 @@ pm8001_exec_internal_task_abort(struct pm8001_hba_info *pm8001_ha,
>  		ccb->device = pm8001_dev;
>  		ccb->ccb_tag = ccb_tag;
>  		ccb->task = task;
> +		ccb->n_elem = 0;
>  
>  		res = PM8001_CHIP_DISP->task_abort(pm8001_ha,
>  			pm8001_dev, flag, task_tag, ccb_tag);
> 
Reviewed-by: Hannes Reinecke <hare@suse.com>

Cheers,

Hannes
Tomas Henzl July 29, 2015, 4:12 p.m. UTC | #2 
On 29.7.2015 08:27, Viswas.G@pmcs.com wrote:
> From: Viswas G <Viswas.G@pmcs.com>
> 
> In pm8001_ccb_task_free(), the dma unmapping is done based on
> ccb->n_elem value. This should be initialized to zero in the
> task_abort(). Otherwise, pm8001_ccb_task_free() will try for
> dma_unmap_sg() which is invalid for task abort and can lead to
> kernel crash.
> 
> Signed-off-by: Viswas G <Viswas.G@pmcs.com>
> Signed-off-by: Suresh Thiagarajan <Suresh.Thiagarajan@pmcs.com> 

Reviewed-by: Tomas Henzl <thenzl@redhat.com>

Tomas

--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c
index 4e6955f..b1c5fb9 100644
--- a/drivers/scsi/pm8001/pm8001_sas.c
+++ b/drivers/scsi/pm8001/pm8001_sas.c
@@ -790,6 +790,7 @@  pm8001_exec_internal_task_abort(struct pm8001_hba_info *pm8001_ha,
 		ccb->device = pm8001_dev;
 		ccb->ccb_tag = ccb_tag;
 		ccb->task = task;
+		ccb->n_elem = 0;
 
 		res = PM8001_CHIP_DISP->task_abort(pm8001_ha,
 			pm8001_dev, flag, task_tag, ccb_tag);