scsi: qla2xxx: Fix crash on qla2x00_mailbox_command

This patch fixes a crash on qla2x00_mailbox_command caused when the driver
is on UNLOADING state and tries to call qla2x00_poll, which triggers a
NULL pointer dereference.

Signed-off-by: Rodrigo R. Galvao <rosattig@linux.vnet.ibm.com>
Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c
index d8a36c13aedaf8606a4931287bb2879aee23dcae..7e875f5752299bdb6af02e542ba90362a399a5c7 100644 (file)
--- a/drivers/scsi/qla2xxx/qla_mbx.c
+++ b/drivers/scsi/qla2xxx/qla_mbx.c
@@ -292,6 +292,14 @@ qla2x00_mailbox_command(scsi_qla_host_t *vha, mbx_cmd_t *mcp)
                        if (time_after(jiffies, wait_time))
                                break;
 
+                       /*
+                        * Check if it's UNLOADING, cause we cannot poll in
+                        * this case, or else a NULL pointer dereference
+                        * is triggered.
+                        */
+                       if (unlikely(test_bit(UNLOADING, &base_vha->dpc_flags)))
+                               return QLA_FUNCTION_TIMEOUT;
+
                        /* Check for pending interrupts. */
                        qla2x00_poll(ha->rsp_q_map[0]);