Smatch caught that cxl_cper_post_event() is called with a spinlock held or preemption disabled.[1] The callback takes the device lock to perform address translation and therefore might sleep. The record data is released back to BIOS in ghes_clear_estatus() which requires it to be copied for use in the workqueue. Copy the record to a lockless list and schedule a work item to process the record outside of atomic context. [1] https://lore.kernel.org/all/b963c490-2c13-4b79-bbe7-34c6568423c7@moroto.mountain/ Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Signed-off-by: Ira Weiny <ira.weiny@xxxxxxxxx> --- Changes in v2: - djbw: device_lock() sleeps so we need to call the callback in process context - iweiny: create work queue to handle processing the callback - Link to v1: https://lore.kernel.org/r/20240202-cxl-cper-smatch-v1-1-7a4103c7f5a0@xxxxxxxxx --- drivers/acpi/apei/ghes.c | 44 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c index 7b7c605166e0..aa41e9128118 100644 --- a/drivers/acpi/apei/ghes.c +++ b/drivers/acpi/apei/ghes.c @@ -679,6 +679,12 @@ static void ghes_defer_non_standard_event(struct acpi_hest_generic_data *gdata, */ static DECLARE_RWSEM(cxl_cper_rw_sem); static cxl_cper_callback cper_callback; +static LLIST_HEAD(cxl_cper_rec_list); +struct cxl_cper_work_item { + struct llist_node node; + enum cxl_event_type event_type; + struct cxl_cper_event_rec rec; +}; /* CXL Event record UUIDs are formatted as GUIDs and reported in section type */ @@ -706,9 +712,34 @@ static cxl_cper_callback cper_callback; GUID_INIT(0xfe927475, 0xdd59, 0x4339, \ 0xa5, 0x86, 0x79, 0xba, 0xb1, 0x13, 0xb7, 0x74) +static void cxl_cper_work_fn(struct work_struct *work) +{ + struct llist_node *entries, *cur, *n; + struct cxl_cper_work_item *wi; + + guard(rwsem_read)(&cxl_cper_rw_sem); + + entries = llist_del_all(&cxl_cper_rec_list); + if (!entries) + return; + + /* Process oldest to newest */ + entries = llist_reverse_order(entries); + llist_for_each_safe(cur, n, entries) { + wi = llist_entry(cur, struct cxl_cper_work_item, node); + + if (cper_callback) + cper_callback(wi->event_type, &wi->rec); + kfree(wi); + } +} +static DECLARE_WORK(cxl_cper_work, cxl_cper_work_fn); + static void cxl_cper_post_event(enum cxl_event_type event_type, struct cxl_cper_event_rec *rec) { + struct cxl_cper_work_item *wi; + if (rec->hdr.length <= sizeof(rec->hdr) || rec->hdr.length > sizeof(*rec)) { pr_err(FW_WARN "CXL CPER Invalid section length (%u)\n", @@ -721,9 +752,16 @@ static void cxl_cper_post_event(enum cxl_event_type event_type, return; } - guard(rwsem_read)(&cxl_cper_rw_sem); - if (cper_callback) - cper_callback(event_type, rec); + wi = kmalloc(sizeof(*wi), GFP_ATOMIC); + if (!wi) { + pr_err(FW_WARN "CXL CPER failed to allocate work item\n"); + return; + } + + wi->event_type = event_type; + memcpy(&wi->rec, rec, sizeof(wi->rec)); + llist_add(&wi->node, &cxl_cper_rec_list); + schedule_work(&cxl_cper_work); } int cxl_cper_register_callback(cxl_cper_callback callback) --- base-commit: 99bd3cb0d12e85d5114425353552121ec8f93adc change-id: 20240201-cxl-cper-smatch-82b129498498 Best regards, -- Ira Weiny <ira.weiny@xxxxxxxxx>
