|
 |
3c6e85 |
From d03e239cf7d9d07d5ad186e66164625190fe1f80 Mon Sep 17 00:00:00 2001
|
|
|
3c6e85 |
From: Himanshu Madhani <hmadhani@redhat.com>
|
|
|
3c6e85 |
Date: Thu, 21 Nov 2019 16:36:53 -0500
|
|
|
3c6e85 |
Subject: [PATCH 143/155] [scsi] scsi: qla2xxx: Fix premature timer expiration
|
|
|
3c6e85 |
|
|
|
3c6e85 |
Message-id: <20191121163701.43688-19-hmadhani@redhat.com>
|
|
|
3c6e85 |
Patchwork-id: 287853
|
|
|
3c6e85 |
O-Subject: [RHLE 7.8 e-stor PATCH v3 18/26] scsi: qla2xxx: Fix premature timer expiration
|
|
|
3c6e85 |
Bugzilla: 1731581
|
|
|
3c6e85 |
RH-Acked-by: Jarod Wilson <jarod@redhat.com>
|
|
|
3c6e85 |
RH-Acked-by: Ewan Milne <emilne@redhat.com>
|
|
|
3c6e85 |
RH-Acked-by: Tony Camuso <tcamuso@redhat.com>
|
|
|
3c6e85 |
|
|
|
3c6e85 |
From: Quinn Tran <qutran@marvell.com>
|
|
|
3c6e85 |
|
|
|
3c6e85 |
Bugzilla 1731581
|
|
|
3c6e85 |
|
|
|
3c6e85 |
For any qla2xxx async command, the SRB buffer is used to send it. In
|
|
|
3c6e85 |
setting up the SRB buffer, the timer for this command is started before all
|
|
|
3c6e85 |
memory allocation has finished. Under low memory pressure, memory alloc
|
|
|
3c6e85 |
can go to sleep and not wake up before the timer expires. Once timer has
|
|
|
3c6e85 |
expired, the timer thread will access uninitialize fields resulting into
|
|
|
3c6e85 |
NULL pointer crash.
|
|
|
3c6e85 |
|
|
|
3c6e85 |
This patch fixes this crash by moving the start of timer after everything
|
|
|
3c6e85 |
is setup.
|
|
|
3c6e85 |
|
|
|
3c6e85 |
backtrace shows following
|
|
|
3c6e85 |
|
|
|
3c6e85 |
PID: 3720 TASK: ffff996928401040 CPU: 0 COMMAND: "qla2xxx_1_dpc"
|
|
|
3c6e85 |
0 [ffff99652751b698] __schedule at ffffffff965676c7
|
|
|
3c6e85 |
1 [ffff99652751b728] schedule at ffffffff96567bc9
|
|
|
3c6e85 |
2 [ffff99652751b738] schedule_timeout at ffffffff965655e8
|
|
|
3c6e85 |
3 [ffff99652751b7e0] io_schedule_timeout at ffffffff9656726d
|
|
|
3c6e85 |
4 [ffff99652751b810] congestion_wait at ffffffff95fd8d12
|
|
|
3c6e85 |
5 [ffff99652751b870] isolate_migratepages_range at ffffffff95fddaf3
|
|
|
3c6e85 |
6 [ffff99652751b930] compact_zone at ffffffff95fdde96
|
|
|
3c6e85 |
7 [ffff99652751b980] compact_zone_order at ffffffff95fde0bc
|
|
|
3c6e85 |
8 [ffff99652751ba20] try_to_compact_pages at ffffffff95fde481
|
|
|
3c6e85 |
9 [ffff99652751ba80] __alloc_pages_direct_compact at ffffffff9655cc31
|
|
|
3c6e85 |
10 [ffff99652751bae0] __alloc_pages_slowpath at ffffffff9655d101
