[SRU][J/N:linux-bluefield][PATCH v1 1/1] UBUNTU: SAUCE: ipmb_host: resolve lockdep warnings

Fri Oct 10 22:35:24 UTC 2025

BugLink: https://bugs.launchpad.net/bugs/2127673

When running a kernel with CONFIG_LOCK_STAT, the ipmb_host driver
causes a lock warning:

[   21.758110] 1 lock held by swapper/0/0:
[   21.761931]  #0: ffff00008be2d8c0 (&master->lock){-...}-{2:2}, at: ipmb_slave_cb+0x70/0x208 [ipmb_host]
[   21.771320]
               stack backtrace:
[   21.775664] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.8.12+ #1
[   21.781656] Hardware name: https://www.mellanox.com BlueField-3 DPU/BlueField-3 DPU, BIOS 4.13.0.13780 Sep 30 2025
[   21.791986] Call trace:
[   21.794419]  dump_backtrace+0xa0/0x128
[   21.798154]  show_stack+0x20/0x38
[   21.801455]  dump_stack_lvl+0xec/0x150
[   21.805192]  dump_stack+0x18/0x28
[   21.808494]  print_usage_bug.part.0+0x2a4/0x3c0
[   21.813012]  mark_lock+0x4d4/0x710
[   21.816401]  __lock_acquire+0x938/0x1ae8
[   21.820311]  lock_acquire+0x118/0x300
[   21.823961]  fs_reclaim_acquire+0xd8/0xf8
[   21.827957]  kmalloc_trace+0x60/0x2f0
[   21.831607]  ipmb_slave_cb+0x140/0x208 [ipmb_host]
[   21.836384]  i2c_slave_event+0x34/0x160
[   21.840207]  mlxbf_i2c_irq_recv.isra.0+0x258/0x2b0 [i2c_mlxbf]
[   21.846028]  mlxbf_i2c_irq+0x12c/0x1f0 [i2c_mlxbf]
[   21.850804]  __handle_irq_event_percpu+0xb0/0x328
[   21.855495]  handle_irq_event+0x54/0xe0

The lockdep warning shows an inconsistent lock state problem
with the following critical issues:
1) Memory allocation in IRQ context: The ipmb_slave_cb() function
   (called from IRQ handler mlxbf_i2c_irq) is calling kmalloc() with
   GFP_KERNEL flag, which can trigger memory reclaim and sleep.
   This is not allowed in interrupt context.
2) Incorrect spinlock usage: The ipmb_slave_cb() function uses
   spin_lock() instead of spin_lock_irqsave(). Since this function is
   called from interrupt context, it needs to use the IRQ-safe version.

Signed-off-by: David Thompson <davthompson at nvidia.com>
Reviewed-by: Asmaa Mnebhi <asmaa at nvidia.com>
---
 drivers/char/ipmi/ipmb_host.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/char/ipmi/ipmb_host.c b/drivers/char/ipmi/ipmb_host.c
index b74d81e0c499..d4cc6b73cab0 100644
--- a/drivers/char/ipmi/ipmb_host.c
+++ b/drivers/char/ipmi/ipmb_host.c
@@ -193,7 +193,7 @@ static int ipmb_handle_response(struct ipmb_master *master)
 			RSP_QUEUE_MAX_LEN)
 		return -EFAULT;
 
-	queue_elem = kmalloc(sizeof(*queue_elem), GFP_KERNEL);
+	queue_elem = kmalloc(sizeof(*queue_elem), GFP_ATOMIC);
 	if (!queue_elem)
 		return -ENOMEM;
 	memcpy(&queue_elem->rsp, &master->rsp,
@@ -621,6 +621,7 @@ static int ipmb_slave_cb(struct i2c_client *client,
 			enum i2c_slave_event event, u8 *val)
 {
 	struct ipmb_master *master = i2c_get_clientdata(client);
+	unsigned long flags;
 	u8 *buf;
 
 	if (!handshake_rsp) {
@@ -628,7 +629,7 @@ static int ipmb_slave_cb(struct i2c_client *client,
 		return 0;
 	}
 
-	spin_lock(&master->lock);
+	spin_lock_irqsave(&master->lock, flags);
 
 	switch (event) {
 	case I2C_SLAVE_WRITE_REQUESTED:
@@ -663,7 +664,7 @@ static int ipmb_slave_cb(struct i2c_client *client,
 	default:
 		break;
 	}
-	spin_unlock(&master->lock);
+	spin_unlock_irqrestore(&master->lock, flags);
 
 	return 0;
 }
-- 
2.43.2


