review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Shiju Jose <shiju.jose@huawei.com>
	Wed, 20 Sep 2023 18:03:36 +0000 (02:03 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 28 Nov 2023 17:19:37 +0000 (17:19 +0000)
commit	b7765b0a034553018f0d815e27f3e9d4178a31a5
tree	14c3c24c213cb7fecfb8bedc5113f4bdb64ff1b7	tree \| snapshot
parent	4dd0547e8b45faf6f95373be5436b66cde326c0e	commit \| diff

ACPI: APEI: Fix AER info corruption when error status data has multiple sections

[ Upstream commit e2abc47a5a1a9f641e7cacdca643fdd40729bf6e ]

ghes_handle_aer() passes AER data to the PCI core for logging and
recovery by calling aer_recover_queue() with a pointer to struct
aer_capability_regs.

The problem was that aer_recover_queue() queues the pointer directly
without copying the aer_capability_regs data. The pointer was to
the ghes->estatus buffer, which could be reused before
aer_recover_work_func() reads the data.

To avoid this problem, allocate a new aer_capability_regs structure
from the ghes_estatus_pool, copy the AER data from the ghes->estatus
buffer into it, pass a pointer to the new struct to
aer_recover_queue(), and free it after aer_recover_work_func() has
processed it.

Reported-by: Bjorn Helgaas <helgaas@kernel.org>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Shiju Jose <shiju.jose@huawei.com>
[ rjw: Subject edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/acpi/apei/ghes.c		diff \| blob \| history
drivers/pci/pcie/aer.c		diff \| blob \| history
include/acpi/ghes.h		diff \| blob \| history