diff mbox series

[v2,2/2] ACPI: APEI: handle synchronous exceptions in task work

Message ID 20230227050315.5670-3-xueshuai@linux.alibaba.com (mailing list archive)
State Superseded, archived
Headers show
Series None | expand

Commit Message

Shuai Xue Feb. 27, 2023, 5:03 a.m. UTC
Hardware errors could be signaled by synchronous interrupt, e.g.  when an
error is detected by a background scrubber, or signaled by synchronous
exception, e.g. when an uncorrected error is consumed. Both synchronous and
asynchronous error are queued and handled by a dedicated kthread in
workqueue.

commit 7f17b4a121d0 ("ACPI: APEI: Kick the memory_failure() queue for
synchronous errors") keep track of whether memory_failure() work was
queued, and make task_work pending to flush out the workqueue so that the
work for synchronous error is processed before returning to user-space.
The trick ensures that the corrupted page is unmapped and poisoned. And
after returning to user-space, the task starts at current instruction which
triggering a page fault in which kernel will send SIGBUS to current process
due to VM_FAULT_HWPOISON.

However, the memory failure recovery for hwpoison-aware mechanisms does not
work as expected. For example, hwpoison-aware user-space processes like
QEMU register their customized SIGBUS handler and enable early kill mode by
seting PF_MCE_EARLY at initialization. Then the kernel will directy notify
the process by sending a SIGBUS signal in memory failure with wrong
si_code: the actual user-space process accessing the corrupt memory
location, but its memory failure work is handled in a kthread context, so
it will send SIGBUS with BUS_MCEERR_AO si_code to the actual user-space
process instead of BUS_MCEERR_AR in kill_proc().

To this end, separate synchronous and asynchronous error handling into
different paths like X86 platform does:

- task work for synchronous errors.
- and workqueue for asynchronous errors.

Then for synchronous errors, the current context in memory failure is
exactly belongs to the task consuming poison data and it will send SIBBUS
with proper si_code.

Fixes: 7f17b4a121d0 ("ACPI: APEI: Kick the memory_failure() queue for synchronous errors")
Signed-off-by: Shuai Xue <xueshuai@linux.alibaba.com>
---
 drivers/acpi/apei/ghes.c | 114 ++++++++++++++++++++++-----------------
 include/acpi/ghes.h      |   3 --
 mm/memory-failure.c      |  13 -----
 3 files changed, 64 insertions(+), 66 deletions(-)

Comments

HORIGUCHI NAOYA(堀口 直也) March 16, 2023, 7:21 a.m. UTC | #1
On Mon, Feb 27, 2023 at 01:03:15PM +0800, Shuai Xue wrote:
> Hardware errors could be signaled by synchronous interrupt, e.g.  when an
> error is detected by a background scrubber, or signaled by synchronous
> exception, e.g. when an uncorrected error is consumed. Both synchronous and
> asynchronous error are queued and handled by a dedicated kthread in
> workqueue.
> 
> commit 7f17b4a121d0 ("ACPI: APEI: Kick the memory_failure() queue for
> synchronous errors") keep track of whether memory_failure() work was
> queued, and make task_work pending to flush out the workqueue so that the
> work for synchronous error is processed before returning to user-space.
> The trick ensures that the corrupted page is unmapped and poisoned. And
> after returning to user-space, the task starts at current instruction which
> triggering a page fault in which kernel will send SIGBUS to current process
> due to VM_FAULT_HWPOISON.
> 
> However, the memory failure recovery for hwpoison-aware mechanisms does not
> work as expected. For example, hwpoison-aware user-space processes like
> QEMU register their customized SIGBUS handler and enable early kill mode by
> seting PF_MCE_EARLY at initialization. Then the kernel will directy notify
> the process by sending a SIGBUS signal in memory failure with wrong
> si_code: the actual user-space process accessing the corrupt memory
> location, but its memory failure work is handled in a kthread context, so
> it will send SIGBUS with BUS_MCEERR_AO si_code to the actual user-space
> process instead of BUS_MCEERR_AR in kill_proc().
> 
> To this end, separate synchronous and asynchronous error handling into
> different paths like X86 platform does:
> 
> - task work for synchronous errors.
> - and workqueue for asynchronous errors.
> 
> Then for synchronous errors, the current context in memory failure is
> exactly belongs to the task consuming poison data and it will send SIBBUS
> with proper si_code.
> 
> Fixes: 7f17b4a121d0 ("ACPI: APEI: Kick the memory_failure() queue for synchronous errors")
> Signed-off-by: Shuai Xue <xueshuai@linux.alibaba.com>
...
>  
>  /*
> - * Called as task_work before returning to user-space.
> - * Ensure any queued work has been done before we return to the context that
> - * triggered the notification.
> + * struct mce_task_work - for synchronous RAS event

This seems to handle synchronous memory errors, not limited to MCE?
So naming this struct as such (more generally) might be better.

