| From 04dfaa53a0b6e66b328a5bc549e3af8f8b6eac02 Mon Sep 17 00:00:00 2001 |
| From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com> |
| Date: Mon, 7 Nov 2016 17:53:30 -0200 |
| Subject: scsi: qla2xxx: do not queue commands when unloading |
| |
| From: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com> |
| |
| commit 04dfaa53a0b6e66b328a5bc549e3af8f8b6eac02 upstream. |
| |
| When the driver is unloading, in qla2x00_remove_one(), there is a single |
| call/point in time to abort ongoing commands, qla2x00_abort_all_cmds(), |
| which is still several steps away from the call to scsi_remove_host(). |
| |
| If more commands continue to arrive and be processed during that |
| interval, when the driver is tearing down and releasing its structures, |
| it might potentially hit an oops due to invalid memory access: |
| |
| Unable to handle kernel paging request for data at address 0x00000138 |
| <...> |
| NIP [d000000004700a40] qla2xxx_queuecommand+0x80/0x3f0 [qla2xxx] |
| LR [d000000004700a10] qla2xxx_queuecommand+0x50/0x3f0 [qla2xxx] |
| |
| So, fail commands in qla2xxx_queuecommand() if the UNLOADING bit is set. |
| |
| Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com> |
| Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com> |
| Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> |
| Signed-off-by: Amit Pundir <amit.pundir@linaro.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/scsi/qla2xxx/qla_os.c | 5 +++++ |
| 1 file changed, 5 insertions(+) |
| |
| --- a/drivers/scsi/qla2xxx/qla_os.c |
| +++ b/drivers/scsi/qla2xxx/qla_os.c |
| @@ -685,6 +685,11 @@ qla2xxx_queuecommand(struct Scsi_Host *h |
| srb_t *sp; |
| int rval; |
| |
| + if (unlikely(test_bit(UNLOADING, &base_vha->dpc_flags))) { |
| + cmd->result = DID_NO_CONNECT << 16; |
| + goto qc24_fail_command; |
| + } |
| + |
| if (ha->flags.eeh_busy) { |
| if (ha->flags.pci_channel_io_perm_failure) { |
| ql_dbg(ql_dbg_aer, vha, 0x9010, |