From: Xiang Chen <chenxiang66@xxxxxxxxxxxxx> Currently we call function hisi_sas_debugfs_exit() to remove debugfs_dir before freeing interrupt irqs and destroying workqueue in the driver remove path. If a dump is triggered before function hisi_sas_debugfs_exit() but debugfs_work may be called after it, so it may refer to already removed debugfs_dir which will cause NULL pointer dereference. To avoid it, put function hisi_sas_debugfs_exit() after free_irqs and destroy workqueue when removing hisi_sas driver. Signed-off-by: Xiang Chen <chenxiang66@xxxxxxxxxxxxx> Signed-off-by: John Garry <john.garry@xxxxxxxxxx> --- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c index b7836406debe..bf5d5f138437 100644 --- a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c +++ b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c @@ -3302,8 +3302,6 @@ static void hisi_sas_v3_remove(struct pci_dev *pdev) struct hisi_hba *hisi_hba = sha->lldd_ha; struct Scsi_Host *shost = sha->core.shost; - hisi_sas_debugfs_exit(hisi_hba); - if (timer_pending(&hisi_hba->timer)) del_timer(&hisi_hba->timer); @@ -3315,6 +3313,7 @@ static void hisi_sas_v3_remove(struct pci_dev *pdev) pci_release_regions(pdev); pci_disable_device(pdev); hisi_sas_free(hisi_hba); + hisi_sas_debugfs_exit(hisi_hba); scsi_host_put(shost); } -- 2.17.1