> On Jun 5, 2018, at 6:26 PM, Martin K. Petersen <martin.petersen@xxxxxxxxxx> wrote: > > > Himanshu? > >> This patch fixes a crash on qla2x00_mailbox_command caused when the >> driver is on UNLOADING state and tries to call qla2x00_poll, which >> triggers a NULL pointer dereference. >> >> Signed-off-by: Rodrigo R. Galvao <rosattig@xxxxxxxxxxxxxxxxxx> >> Signed-off-by: Mauro S. M. Rodrigues <maurosr@xxxxxxxxxxxxxxxxxx> >> --- >> drivers/scsi/qla2xxx/qla_mbx.c | 8 ++++++++ >> 1 file changed, 8 insertions(+) >> >> diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c >> index d8a36c1..7e875f5 100644 >> --- a/drivers/scsi/qla2xxx/qla_mbx.c >> +++ b/drivers/scsi/qla2xxx/qla_mbx.c >> @@ -292,6 +292,14 @@ qla2x00_mailbox_command(scsi_qla_host_t *vha, mbx_cmd_t *mcp) >> if (time_after(jiffies, wait_time)) >> break; >> >> + /* >> + * Check if it's UNLOADING, cause we cannot poll in >> + * this case, or else a NULL pointer dereference >> + * is triggered. >> + */ >> + if (unlikely(test_bit(UNLOADING, &base_vha->dpc_flags))) >> + return QLA_FUNCTION_TIMEOUT; >> + >> /* Check for pending interrupts. */ >> qla2x00_poll(ha->rsp_q_map[0]); > > -- > Martin K. Petersen Oracle Linux Engineering Looks Good. Acked-by: Himanshu Madhani <himanshu.madhani@xxxxxxxxxx> Thanks, - Himanshu
