scsi: pm80xx: panic on ncq error cleaning up the read log.

when there's an error in 'ncq mode' the host has to read the ncq error
log (10h) to clear the error state. however, the ccb that is setup for
doing this doesn't setup the ccb so that the previous state is
cleared. if the ccb was previously used for an IO n_elems is set and
pm8001_ccb_task_free() treats this as the signal to go free a
scatter-gather list (that's already been freed).

Signed-off-by: Deepak Ukey <deepak.ukey@microsemi.com>
Signed-off-by: Viswas G <Viswas.G@microsemi.com>
Acked-by: Jack Wang <jinpu.wang@profitbricks.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/pm8001/pm80xx_hwi.c b/drivers/scsi/pm8001/pm80xx_hwi.c
index f6df11a7c2d5fc830c86032742f5923932b9f40e..42f0405601ad1bd0a495af2d99f1702b5763ba78 100644 (file)
--- a/drivers/scsi/pm8001/pm80xx_hwi.c
+++ b/drivers/scsi/pm8001/pm80xx_hwi.c
@@ -1489,6 +1489,7 @@ static void pm80xx_send_read_log(struct pm8001_hba_info *pm8001_ha,
        ccb->device = pm8001_ha_dev;
        ccb->ccb_tag = ccb_tag;
        ccb->task = task;
+       ccb->n_elem = 0;
        pm8001_ha_dev->id |= NCQ_READ_LOG_FLAG;
        pm8001_ha_dev->id |= NCQ_2ND_RLE_FLAG;