On Mon, Dec 03, 2018 at 06:05:51PM +0000, James Morse wrote: > The ghes code is careful to parse and round firmware's advertised > memory requirements for CPER records, up to a maximum of 64K. > However when ghes_estatus_pool_expand() does its work, it splits > the requested size into PAGE_SIZE granules. > > This means if firmware generates 5K of CPER records, and correctly > describes this in the table, __process_error() will silently fail as it > is unable to allocate more than PAGE_SIZE. > > Switch the estatus pool to vmalloc() memory. On x86 vmalloc() memory > may fault and be fixed up by vmalloc_fault(). To prevent this call > vmalloc_sync_all() before an NMI handler could discover the memory. > > Signed-off-by: James Morse <james.morse@xxxxxxx> > --- > drivers/acpi/apei/ghes.c | 30 +++++++++++++++--------------- > 1 file changed, 15 insertions(+), 15 deletions(-) > > diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c > index e8503c7d721f..c15264f2dc4b 100644 > --- a/drivers/acpi/apei/ghes.c > +++ b/drivers/acpi/apei/ghes.c > @@ -170,40 +170,40 @@ static int ghes_estatus_pool_init(void) > return 0; > } > > -static void ghes_estatus_pool_free_chunk_page(struct gen_pool *pool, > +static void ghes_estatus_pool_free_chunk(struct gen_pool *pool, > struct gen_pool_chunk *chunk, > void *data) > { > - free_page(chunk->start_addr); > + vfree((void *)chunk->start_addr); > } > > static void ghes_estatus_pool_exit(void) > { > gen_pool_for_each_chunk(ghes_estatus_pool, > - ghes_estatus_pool_free_chunk_page, NULL); > + ghes_estatus_pool_free_chunk, NULL); > gen_pool_destroy(ghes_estatus_pool); > } > > static int ghes_estatus_pool_expand(unsigned long len) > { > - unsigned long i, pages, size, addr; > - int ret; > + unsigned long size, addr; > > ghes_estatus_pool_size_request += PAGE_ALIGN(len); So here we increment with page-aligned len... > size = gen_pool_size(ghes_estatus_pool); > if (size >= ghes_estatus_pool_size_request) > return 0; > - pages = (ghes_estatus_pool_size_request - size) / PAGE_SIZE; > - for (i = 0; i < pages; i++) { > - addr = __get_free_page(GFP_KERNEL); > - if (!addr) > - return -ENOMEM; > - ret = gen_pool_add(ghes_estatus_pool, addr, PAGE_SIZE, -1); > - if (ret) > - return ret; > - } > > - return 0; > + addr = (unsigned long)vmalloc(PAGE_ALIGN(len)); > + if (!addr) > + return -ENOMEM; ... and if we return here due to the ENOMEM, that increment above remains. I see you're reworking all that stuff in the next patches which is cool, thx. So I guess we should leave it as is, as the code before was broken too. IOW, Reviewed-by: Borislav Petkov <bp@xxxxxxx> -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.