diff options
| author |   Mike Marciniszyn <mike.marciniszyn@intel.com> | 2016-03-07 11:35:35 -0800 |
|---|---|---|
| committer |   Doug Ledford <dledford@redhat.com> | 2016-03-17 15:55:21 -0400 |
| commit | cef504c5c019ea4f59cf3a69e7341b2b34091cda (patch) | |
| tree | 5f219789dbc249c27580c22690c596f75f0cc159 /drivers/staging | |
| parent | IB/hfi1: Fix PIO wakeup timing hole (diff) | |
| download | linux-dev-cef504c5c019ea4f59cf3a69e7341b2b34091cda.tar.xz linux-dev-cef504c5c019ea4f59cf3a69e7341b2b34091cda.zip | |
IB/hfi1: Fix panic in adaptive pio
The following panic occurs while running ib_send_bw -a with
adaptive pio turned on:
[ 8551.143596] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 8551.152986] IP: [<ffffffffa0902a94>] pio_wait.isra.21+0x34/0x190 [hfi1]
[ 8551.160926] PGD 80db21067 PUD 80bb45067 PMD 0
[ 8551.166431] Oops: 0000 [#1] SMP
[ 8551.276725] task: ffff880816bf15c0 ti: ffff880812ac0000 task.ti: ffff880812ac0000
[ 8551.285705] RIP: 0010:[<ffffffffa0902a94>] pio_wait.isra.21+0x34/0x190 [hfi1]
[ 8551.296462] RSP: 0018:ffff880812ac3b58 EFLAGS: 00010282
[ 8551.303029] RAX: 000000000000002d RBX: 0000000000000000 RCX: 0000000000000800
[ 8551.311633] RDX: ffff880812ac3c08 RSI: 0000000000000000 RDI: ffff8800b6665e40
[ 8551.320228] RBP: ffff880812ac3ba0 R08: 0000000000001000 R09: ffffffffa09039a0
[ 8551.328820] R10: ffff880817a0c000 R11: 0000000000000000 R12: ffff8800b6665e40
[ 8551.337406] R13: ffff880817a0c000 R14: ffff8800b6665800 R15: ffff8800b6665e40
[ 8551.355640] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8551.362674] CR2: 0000000000000000 CR3: 000000080abe8000 CR4: 00000000001406e0
[ 8551.371262] Stack:
[ 8551.374119] ffff880812ac3bf0 ffff88080cf54010 ffff880800000800 ffff880812ac3c08
[ 8551.383036] ffff8800b6665800 ffff8800b6665e40 0000000000000202 ffffffffa08e7b80
[ 8551.391941] 00000001007de431 ffff880812ac3bc8 ffffffffa0904645 ffff8800b6665800
[ 8551.400859] Call Trace:
[ 8551.404214] [<ffffffffa08e7b80>] ? hfi1_del_timers_sync+0x30/0x30 [hfi1]
[ 8551.412417] [<ffffffffa0904645>] hfi1_verbs_send+0x215/0x330 [hfi1]
[ 8551.420154] [<ffffffffa08ec126>] hfi1_do_send+0x166/0x350 [hfi1]
[ 8551.427618] [<ffffffffa055a533>] rvt_post_send+0x533/0x6a0 [rdmavt]
[ 8551.435367] [<ffffffffa050760f>] ib_uverbs_post_send+0x30f/0x530 [ib_uverbs]
[ 8551.443999] [<ffffffffa0501367>] ib_uverbs_write+0x117/0x380 [ib_uverbs]
[ 8551.452269] [<ffffffff815810ab>] ? sock_recvmsg+0x3b/0x50
[ 8551.459071] [<ffffffff81581152>] ? sock_read_iter+0x92/0xe0
[ 8551.466068] [<ffffffff81212857>] __vfs_write+0x37/0x100
[ 8551.472692] [<ffffffff81213532>] ? rw_verify_area+0x52/0xd0
[ 8551.479682] [<ffffffff81213782>] vfs_write+0xa2/0x1a0
[ 8551.486089] [<ffffffff81003176>] ? do_audit_syscall_entry+0x66/0x70
[ 8551.493891] [<ffffffff812146c5>] SyS_write+0x55/0xc0
[ 8551.500220] [<ffffffff816ae0ee>] entry_SYSCALL_64_fastpath+0x12/0x71
[ 8551.531284] RIP [<ffffffffa0902a94>] pio_wait.isra.21+0x34/0x190 [hfi1]
[ 8551.539508] RSP <ffff880812ac3b58>
[ 8551.544110] CR2: 0000000000000000
The priv s_sendcontext pointer was not setup properly. Fix with this
patch by using the s_sendcontext and eliminating its send engine use.
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Diffstat (limited to 'drivers/staging')
| -rw-r--r-- | drivers/staging/rdma/hfi1/qp.c | 2 | ||||
| -rw-r--r-- | drivers/staging/rdma/hfi1/verbs.c | 6 |
2 files changed, 3 insertions, 5 deletions
diff --git a/drivers/staging/rdma/hfi1/qp.c b/drivers/staging/rdma/hfi1/qp.c index 59ee12a96006..29a5ad28019b 100644 --- a/drivers/staging/rdma/hfi1/qp.c +++ b/drivers/staging/rdma/hfi1/qp.c @@ -220,6 +220,7 @@ void hfi1_modify_qp(struct rvt_qp *qp, struct ib_qp_attr *attr, if (attr_mask & IB_QP_AV) { priv->s_sc = ah_to_sc(ibqp->device, &qp->remote_ah_attr); priv->s_sde = qp_to_sdma_engine(qp, priv->s_sc); + priv->s_sendcontext = qp_to_send_context(qp, priv->s_sc); } if (attr_mask & IB_QP_PATH_MIG_STATE && @@ -228,6 +229,7 @@ void hfi1_modify_qp(struct rvt_qp *qp, struct ib_qp_attr *attr, qp->s_flags |= RVT_S_AHG_CLEAR; priv->s_sc = ah_to_sc(ibqp->device, &qp->remote_ah_attr); priv->s_sde = qp_to_sdma_engine(qp, priv->s_sc); + priv->s_sendcontext = qp_to_send_context(qp, priv->s_sc); } } diff --git a/drivers/staging/rdma/hfi1/verbs.c b/drivers/staging/rdma/hfi1/verbs.c index 467e6c349c68..7acaa25e03e0 100644 --- a/drivers/staging/rdma/hfi1/verbs.c +++ b/drivers/staging/rdma/hfi1/verbs.c @@ -1005,12 +1005,8 @@ int hfi1_verbs_send_pio(struct rvt_qp *qp, struct hfi1_pkt_state *ps, /* vl15 special case taken care of in ud.c */ sc5 = priv->s_sc; - sc = qp_to_send_context(qp, sc5); + sc = ps->s_txreq->psc; - if (!sc) { - ret = -EINVAL; - goto bail; - } if (likely(pbc == 0)) { u8 vl = sc_to_vlt(dd_from_ibdev(qp->ibqp.device), sc5); /* set PBC_DC_INFO bit (aka SC[4]) in pbc_flags */ |