> + *
> + * @twork:                callback_head for task work
> + * @pfn:                  page frame number of corrupted page
> + * @flags:                fine tune action taken
> + *
> + * Structure to pass task work to be handled before
> + * ret_to_user via task_work_add().
>   */
...

>  }
>  
> -static bool ghes_do_memory_failure(u64 physical_addr, int flags)
> +static void ghes_do_memory_failure(u64 physical_addr, int flags)
>  {
>  	unsigned long pfn;
> +	struct mce_task_work *twcb;
>  
>  	if (!IS_ENABLED(CONFIG_ACPI_APEI_MEMORY_FAILURE))
> -		return false;
> +		return;
>  
>  	pfn = PHYS_PFN(physical_addr);
>  	if (!pfn_valid(pfn) && !arch_is_platform_page(physical_addr)) {
>  		pr_warn_ratelimited(FW_WARN GHES_PFX
>  		"Invalid address in generic error data: %#llx\n",
>  		physical_addr);
> -		return false;
> +		return;
> +	}
> +
> +	if (flags == MF_ACTION_REQUIRED && current->mm) {
> +		twcb = kmalloc(sizeof(*twcb), GFP_ATOMIC);
> +		if (!twcb)
> +			return;

When this kmalloc() fails, the error event might be silently dropped?
If so, some warning messages could be helpful.

Thanks,
Naoya Horiguchi

> +
> +		twcb->pfn = pfn;
> +		twcb->flags = flags;
> +		init_task_work(&twcb->twork, memory_failure_cb);
> +		task_work_add(current, &twcb->twork, TWA_RESUME);
> +		return;
>  	}
>  
>  	memory_failure_queue(pfn, flags);
Shuai Xue March 16, 2023, 11:10 a.m. UTC | #2
On 2023/3/16 PM3:21, HORIGUCHI NAOYA(堀口 直也) wrote:
> On Mon, Feb 27, 2023 at 01:03:15PM +0800, Shuai Xue wrote:
>> Hardware errors could be signaled by synchronous interrupt, e.g.  when an
>> error is detected by a background scrubber, or signaled by synchronous
>> exception, e.g. when an uncorrected error is consumed. Both synchronous and
>> asynchronous error are queued and handled by a dedicated kthread in
>> workqueue.
>>
>> commit 7f17b4a121d0 ("ACPI: APEI: Kick the memory_failure() queue for
>> synchronous errors") keep track of whether memory_failure() work was
>> queued, and make task_work pending to flush out the workqueue so that the
>> work for synchronous error is processed before returning to user-space.
>> The trick ensures that the corrupted page is unmapped and poisoned. And
>> after returning to user-space, the task starts at current instruction which
>> triggering a page fault in which kernel will send SIGBUS to current process
>> due to VM_FAULT_HWPOISON.
>>
>> However, the memory failure recovery for hwpoison-aware mechanisms does not
>> work as expected. For example, hwpoison-aware user-space processes like
>> QEMU register their customized SIGBUS handler and enable early kill mode by
>> seting PF_MCE_EARLY at initialization. Then the kernel will directy notify
>> the process by sending a SIGBUS signal in memory failure with wrong
>> si_code: the actual user-space process accessing the corrupt memory
>> location, but its memory failure work is handled in a kthread context, so
>> it will send SIGBUS with BUS_MCEERR_AO si_code to the actual user-space
>> process instead of BUS_MCEERR_AR in kill_proc().
>>
>> To this end, separate synchronous and asynchronous error handling into
>> different paths like X86 platform does:
>>
>> - task work for synchronous errors.
>> - and workqueue for asynchronous errors.
>>
>> Then for synchronous errors, the current context in memory failure is
>> exactly belongs to the task consuming poison data and it will send SIBBUS
>> with proper si_code.
>>
>> Fixes: 7f17b4a121d0 ("ACPI: APEI: Kick the memory_failure() queue for synchronous errors")
>> Signed-off-by: Shuai Xue <xueshuai@linux.alibaba.com>
> ...
>>  
>>  /*
>> - * Called as task_work before returning to user-space.
>> - * Ensure any queued work has been done before we return to the context that
>> - * triggered the notification.
>> + * struct mce_task_work - for synchronous RAS event
> 
> This seems to handle synchronous memory errors, not limited to MCE?
> So naming this struct as such (more generally) might be better.

