git.maquefel.me Git - linux.git/commit

author	Shiju Jose <shiju.jose@huawei.com>
	Wed, 20 Sep 2023 18:03:36 +0000 (02:03 +0800)
committer	Rafael J. Wysocki <rafael.j.wysocki@intel.com>
	Thu, 21 Sep 2023 18:44:23 +0000 (20:44 +0200)
commit	e2abc47a5a1a9f641e7cacdca643fdd40729bf6e
tree	971e7bc4ab175eda0f423a06e34a4c32308efae5	tree \| snapshot
parent	ce9ecca0238b140b88f43859b211c9fdfd8e5b70	commit \| diff

ACPI: APEI: Fix AER info corruption when error status data has multiple sections

ghes_handle_aer() passes AER data to the PCI core for logging and
recovery by calling aer_recover_queue() with a pointer to struct
aer_capability_regs.

The problem was that aer_recover_queue() queues the pointer directly
without copying the aer_capability_regs data. The pointer was to
the ghes->estatus buffer, which could be reused before
aer_recover_work_func() reads the data.

To avoid this problem, allocate a new aer_capability_regs structure
from the ghes_estatus_pool, copy the AER data from the ghes->estatus
buffer into it, pass a pointer to the new struct to
aer_recover_queue(), and free it after aer_recover_work_func() has
processed it.

Reported-by: Bjorn Helgaas <helgaas@kernel.org>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Shiju Jose <shiju.jose@huawei.com>
[ rjw: Subject edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

drivers/acpi/apei/ghes.c		diff \| blob \| history
drivers/pci/pcie/aer.c		diff \| blob \| history
include/acpi/ghes.h		diff \| blob \| history