From cef504c5c019ea4f59cf3a69e7341b2b34091cda Mon Sep 17 00:00:00 2001 From: Mike Marciniszyn Date: Mon, 7 Mar 2016 11:35:35 -0800 Subject: [PATCH] IB/hfi1: Fix panic in adaptive pio The following panic occurs while running ib_send_bw -a with adaptive pio turned on: [ 8551.143596] BUG: unable to handle kernel NULL pointer dereference at (null) [ 8551.152986] IP: [] pio_wait.isra.21+0x34/0x190 [hfi1] [ 8551.160926] PGD 80db21067 PUD 80bb45067 PMD 0 [ 8551.166431] Oops: 0000 [#1] SMP [ 8551.276725] task: ffff880816bf15c0 ti: ffff880812ac0000 task.ti: ffff880812ac0000 [ 8551.285705] RIP: 0010:[] pio_wait.isra.21+0x34/0x190 [hfi1] [ 8551.296462] RSP: 0018:ffff880812ac3b58 EFLAGS: 00010282 [ 8551.303029] RAX: 000000000000002d RBX: 0000000000000000 RCX: 0000000000000800 [ 8551.311633] RDX: ffff880812ac3c08 RSI: 0000000000000000 RDI: ffff8800b6665e40 [ 8551.320228] RBP: ffff880812ac3ba0 R08: 0000000000001000 R09: ffffffffa09039a0 [ 8551.328820] R10: ffff880817a0c000 R11: 0000000000000000 R12: ffff8800b6665e40 [ 8551.337406] R13: ffff880817a0c000 R14: ffff8800b6665800 R15: ffff8800b6665e40 [ 8551.355640] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8551.362674] CR2: 0000000000000000 CR3: 000000080abe8000 CR4: 00000000001406e0 [ 8551.371262] Stack: [ 8551.374119] ffff880812ac3bf0 ffff88080cf54010 ffff880800000800 ffff880812ac3c08 [ 8551.383036] ffff8800b6665800 ffff8800b6665e40 0000000000000202 ffffffffa08e7b80 [ 8551.391941] 00000001007de431 ffff880812ac3bc8 ffffffffa0904645 ffff8800b6665800 [ 8551.400859] Call Trace: [ 8551.404214] [] ? hfi1_del_timers_sync+0x30/0x30 [hfi1] [ 8551.412417] [] hfi1_verbs_send+0x215/0x330 [hfi1] [ 8551.420154] [] hfi1_do_send+0x166/0x350 [hfi1] [ 8551.427618] [] rvt_post_send+0x533/0x6a0 [rdmavt] [ 8551.435367] [] ib_uverbs_post_send+0x30f/0x530 [ib_uverbs] [ 8551.443999] [] ib_uverbs_write+0x117/0x380 [ib_uverbs] [ 8551.452269] [] ? sock_recvmsg+0x3b/0x50 [ 8551.459071] [] ? sock_read_iter+0x92/0xe0 [ 8551.466068] [] __vfs_write+0x37/0x100 [ 8551.472692] [] ? rw_verify_area+0x52/0xd0 [ 8551.479682] [] vfs_write+0xa2/0x1a0 [ 8551.486089] [] ? do_audit_syscall_entry+0x66/0x70 [ 8551.493891] [] SyS_write+0x55/0xc0 [ 8551.500220] [] entry_SYSCALL_64_fastpath+0x12/0x71 [ 8551.531284] RIP [] pio_wait.isra.21+0x34/0x190 [hfi1] [ 8551.539508] RSP [ 8551.544110] CR2: 0000000000000000 The priv s_sendcontext pointer was not setup properly. Fix with this patch by using the s_sendcontext and eliminating its send engine use. Reviewed-by: Dennis Dalessandro Signed-off-by: Mike Marciniszyn Signed-off-by: Doug Ledford --- drivers/staging/rdma/hfi1/qp.c | 2 ++ drivers/staging/rdma/hfi1/verbs.c | 6 +----- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/drivers/staging/rdma/hfi1/qp.c b/drivers/staging/rdma/hfi1/qp.c index 59ee12a96006..29a5ad28019b 100644 --- a/drivers/staging/rdma/hfi1/qp.c +++ b/drivers/staging/rdma/hfi1/qp.c @@ -220,6 +220,7 @@ void hfi1_modify_qp(struct rvt_qp *qp, struct ib_qp_attr *attr, if (attr_mask & IB_QP_AV) { priv->s_sc = ah_to_sc(ibqp->device, &qp->remote_ah_attr); priv->s_sde = qp_to_sdma_engine(qp, priv->s_sc); + priv->s_sendcontext = qp_to_send_context(qp, priv->s_sc); } if (attr_mask & IB_QP_PATH_MIG_STATE && @@ -228,6 +229,7 @@ void hfi1_modify_qp(struct rvt_qp *qp, struct ib_qp_attr *attr, qp->s_flags |= RVT_S_AHG_CLEAR; priv->s_sc = ah_to_sc(ibqp->device, &qp->remote_ah_attr); priv->s_sde = qp_to_sdma_engine(qp, priv->s_sc); + priv->s_sendcontext = qp_to_send_context(qp, priv->s_sc); } } diff --git a/drivers/staging/rdma/hfi1/verbs.c b/drivers/staging/rdma/hfi1/verbs.c index 467e6c349c68..7acaa25e03e0 100644 --- a/drivers/staging/rdma/hfi1/verbs.c +++ b/drivers/staging/rdma/hfi1/verbs.c @@ -1005,12 +1005,8 @@ int hfi1_verbs_send_pio(struct rvt_qp *qp, struct hfi1_pkt_state *ps, /* vl15 special case taken care of in ud.c */ sc5 = priv->s_sc; - sc = qp_to_send_context(qp, sc5); + sc = ps->s_txreq->psc; - if (!sc) { - ret = -EINVAL; - goto bail; - } if (likely(pbc == 0)) { u8 vl = sc_to_vlt(dd_from_ibdev(qp->ibqp.device), sc5); /* set PBC_DC_INFO bit (aka SC[4]) in pbc_flags */ -- 2.39.5