Yes. How about `sync_task_work`?

> 
>> + *
>> + * @twork:                callback_head for task work
>> + * @pfn:                  page frame number of corrupted page
>> + * @flags:                fine tune action taken
>> + *
>> + * Structure to pass task work to be handled before
>> + * ret_to_user via task_work_add().
>>   */
> ...
> 
>>  }
>>  
>> -static bool ghes_do_memory_failure(u64 physical_addr, int flags)
>> +static void ghes_do_memory_failure(u64 physical_addr, int flags)
>>  {
>>  	unsigned long pfn;
>> +	struct mce_task_work *twcb;
>>  
>>  	if (!IS_ENABLED(CONFIG_ACPI_APEI_MEMORY_FAILURE))
>> -		return false;
>> +		return;
>>  
>>  	pfn = PHYS_PFN(physical_addr);
>>  	if (!pfn_valid(pfn) && !arch_is_platform_page(physical_addr)) {
>>  		pr_warn_ratelimited(FW_WARN GHES_PFX
>>  		"Invalid address in generic error data: %#llx\n",
>>  		physical_addr);
>> -		return false;
>> +		return;
>> +	}
>> +
>> +	if (flags == MF_ACTION_REQUIRED && current->mm) {
>> +		twcb = kmalloc(sizeof(*twcb), GFP_ATOMIC);
>> +		if (!twcb)
>> +			return;
> 
> When this kmalloc() fails, the error event might be silently dropped?
> If so, some warning messages could be helpful.

Yes, I was going to add a warning messages like:

    pr_err("Failed to handle memory failure due to out of memory\n");

But got a warning about patch when checked by checkpatch.pl.

   WARNING: Possible unnecessary 'out of memory' message

I will add it back in next version :)

> 
> Thanks,
> Naoya Horiguchi

Thank you for your comments.

Cheer,
Shuai

> 
>> +
>> +		twcb->pfn = pfn;
>> +		twcb->flags = flags;
>> +		init_task_work(&twcb->twork, memory_failure_cb);
>> +		task_work_add(current, &twcb->twork, TWA_RESUME);
>> +		return;
>>  	}
>>  
>>  	memory_failure_queue(pfn, flags);
HORIGUCHI NAOYA(堀口 直也) March 17, 2023, 12:29 a.m. UTC | #3
On Thu, Mar 16, 2023 at 07:10:56PM +0800, Shuai Xue wrote:
> 
> 
> On 2023/3/16 PM3:21, HORIGUCHI NAOYA(堀口 直也) wrote:
> > On Mon, Feb 27, 2023 at 01:03:15PM +0800, Shuai Xue wrote:
> >> Hardware errors could be signaled by synchronous interrupt, e.g.  when an
> >> error is detected by a background scrubber, or signaled by synchronous
> >> exception, e.g. when an uncorrected error is consumed. Both synchronous and
> >> asynchronous error are queued and handled by a dedicated kthread in
> >> workqueue.
> >>
> >> commit 7f17b4a121d0 ("ACPI: APEI: Kick the memory_failure() queue for
> >> synchronous errors") keep track of whether memory_failure() work was
> >> queued, and make task_work pending to flush out the workqueue so that the
> >> work for synchronous error is processed before returning to user-space.
> >> The trick ensures that the corrupted page is unmapped and poisoned. And
> >> after returning to user-space, the task starts at current instruction which
> >> triggering a page fault in which kernel will send SIGBUS to current process
> >> due to VM_FAULT_HWPOISON.
> >>
> >> However, the memory failure recovery for hwpoison-aware mechanisms does not
> >> work as expected. For example, hwpoison-aware user-space processes like
> >> QEMU register their customized SIGBUS handler and enable early kill mode by
> >> seting PF_MCE_EARLY at initialization. Then the kernel will directy notify
> >> the process by sending a SIGBUS signal in memory failure with wrong
> >> si_code: the actual user-space process accessing the corrupt memory
> >> location, but its memory failure work is handled in a kthread context, so
> >> it will send SIGBUS with BUS_MCEERR_AO si_code to the actual user-space
> >> process instead of BUS_MCEERR_AR in kill_proc().
> >>
> >> To this end, separate synchronous and asynchronous error handling into
> >> different paths like X86 platform does:
> >>
> >> - task work for synchronous errors.
> >> - and workqueue for asynchronous errors.
> >>
> >> Then for synchronous errors, the current context in memory failure is
> >> exactly belongs to the task consuming poison data and it will send SIBBUS
> >> with proper si_code.
> >>
> >> Fixes: 7f17b4a121d0 ("ACPI: APEI: Kick the memory_failure() queue for synchronous errors")
> >> Signed-off-by: Shuai Xue <xueshuai@linux.alibaba.com>
> > ...
> >>  
> >>  /*
> >> - * Called as task_work before returning to user-space.
> >> - * Ensure any queued work has been done before we return to the context that
> >> - * triggered the notification.
> >> + * struct mce_task_work - for synchronous RAS event
> > 
> > This seems to handle synchronous memory errors, not limited to MCE?
> > So naming this struct as such (more generally) might be better.
> 
> Yes. How about `sync_task_work`?