|
|
|
3c6e85 |
11 [ffff99652751bbd0] __alloc_pages_nodemask at ffffffff95fc0e95
|
|
|
3c6e85 |
12 [ffff99652751bc80] dma_generic_alloc_coherent at ffffffff95e3217f
|
|
|
3c6e85 |
13 [ffff99652751bcc8] x86_swiotlb_alloc_coherent at ffffffff95e6b7a1
|
|
|
3c6e85 |
14 [ffff99652751bcf8] qla2x00_rft_id at ffffffffc055b5e0 [qla2xxx]
|
|
|
3c6e85 |
15 [ffff99652751bd50] qla2x00_loop_resync at ffffffffc0533e71 [qla2xxx]
|
|
|
3c6e85 |
16 [ffff99652751be68] qla2x00_do_dpc at ffffffffc05210ca [qla2xxx]
|
|
|
3c6e85 |
|
|
|
3c6e85 |
PID: 0 TASK: ffffffff96a18480 CPU: 0 COMMAND: "swapper/0"
|
|
|
3c6e85 |
0 [ffff99652fc03ae0] machine_kexec at ffffffff95e63674
|
|
|
3c6e85 |
1 [ffff99652fc03b40] __crash_kexec at ffffffff95f1ce12
|
|
|
3c6e85 |
2 [ffff99652fc03c10] crash_kexec at ffffffff95f1cf00
|
|
|
3c6e85 |
3 [ffff99652fc03c28] oops_end at ffffffff9656c758
|
|
|
3c6e85 |
4 [ffff99652fc03c50] no_context at ffffffff9655aa7e
|
|
|
3c6e85 |
5 [ffff99652fc03ca0] __bad_area_nosemaphore at ffffffff9655ab15
|
|
|
3c6e85 |
6 [ffff99652fc03cf0] bad_area_nosemaphore at ffffffff9655ac86
|
|
|
3c6e85 |
7 [ffff99652fc03d00] __do_page_fault at ffffffff9656f6b0
|
|
|
3c6e85 |
8 [ffff99652fc03d70] do_page_fault at ffffffff9656f915
|
|
|
3c6e85 |
9 [ffff99652fc03da0] page_fault at ffffffff9656b758
|
|
|
3c6e85 |
[exception RIP: unknown or invalid address]
|
|
|
3c6e85 |
RIP: 0000000000000000 RSP: ffff99652fc03e50 RFLAGS: 00010202
|
|
|
3c6e85 |
RAX: 0000000000000000 RBX: ffff99652b79a600 RCX: ffff99652b79a760
|
|
|
3c6e85 |
RDX: ffff99652b79a600 RSI: ffffffffc0525ad0 RDI: ffff99652b79a600
|
|
|
3c6e85 |
RBP: ffff99652fc03e60 R8: ffffffff96a18a18 R9: ffffffff96ee3c00
|
|
|
3c6e85 |
R10: 0000000000000002 R11: ffff99652fc03de8 R12: ffff99652b79a760
|
|
|
3c6e85 |
R13: 0000000000000100 R14: ffffffffc0525ad0 R15: ffff99652b79a600
|
|
|
3c6e85 |
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
|
|
|
3c6e85 |
10 [ffff99652fc03e50] qla2x00_sp_timeout at ffffffffc0525af8 [qla2xxx]
|
|
|
3c6e85 |
11 [ffff99652fc03e68] call_timer_fn at ffffffff95ea7f58
|
|
|
3c6e85 |
12 [ffff99652fc03ea0] run_timer_softirq at ffffffff95eaa3bd
|
|
|
3c6e85 |
13 [ffff99652fc03f18] __do_softirq at ffffffff95ea0f05
|
|
|
3c6e85 |
14 [ffff99652fc03f88] call_softirq at ffffffff9657832c
|
|
|
3c6e85 |
15 [ffff99652fc03fa0] do_softirq at ffffffff95e2e675
|
|
|
3c6e85 |
16 [ffff99652fc03fc0] irq_exit at ffffffff95ea1285
