[PATCH v2] acpi/ghes: Prevent sleeping with spinlock held

From: Ira Weiny
Date: Tue Feb 06 2024 - 17:15:55 EST

Smatch caught that cxl_cper_post_event() is called with a spinlock held
or preemption disabled.[1] The callback takes the device lock to
perform address translation and therefore might sleep. The record data
is released back to BIOS in ghes_clear_estatus() which requires it to be
copied for use in the workqueue.

Copy the record to a lockless list and schedule a work item to process
the record outside of atomic context.

[1] https://lore.kernel.org/all/b963c490-2c13-4b79-bbe7-34c6568423c7@moroto.mountain/

Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Signed-off-by: Ira Weiny <ira.weiny@xxxxxxxxx>
---
Changes in v2:
- djbw: device_lock() sleeps so we need to call the callback in process context
- iweiny: create work queue to handle processing the callback
- Link to v1: https://lore.kernel.org/r/20240202-cxl-cper-smatch-v1-1-7a4103c7f5a0@xxxxxxxxx
---
drivers/acpi/apei/ghes.c | 44 +++++++++++++++++++++++++++++++++++++++++---
1 file changed, 41 insertions(+), 3 deletions(-)

diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c
index 7b7c605166e0..aa41e9128118 100644
--- a/drivers/acpi/apei/ghes.c
+++ b/drivers/acpi/apei/ghes.c
@@ -679,6 +679,12 @@ static void ghes_defer_non_standard_event(struct acpi_hest_generic_data *gdata,
*/
static DECLARE_RWSEM(cxl_cper_rw_sem);
static cxl_cper_callback cper_callback;
+static LLIST_HEAD(cxl_cper_rec_list);
+struct cxl_cper_work_item {
+ struct llist_node node;
+ enum cxl_event_type event_type;
+ struct cxl_cper_event_rec rec;
+};

/* CXL Event record UUIDs are formatted as GUIDs and reported in section type */

@@ -706,9 +712,34 @@ static cxl_cper_callback cper_callback;
GUID_INIT(0xfe927475, 0xdd59, 0x4339, \
0xa5, 0x86, 0x79, 0xba, 0xb1, 0x13, 0xb7, 0x74)

+static void cxl_cper_work_fn(struct work_struct *work)
+{
+ struct llist_node *entries, *cur, *n;
+ struct cxl_cper_work_item *wi;
+
+ guard(rwsem_read)(&cxl_cper_rw_sem);
+
+ entries = llist_del_all(&cxl_cper_rec_list);
+ if (!entries)
+ return;
+
+ /* Process oldest to newest */
+ entries = llist_reverse_order(entries);
+ llist_for_each_safe(cur, n, entries) {
+ wi = llist_entry(cur, struct cxl_cper_work_item, node);
+
+ if (cper_callback)
+ cper_callback(wi->event_type, &wi->rec);
+ kfree(wi);
+ }
+}
+static DECLARE_WORK(cxl_cper_work, cxl_cper_work_fn);
+
static void cxl_cper_post_event(enum cxl_event_type event_type,
struct cxl_cper_event_rec *rec)
{
+ struct cxl_cper_work_item *wi;
+
if (rec->hdr.length <= sizeof(rec->hdr) ||
rec->hdr.length > sizeof(*rec)) {
pr_err(FW_WARN "CXL CPER Invalid section length (%u)\n",
@@ -721,9 +752,16 @@ static void cxl_cper_post_event(enum cxl_event_type event_type,
return;
}

- guard(rwsem_read)(&cxl_cper_rw_sem);
- if (cper_callback)
- cper_callback(event_type, rec);
+ wi = kmalloc(sizeof(*wi), GFP_ATOMIC);
+ if (!wi) {
+ pr_err(FW_WARN "CXL CPER failed to allocate work item\n");
+ return;
+ }
+
+ wi->event_type = event_type;
+ memcpy(&wi->rec, rec, sizeof(wi->rec));
+ llist_add(&wi->node, &cxl_cper_rec_list);
+ schedule_work(&cxl_cper_work);
}

int cxl_cper_register_callback(cxl_cper_callback callback)

---
base-commit: 99bd3cb0d12e85d5114425353552121ec8f93adc
change-id: 20240201-cxl-cper-smatch-82b129498498

Best regards,
--
Ira Weiny <ira.weiny@xxxxxxxxx>