scsi: mpt3sas: Fix memset() in non-RDPQ mode

Fix memset() accessing out of range address when reply_queue count is less
than RDPQ_MAX_INDEX_IN_ONE_CHUNK (i.e. 16) in non-RDPQ mode.

In non-RDPQ mode, the driver allocates a single contiguous pool of size
reply_queue's count * reqly_post_free_sz. But the driver is always
memsetting this pool with size 16 * reqly_post_free_sz. If reply queue
count is less than 16 (i.e. when MSI-X vectors enabled < 16), the driver is
accessing out of range address and this results in 'BUG: unable to handle
kernel paging request at fff0x...x' bug.

Make driver use dma_pool_zalloc() API to allocate and zero the pool.

Link: https://lore.kernel.org/r/[email protected]
Fixes: 8012209 ("scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region")
Signed-off-by: Suganath Prabu S <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>

Author: suganathprabu0512

drivers/scsi/mpt3sas/mpt3sas_base.c

@@ -4984,7 +4984,7 @@ base_alloc_rdpq_dma_pool(struct MPT3SAS_ADAPTER *ioc, int sz)
 	for (i = 0; i < count; i++) {
 		if ((i % RDPQ_MAX_INDEX_IN_ONE_CHUNK == 0) && dma_alloc_count) {
 			ioc->reply_post[i].reply_post_free =
-			    dma_pool_alloc(ioc->reply_post_free_dma_pool,
+			    dma_pool_zalloc(ioc->reply_post_free_dma_pool,
 				GFP_KERNEL,
 				&ioc->reply_post[i].reply_post_free_dma);
 			if (!ioc->reply_post[i].reply_post_free)
@@ -5008,9 +5008,6 @@ base_alloc_rdpq_dma_pool(struct MPT3SAS_ADAPTER *ioc, int sz)
 				    ioc->reply_post[i].reply_post_free_dma));
 				return -EAGAIN;
 			}
-			memset(ioc->reply_post[i].reply_post_free, 0,
-						RDPQ_MAX_INDEX_IN_ONE_CHUNK *
-						reply_post_free_sz);
 			dma_alloc_count--;
 
 		} else {