isci: Fix TMF build for SAS/SATA LUN reset cases.

In the case where a SAS or SATA LUN reset TMF is built a NULL pointer dereference occurred because of the (unused) callback data pointer. Signed-off-by: Jeff Skirvin <jeffrey.d.skirvin@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Jacek Danecki <Jacek.Danecki@intel.com>

isci: Fix TMF build for SAS/SATA LUN reset cases.
In the case where a SAS or SATA LUN reset TMF is built a NULL pointer dereference occurred because of the (unused) callback data pointer. Signed-off-by: Jeff Skirvin <jeffrey.d.skirvin@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Jacek Danecki <Jacek.Danecki@intel.com>
c3f42feb · Jeff Skirvin · Dan Williams · 4dc043c4 · c3f42feb · c3f42feb
Commit c3f42feb authored Mar 04, 2011 by Jeff Skirvin Committed by Dan Williams Jul 03, 2011
Show whitespace changes
Inline Side-by-side

Showing with 28 additions and 5 deletions

drivers/scsi/isci/task.c drivers/scsi/isci/task.c +19 -5

drivers/scsi/isci/task.h drivers/scsi/isci/task.h +9 -0

No files found.
--- a/drivers/scsi/isci/task.c
+++ b/drivers/scsi/isci/task.c
@@ -545,7 +545,7 @@ void isci_task_build_tmf(
 	void (*tmf_sent_cb)(enum isci_tmf_cb_state,
 			    struct isci_tmf *,
 			    void *),
-	struct isci_request *old_request)
+	void *cb_data)
 {
 	dev_dbg(&isci_device->isci_port->isci_host->pdev->dev,
 		"%s: isci_device = %p\n", __func__, isci_device);
@@ -556,9 +556,21 @@ void isci_task_build_tmf(
 	tmf->tmf_code      = code;
 	tmf->timeout_timer = NULL;
 	tmf->cb_state_func = tmf_sent_cb;
-	tmf->cb_data       = old_request;
+	tmf->cb_data       = cb_data;
-	tmf->io_tag        = old_request->io_tag;
+}
+void isci_task_build_abort_task_tmf(
+	struct isci_tmf *tmf,
+	struct isci_remote_device *isci_device,
+	enum isci_tmf_function_codes code,
+	void (*tmf_sent_cb)(enum isci_tmf_cb_state,
+			    struct isci_tmf *,
+			    void *),
+	struct isci_request *old_request)
+{
+	isci_task_build_tmf(tmf, isci_device, code, tmf_sent_cb,
+			    (void *)old_request);
+	tmf->io_tag = old_request->io_tag;
 }
 static struct isci_request *isci_task_get_request_from_task(
@@ -1300,8 +1312,10 @@ int isci_task_abort_task(struct sas_task *task)
 		 */
 	} else {
 		/* Fill in the tmf stucture */
-		isci_task_build_tmf(&tmf, isci_device, isci_tmf_ssp_task_abort,
+		isci_task_build_abort_task_tmf(&tmf, isci_device,
-				    isci_abort_task_process_cb, old_request);
+					       isci_tmf_ssp_task_abort,
+					       isci_abort_task_process_cb,
+					       old_request);
 		spin_unlock_irqrestore(&isci_host->scic_lock, flags);

--- a/drivers/scsi/isci/task.h
+++ b/drivers/scsi/isci/task.h
@@ -218,6 +218,15 @@ int isci_queuecommand(
 int isci_bus_reset_handler(struct scsi_cmnd *cmd);
 void isci_task_build_tmf(
+	struct isci_tmf *tmf,
+	struct isci_remote_device *isci_device,
+	enum isci_tmf_function_codes code,
+	void (*tmf_sent_cb)(enum isci_tmf_cb_state,
+			    struct isci_tmf *,
+			    void *),
+	void *cb_data);
+void isci_task_build_abort_task_tmf(
 	struct isci_tmf *tmf,
 	struct isci_remote_device *isci_device,
 	enum isci_tmf_function_codes code,