scsi: qla2xxx: Fix premature timer expiration
For any qla2xxx async command, the SRB buffer is used to send it. In
setting up the SRB buffer, the timer for this command is started before all
memory allocation has finished. Under low memory pressure, memory alloc
can go to sleep and not wake up before the timer expires. Once timer has
expired, the timer thread will access uninitialize fields resulting into
NULL pointer crash.
This patch fixes this crash by moving the start of timer after everything
is setup.
backtrace shows following
PID: 3720 TASK:
ffff996928401040 CPU: 0 COMMAND: "qla2xxx_1_dpc"
0 [
ffff99652751b698] __schedule at
ffffffff965676c7
1 [
ffff99652751b728] schedule at
ffffffff96567bc9
2 [
ffff99652751b738] schedule_timeout at
ffffffff965655e8
3 [
ffff99652751b7e0] io_schedule_timeout at
ffffffff9656726d
4 [
ffff99652751b810] congestion_wait at
ffffffff95fd8d12
5 [
ffff99652751b870] isolate_migratepages_range at
ffffffff95fddaf3
6 [
ffff99652751b930] compact_zone at
ffffffff95fdde96
7 [
ffff99652751b980] compact_zone_order at
ffffffff95fde0bc
8 [
ffff99652751ba20] try_to_compact_pages at
ffffffff95fde481
9 [
ffff99652751ba80] __alloc_pages_direct_compact at
ffffffff9655cc31
10 [
ffff99652751bae0] __alloc_pages_slowpath at
ffffffff9655d101
11 [
ffff99652751bbd0] __alloc_pages_nodemask at
ffffffff95fc0e95
12 [
ffff99652751bc80] dma_generic_alloc_coherent at
ffffffff95e3217f
13 [
ffff99652751bcc8] x86_swiotlb_alloc_coherent at
ffffffff95e6b7a1
14 [
ffff99652751bcf8] qla2x00_rft_id at
ffffffffc055b5e0 [qla2xxx]
15 [
ffff99652751bd50] qla2x00_loop_resync at
ffffffffc0533e71 [qla2xxx]
16 [
ffff99652751be68] qla2x00_do_dpc at
ffffffffc05210ca [qla2xxx]
PID: 0 TASK:
ffffffff96a18480 CPU: 0 COMMAND: "swapper/0"
0 [
ffff99652fc03ae0] machine_kexec at
ffffffff95e63674
1 [
ffff99652fc03b40] __crash_kexec at
ffffffff95f1ce12
2 [
ffff99652fc03c10] crash_kexec at
ffffffff95f1cf00
3 [
ffff99652fc03c28] oops_end at
ffffffff9656c758
4 [
ffff99652fc03c50] no_context at
ffffffff9655aa7e
5 [
ffff99652fc03ca0] __bad_area_nosemaphore at
ffffffff9655ab15
6 [
ffff99652fc03cf0] bad_area_nosemaphore at
ffffffff9655ac86
7 [
ffff99652fc03d00] __do_page_fault at
ffffffff9656f6b0
8 [
ffff99652fc03d70] do_page_fault at
ffffffff9656f915
9 [
ffff99652fc03da0] page_fault at
ffffffff9656b758
[exception RIP: unknown or invalid address]
RIP:
0000000000000000 RSP:
ffff99652fc03e50 RFLAGS:
00010202
RAX:
0000000000000000 RBX:
ffff99652b79a600 RCX:
ffff99652b79a760
RDX:
ffff99652b79a600 RSI:
ffffffffc0525ad0 RDI:
ffff99652b79a600
RBP:
ffff99652fc03e60 R8:
ffffffff96a18a18 R9:
ffffffff96ee3c00
R10:
0000000000000002 R11:
ffff99652fc03de8 R12:
ffff99652b79a760
R13:
0000000000000100 R14:
ffffffffc0525ad0 R15:
ffff99652b79a600
ORIG_RAX:
ffffffffffffffff CS: 0010 SS: 0018
10 [
ffff99652fc03e50] qla2x00_sp_timeout at
ffffffffc0525af8 [qla2xxx]
11 [
ffff99652fc03e68] call_timer_fn at
ffffffff95ea7f58
12 [
ffff99652fc03ea0] run_timer_softirq at
ffffffff95eaa3bd
13 [
ffff99652fc03f18] __do_softirq at
ffffffff95ea0f05
14 [
ffff99652fc03f88] call_softirq at
ffffffff9657832c
15 [
ffff99652fc03fa0] do_softirq at
ffffffff95e2e675
16 [
ffff99652fc03fc0] irq_exit at
ffffffff95ea1285
17 [
ffff99652fc03fd8] smp_apic_timer_interrupt at
ffffffff965796c8
18 [
ffff99652fc03ff0] apic_timer_interrupt at
ffffffff96575df2
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>