|
|
|
3c6e85 |
17 [ffff99652fc03fd8] smp_apic_timer_interrupt at ffffffff965796c8
|
|
|
3c6e85 |
18 [ffff99652fc03ff0] apic_timer_interrupt at ffffffff96575df2
|
|
|
3c6e85 |
|
|
|
3c6e85 |
Signed-off-by: Quinn Tran <qutran@marvell.com>
|
|
|
3c6e85 |
Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
|
|
|
3c6e85 |
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
|
3c6e85 |
(cherry picked from commit 3a4b6cc7332130ac5cbf3b505d8cddf0aa2ea745)
|
|
|
3c6e85 |
Signed-off-by: Himanshu Madhani <hmadhani@redhat.com>
|
|
|
3c6e85 |
Signed-off-by: Jan Stancek <jstancek@redhat.com>
|
|
|
3c6e85 |
---
|
|
|
3c6e85 |
drivers/scsi/qla2xxx/qla_def.h | 1 +
|
|
|
3c6e85 |
drivers/scsi/qla2xxx/qla_iocb.c | 5 ++++-
|
|
|
3c6e85 |
2 files changed, 5 insertions(+), 1 deletion(-)
|
|
|
3c6e85 |
|
|
|
3c6e85 |
diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h
|
|
|
3c6e85 |
index 980e9a914d80..24a4a2bdf6a7 100644
|
|
|
3c6e85 |
--- a/drivers/scsi/qla2xxx/qla_def.h
|
|
|
3c6e85 |
+++ b/drivers/scsi/qla2xxx/qla_def.h
|
|
|
3c6e85 |
@@ -546,6 +546,7 @@ typedef struct srb {
|
|
|
3c6e85 |
wait_queue_head_t nvme_ls_waitq;
|
|
|
3c6e85 |
struct fc_port *fcport;
|
|
|
3c6e85 |
struct scsi_qla_host *vha;
|
|
|
3c6e85 |
+ unsigned int start_timer:1;
|
|
|
3c6e85 |
uint32_t handle;
|
|
|
3c6e85 |
uint16_t flags;
|
|
|
3c6e85 |
uint16_t type;
|
|
|
3c6e85 |
diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c
|
|
|
3c6e85 |
index c1f3b7a0f950..05acf2f85895 100644
|
|
|
3c6e85 |
--- a/drivers/scsi/qla2xxx/qla_iocb.c
|
|
|
3c6e85 |
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
|
|
|
3c6e85 |
@@ -2616,7 +2616,7 @@ void qla2x00_init_timer(srb_t *sp, unsigned long tmo)
|
|
|
3c6e85 |
sp->free = qla2x00_sp_free;
|
|
|
3c6e85 |
if (IS_QLAFX00(sp->vha->hw) && (sp->type == SRB_FXIOCB_DCMD))
|
|
|
3c6e85 |
init_completion(&sp->u.iocb_cmd.u.fxiocb.fxiocb_comp);
|
|
|
3c6e85 |
- add_timer(&sp->u.iocb_cmd.timer);
|
|
|
3c6e85 |
+ sp->start_timer = 1;
|
|
|
3c6e85 |
}
|
|
|
3c6e85 |
|
|
|
3c6e85 |
static void
|
|
|
3c6e85 |
@@ -3899,6 +3899,9 @@ qla2x00_start_sp(srb_t *sp)
|
|
|
3c6e85 |
break;
|
|
|
3c6e85 |
}
|
|
|
3c6e85 |
|
|
|
3c6e85 |
+ if (sp->start_timer)
|
|
|
3c6e85 |
+ add_timer(&sp->u.iocb_cmd.timer);
|
|
|
3c6e85 |
+
|
|
|
3c6e85 |
wmb();
|
|
|
3c6e85 |
qla2x00_start_iocbs(vha, qp->req);
|
|
|
3c6e85 |
done:
|
|
|
3c6e85 |
--
|
|
|
3c6e85 |
2.13.6
|
|
|
3c6e85 |
|