Sounds better to me.

> 
> > 
> >> + *
> >> + * @twork:                callback_head for task work
> >> + * @pfn:                  page frame number of corrupted page
> >> + * @flags:                fine tune action taken
> >> + *
> >> + * Structure to pass task work to be handled before
> >> + * ret_to_user via task_work_add().
> >>   */
> > ...
> > 
> >>  }
> >>  
> >> -static bool ghes_do_memory_failure(u64 physical_addr, int flags)
> >> +static void ghes_do_memory_failure(u64 physical_addr, int flags)
> >>  {
> >>  	unsigned long pfn;
> >> +	struct mce_task_work *twcb;
> >>  
> >>  	if (!IS_ENABLED(CONFIG_ACPI_APEI_MEMORY_FAILURE))
> >> -		return false;
> >> +		return;
> >>  
> >>  	pfn = PHYS_PFN(physical_addr);
> >>  	if (!pfn_valid(pfn) && !arch_is_platform_page(physical_addr)) {
> >>  		pr_warn_ratelimited(FW_WARN GHES_PFX
> >>  		"Invalid address in generic error data: %#llx\n",
> >>  		physical_addr);
> >> -		return false;
> >> +		return;
> >> +	}
> >> +
> >> +	if (flags == MF_ACTION_REQUIRED && current->mm) {
> >> +		twcb = kmalloc(sizeof(*twcb), GFP_ATOMIC);
> >> +		if (!twcb)
> >> +			return;
> > 
> > When this kmalloc() fails, the error event might be silently dropped?
> > If so, some warning messages could be helpful.
> 
> Yes, I was going to add a warning messages like:
> 
>     pr_err("Failed to handle memory failure due to out of memory\n");
> 
> But got a warning about patch when checked by checkpatch.pl.
> 
>    WARNING: Possible unnecessary 'out of memory' message
> 
> I will add it back in next version :)

Oh, I didn't know about this warning.  I checked the commit log introduced
this meesages, and the justification makes sense to me. So I'd like to
withdraw my comment about this (I mean you don't have to add it back).

  commit ebfdc40969f24fc0cdd1349835d36e8ebae05374                            
  Author: Joe Perches <joe@perches.com>                                      
  Date:   Wed Aug 6 16:10:27 2014 -0700                                      
                                                                             
      checkpatch: attempt to find unnecessary 'out of memory' messages       
                                                                             
      Logging messages that show some type of "out of memory" error are      
      generally unnecessary as there is a generic message and a stack dump   
      done by the memory subsystem.                                          
                                                                             
      These messages generally increase kernel size without much added value.


