scsi: hisi_sas: Relocate call to hisi_sas_debugfs_exit()

Currently we call function hisi_sas_debugfs_exit() to remove debugfs_dir
before freeing interrupt irqs and destroying workqueue in the driver remove
path.

If a dump is triggered before function hisi_sas_debugfs_exit() but
debugfs_work may be called after it, so it may refer to already removed
debugfs_dir which will cause NULL pointer dereference.

To avoid it, put function hisi_sas_debugfs_exit() after free_irqs and
destroy workqueue when removing hisi_sas driver.

Link: https://lore.kernel.org/r/1573551059-107873-4-git-send-email-john.garry@huawei.com
Signed-off-by: Xiang Chen <chenxiang66@hisilicon.com>
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
index b7836406debec33525ee8cbb0df279f1aaebfa63..bf5d5f1384374beab51145e189f93ca296fca48a 100644 (file)
--- a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
+++ b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
@@ -3302,8 +3302,6 @@ static void hisi_sas_v3_remove(struct pci_dev *pdev)
        struct hisi_hba *hisi_hba = sha->lldd_ha;
        struct Scsi_Host *shost = sha->core.shost;
 
-       hisi_sas_debugfs_exit(hisi_hba);
-
        if (timer_pending(&hisi_hba->timer))
                del_timer(&hisi_hba->timer);
 
@@ -3315,6 +3313,7 @@ static void hisi_sas_v3_remove(struct pci_dev *pdev)
        pci_release_regions(pdev);
        pci_disable_device(pdev);
        hisi_sas_free(hisi_hba);
+       hisi_sas_debugfs_exit(hisi_hba);
        scsi_host_put(shost);
 }