summaryrefslogtreecommitdiff
path: root/drivers/scsi/isci/task.c
diff options
context:
space:
mode:
authorJeff Skirvin <jeffrey.d.skirvin@intel.com>2011-03-05 01:06:56 +0300
committerDan Williams <dan.j.williams@intel.com>2011-07-03 14:55:30 +0400
commitc3f42feb0c3d20dc7007336e7de949408b93afef (patch)
treea8678f8eaf06758a52a6e75c57121be51ee846c4 /drivers/scsi/isci/task.c
parent4dc043c41037fc6e369270daaa626465a8766565 (diff)
downloadlinux-c3f42feb0c3d20dc7007336e7de949408b93afef.tar.xz
isci: Fix TMF build for SAS/SATA LUN reset cases.
In the case where a SAS or SATA LUN reset TMF is built a NULL pointer dereference occurred because of the (unused) callback data pointer. Signed-off-by: Jeff Skirvin <jeffrey.d.skirvin@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Jacek Danecki <Jacek.Danecki@intel.com>
Diffstat (limited to 'drivers/scsi/isci/task.c')
-rw-r--r--drivers/scsi/isci/task.c24
1 files changed, 19 insertions, 5 deletions
diff --git a/drivers/scsi/isci/task.c b/drivers/scsi/isci/task.c
index c781a4ab4a50..c2d74c3929fb 100644
--- a/drivers/scsi/isci/task.c
+++ b/drivers/scsi/isci/task.c
@@ -545,7 +545,7 @@ void isci_task_build_tmf(
void (*tmf_sent_cb)(enum isci_tmf_cb_state,
struct isci_tmf *,
void *),
- struct isci_request *old_request)
+ void *cb_data)
{
dev_dbg(&isci_device->isci_port->isci_host->pdev->dev,
"%s: isci_device = %p\n", __func__, isci_device);
@@ -556,9 +556,21 @@ void isci_task_build_tmf(
tmf->tmf_code = code;
tmf->timeout_timer = NULL;
tmf->cb_state_func = tmf_sent_cb;
- tmf->cb_data = old_request;
- tmf->io_tag = old_request->io_tag;
+ tmf->cb_data = cb_data;
+}
+void isci_task_build_abort_task_tmf(
+ struct isci_tmf *tmf,
+ struct isci_remote_device *isci_device,
+ enum isci_tmf_function_codes code,
+ void (*tmf_sent_cb)(enum isci_tmf_cb_state,
+ struct isci_tmf *,
+ void *),
+ struct isci_request *old_request)
+{
+ isci_task_build_tmf(tmf, isci_device, code, tmf_sent_cb,
+ (void *)old_request);
+ tmf->io_tag = old_request->io_tag;
}
static struct isci_request *isci_task_get_request_from_task(
@@ -1300,8 +1312,10 @@ int isci_task_abort_task(struct sas_task *task)
*/
} else {
/* Fill in the tmf stucture */
- isci_task_build_tmf(&tmf, isci_device, isci_tmf_ssp_task_abort,
- isci_abort_task_process_cb, old_request);
+ isci_task_build_abort_task_tmf(&tmf, isci_device,
+ isci_tmf_ssp_task_abort,
+ isci_abort_task_process_cb,
+ old_request);
spin_unlock_irqrestore(&isci_host->scic_lock, flags);