From: Viswas G <Viswas.G@microsemi.com>
Date: Wed, 18 Oct 2017 11:39:14 +0530
Subject: scsi: pm80xx: panic on ncq error cleaning up the read log.
Patch-mainline: v4.15-rc1
Git-commit: 0b6df110b3d0c12562011fcd032cfb6ff16b6d56
References: FATE#322890, bsc#1049518

when there's an error in 'ncq mode' the host has to read the ncq error
log (10h) to clear the error state. however, the ccb that is setup for
doing this doesn't setup the ccb so that the previous state is
cleared. if the ccb was previously used for an IO n_elems is set and
pm8001_ccb_task_free() treats this as the signal to go free a
scatter-gather list (that's already been freed).

Signed-off-by: Deepak Ukey <deepak.ukey@microsemi.com>
Signed-off-by: Viswas G <Viswas.G@microsemi.com>
Acked-by: Jack Wang <jinpu.wang@profitbricks.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
---
 drivers/scsi/pm8001/pm80xx_hwi.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/scsi/pm8001/pm80xx_hwi.c
+++ b/drivers/scsi/pm8001/pm80xx_hwi.c
@@ -1489,6 +1489,7 @@ static void pm80xx_send_read_log(struct
 	ccb->device = pm8001_ha_dev;
 	ccb->ccb_tag = ccb_tag;
 	ccb->task = task;
+	ccb->n_elem = 0;
 	pm8001_ha_dev->id |= NCQ_READ_LOG_FLAG;
 	pm8001_ha_dev->id |= NCQ_2ND_RLE_FLAG;