isci: Fix TMF build for SAS/SATA LUN reset cases.

In the case where a SAS or SATA LUN reset TMF is built a NULL pointer dereference occurred because of the (unused) callback data pointer. Signed-off-by: Jeff Skirvin <jeffrey.d.skirvin@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Jacek Danecki <Jacek.Danecki@intel.com>
author: Jeff Skirvin <jeffrey.d.skirvin@intel.com> 2011-03-04 17:06:56 -0500
committer: Dan Williams <dan.j.williams@intel.com> 2011-07-03 06:55:30 -0400
commit: c3f42feb0c3d20dc7007336e7de949408b93afef (patch)
tree: a8678f8eaf06758a52a6e75c57121be51ee846c4
parent: 4dc043c41037fc6e369270daaa626465a8766565 (diff)
2 files changed, 28 insertions, 5 deletions
diff --git a/drivers/scsi/isci/task.c b/drivers/scsi/isci/task.c
index c781a4ab4a50..c2d74c3929fb 100644
--- a/drivers/scsi/isci/task.c
+++ b/drivers/scsi/isci/task.c
@@ -545,7 +545,7 @@ void isci_task_build_tmf(
        void (*tmf_sent_cb)(enum isci_tmf_cb_state,
                            struct isci_tmf *,
                            void *),
-        struct isci_request *old_request)
+        void *cb_data)
 {
        dev_dbg(&isci_device->isci_port->isci_host->pdev->dev,
                "%s: isci_device = %p\n", __func__, isci_device);
@@ -556,9 +556,21 @@ void isci_task_build_tmf(
        tmf->tmf_code      = code;
        tmf->timeout_timer = NULL;
        tmf->cb_state_func = tmf_sent_cb;
-        tmf->cb_data       = old_request;
+        tmf->cb_data       = cb_data;
-        tmf->io_tag        = old_request->io_tag;
+}
+void isci_task_build_abort_task_tmf(
+        struct isci_tmf *tmf,
+        struct isci_remote_device *isci_device,
+        enum isci_tmf_function_codes code,
+        void (*tmf_sent_cb)(enum isci_tmf_cb_state,
+                            struct isci_tmf *,
+                            void *),
+        struct isci_request *old_request)
+{
+        isci_task_build_tmf(tmf, isci_device, code, tmf_sent_cb,
+                            (void *)old_request);
+        tmf->io_tag = old_request->io_tag;
 }
 static struct isci_request *isci_task_get_request_from_task(
@@ -1300,8 +1312,10 @@ int isci_task_abort_task(struct sas_task *task)
                 */
        } else {
                /* Fill in the tmf stucture */
-                isci_task_build_tmf(&tmf, isci_device, isci_tmf_ssp_task_abort,
+                isci_task_build_abort_task_tmf(&tmf, isci_device,
-                                    isci_abort_task_process_cb, old_request);
+                                               isci_tmf_ssp_task_abort,
+                                               isci_abort_task_process_cb,
+                                               old_request);
                spin_unlock_irqrestore(&isci_host->scic_lock, flags);
diff --git a/drivers/scsi/isci/task.h b/drivers/scsi/isci/task.h
index 5a5a4ec2dc90..4c2a27eede49 100644
--- a/drivers/scsi/isci/task.h
+++ b/drivers/scsi/isci/task.h
@@ -221,6 +221,15 @@ void isci_task_build_tmf(
        struct isci_tmf *tmf,
        struct isci_remote_device *isci_device,
        enum isci_tmf_function_codes code,
+        void (*tmf_sent_cb)(enum isci_tmf_cb_state,
+                            struct isci_tmf *,
+                            void *),
+        void *cb_data);
+void isci_task_build_abort_task_tmf(
+        struct isci_tmf *tmf,
+        struct isci_remote_device *isci_device,
+        enum isci_tmf_function_codes code,
        void (*tmf_sent_cb)(
                enum isci_tmf_cb_state,
                struct isci_tmf *, void *),
author	Jeff Skirvin <jeffrey.d.skirvin@intel.com>	2011-03-04 17:06:56 -0500
committer	Dan Williams <dan.j.williams@intel.com>	2011-07-03 06:55:30 -0400
commit	c3f42feb0c3d20dc7007336e7de949408b93afef (patch)
tree	a8678f8eaf06758a52a6e75c57121be51ee846c4
parent	4dc043c41037fc6e369270daaa626465a8766565 (diff)