On Wed, 2017-06-14 at 12:20 +0530, Sreekanth Reddy wrote: > I am using 4.9 kernel and I am observing NULL pointer deference type > kernel panic in the below scenario, > > * Hotplug (i.e. hot add) the HBA (with a set of drives attached to it) > to the system just few seconds before issuing "poweroff" command. > > * Observed that during drives discovery process; for some of the > drives "MODE SENSE" command got timed out. > > * And as "poweroff" command issued, so kernel as called driver's > shutdown() callback function and driver has cleaned up all the HBA > resources (such as IRQ's, memory pools etc). > > * But as the "MODE SENSE" command got timed out, so SCSI EH thread has > invoked driver's .eh_abort_handler() callback function, but by this > time driver has already cleaned up the resources and so it leads to > kernel panic when it trying to access one of these resources. > > I was assuming that kernel should not call driver's shutdown() > callback function until all the outstanding IOs count reaches to zero > (i.e. kernel should call the driver's shutdown() functions only after > clearing up all the outstanding IOs). Please correct me if I am wrong, > and please suggest better way to handle these types of issues. Hello Sreekanth, The SCSI core is not aware of PCIe (hot-)removal and hence cannot help in this case. I think SCSI LLDs are responsible when .shutdown() is called for 1) waiting until any ongoing scsi_scan_target() call has finished and 2) calling scsi_remove_host() from inside pci_driver.shutdown(). Bart.
