Hi Rodrigo,
We are seen regression introduced by below patch for QLA 82XX HBAs. On unload, the disable interrupt, mailbox command (MBX 0x10) fails because of this patch and leaves the FW/HW in unstable state. The next load fails with initialization FW timing out.
The only way out of this is to reboot the server. I and test team have tried to reproduce an original problem that is fixed by below patch but we don't have any luck.
We would like to revert the below patch but would like to address original problem as well. Can you share more details about the NULL pointer dereference? Which data structure was NULL and what was the test case?
==============================
git show 3cb182b3fa8b7a61f05c671525494697cba39c6a
commit 3cb182b3fa8b7a61f05c671525494697cba39c6a
Author: Rodrigo R. Galvao <rosattig@xxxxxxxxxxxxxxxxxx>
Date: Mon May 28 14:58:44 2018 -0300
scsi: qla2xxx: Fix crash on qla2x00_mailbox_command
This patch fixes a crash on qla2x00_mailbox_command caused when the driver
is on UNLOADING state and tries to call qla2x00_poll, which triggers a
NULL pointer dereference.
Signed-off-by: Rodrigo R. Galvao <rosattig@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Mauro S. M. Rodrigues <maurosr@xxxxxxxxxxxxxxxxxx>
Acked-by: Himanshu Madhani <himanshu.madhani@xxxxxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c
index d8a36c1..7e875f5 100644
--- a/drivers/scsi/qla2xxx/qla_mbx.c
+++ b/drivers/scsi/qla2xxx/qla_mbx.c
@@ -292,6 +292,14 @@ static int is_rom_cmd(uint16_t cmd)
if (time_after(jiffies, wait_time))
break;
+ /*
+ * Check if it's UNLOADING, cause we cannot poll in
+ * this case, or else a NULL pointer dereference
+ * is triggered.
+ */
+ if (unlikely(test_bit(UNLOADING, &base_vha->dpc_flags)))
+ return QLA_FUNCTION_TIMEOUT;
+
/* Check for pending interrupts. */
qla2x00_poll(ha->rsp_q_map[0]);
====================
Thanks,
~Saurav
