From e2abc47a5a1a9f641e7cacdca643fdd40729bf6e Mon Sep 17 00:00:00 2001 From: Shiju Jose Date: Thu, 21 Sep 2023 02:03:36 +0800 Subject: ACPI: APEI: Fix AER info corruption when error status data has multiple sections ghes_handle_aer() passes AER data to the PCI core for logging and recovery by calling aer_recover_queue() with a pointer to struct aer_capability_regs. The problem was that aer_recover_queue() queues the pointer directly without copying the aer_capability_regs data. The pointer was to the ghes->estatus buffer, which could be reused before aer_recover_work_func() reads the data. To avoid this problem, allocate a new aer_capability_regs structure from the ghes_estatus_pool, copy the AER data from the ghes->estatus buffer into it, pass a pointer to the new struct to aer_recover_queue(), and free it after aer_recover_work_func() has processed it. Reported-by: Bjorn Helgaas Acked-by: Bjorn Helgaas Signed-off-by: Shiju Jose [ rjw: Subject edits ] Signed-off-by: Rafael J. Wysocki --- include/acpi/ghes.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include/acpi') diff --git a/include/acpi/ghes.h b/include/acpi/ghes.h index 3c8bba9f1114..be1dd4c1a917 100644 --- a/include/acpi/ghes.h +++ b/include/acpi/ghes.h @@ -73,8 +73,12 @@ int ghes_register_vendor_record_notifier(struct notifier_block *nb); void ghes_unregister_vendor_record_notifier(struct notifier_block *nb); struct list_head *ghes_get_devices(void); + +void ghes_estatus_pool_region_free(unsigned long addr, u32 size); #else static inline struct list_head *ghes_get_devices(void) { return NULL; } + +static inline void ghes_estatus_pool_region_free(unsigned long addr, u32 size) { return; } #endif int ghes_estatus_pool_init(unsigned int num_ghes); -- cgit