Thanks,
Naoya Horiguchi
Shuai Xue March 17, 2023, 1:24 a.m. UTC | #4
On 2023/3/17 AM8:29, HORIGUCHI NAOYA(堀口 直也) wrote:
> On Thu, Mar 16, 2023 at 07:10:56PM +0800, Shuai Xue wrote:
>>
>>
>> On 2023/3/16 PM3:21, HORIGUCHI NAOYA(堀口 直也) wrote:
>>> On Mon, Feb 27, 2023 at 01:03:15PM +0800, Shuai Xue wrote:
>>>> Hardware errors could be signaled by synchronous interrupt, e.g.  when an
>>>> error is detected by a background scrubber, or signaled by synchronous
>>>> exception, e.g. when an uncorrected error is consumed. Both synchronous and
>>>> asynchronous error are queued and handled by a dedicated kthread in
>>>> workqueue.
>>>>
>>>> commit 7f17b4a121d0 ("ACPI: APEI: Kick the memory_failure() queue for
>>>> synchronous errors") keep track of whether memory_failure() work was
>>>> queued, and make task_work pending to flush out the workqueue so that the
>>>> work for synchronous error is processed before returning to user-space.
>>>> The trick ensures that the corrupted page is unmapped and poisoned. And
>>>> after returning to user-space, the task starts at current instruction which
>>>> triggering a page fault in which kernel will send SIGBUS to current process
>>>> due to VM_FAULT_HWPOISON.
>>>>
>>>> However, the memory failure recovery for hwpoison-aware mechanisms does not
>>>> work as expected. For example, hwpoison-aware user-space processes like
>>>> QEMU register their customized SIGBUS handler and enable early kill mode by
>>>> seting PF_MCE_EARLY at initialization. Then the kernel will directy notify
>>>> the process by sending a SIGBUS signal in memory failure with wrong
>>>> si_code: the actual user-space process accessing the corrupt memory
>>>> location, but its memory failure work is handled in a kthread context, so
>>>> it will send SIGBUS with BUS_MCEERR_AO si_code to the actual user-space
>>>> process instead of BUS_MCEERR_AR in kill_proc().
>>>>
>>>> To this end, separate synchronous and asynchronous error handling into
>>>> different paths like X86 platform does:
>>>>
>>>> - task work for synchronous errors.
>>>> - and workqueue for asynchronous errors.
>>>>
>>>> Then for synchronous errors, the current context in memory failure is
>>>> exactly belongs to the task consuming poison data and it will send SIBBUS
>>>> with proper si_code.
>>>>
>>>> Fixes: 7f17b4a121d0 ("ACPI: APEI: Kick the memory_failure() queue for synchronous errors")
>>>> Signed-off-by: Shuai Xue <xueshuai@linux.alibaba.com>
>>> ...
>>>>  
>>>>  /*
>>>> - * Called as task_work before returning to user-space.
>>>> - * Ensure any queued work has been done before we return to the context that
>>>> - * triggered the notification.
>>>> + * struct mce_task_work - for synchronous RAS event
>>>
>>> This seems to handle synchronous memory errors, not limited to MCE?
>>> So naming this struct as such (more generally) might be better.
>>
>> Yes. How about `sync_task_work`?
> 
> Sounds better to me.

Fine, I will change it in next version.

>>
>>>
>>>> + *
>>>> + * @twork:                callback_head for task work
>>>> + * @pfn:                  page frame number of corrupted page
>>>> + * @flags:                fine tune action taken
>>>> + *
>>>> + * Structure to pass task work to be handled before
>>>> + * ret_to_user via task_work_add().
>>>>   */
>>> ...
>>>
>>>>  }
>>>>  
>>>> -static bool ghes_do_memory_failure(u64 physical_addr, int flags)
>>>> +static void ghes_do_memory_failure(u64 physical_addr, int flags)
>>>>  {
>>>>  	unsigned long pfn;
>>>> +	struct mce_task_work *twcb;
>>>>  
>>>>  	if (!IS_ENABLED(CONFIG_ACPI_APEI_MEMORY_FAILURE))
>>>> -		return false;
>>>> +		return;
>>>>  
>>>>  	pfn = PHYS_PFN(physical_addr);
>>>>  	if (!pfn_valid(pfn) && !arch_is_platform_page(physical_addr)) {
>>>>  		pr_warn_ratelimited(FW_WARN GHES_PFX
>>>>  		"Invalid address in generic error data: %#llx\n",
>>>>  		physical_addr);
>>>> -		return false;
>>>> +		return;
>>>> +	}
>>>> +
>>>> +	if (flags == MF_ACTION_REQUIRED && current->mm) {
>>>> +		twcb = kmalloc(sizeof(*twcb), GFP_ATOMIC);
>>>> +		if (!twcb)
>>>> +			return;
>>>
>>> When this kmalloc() fails, the error event might be silently dropped?
>>> If so, some warning messages could be helpful.
>>
>> Yes, I was going to add a warning messages like:
>>
>>     pr_err("Failed to handle memory failure due to out of memory\n");
>>
>> But got a warning about patch when checked by checkpatch.pl.
>>
>>    WARNING: Possible unnecessary 'out of memory' message
>>
>> I will add it back in next version :)
> 
> Oh, I didn't know about this warning.  I checked the commit log introduced
> this meesages, and the justification makes sense to me. So I'd like to
> withdraw my comment about this (I mean you don't have to add it back).
> 
>   commit ebfdc40969f24fc0cdd1349835d36e8ebae05374                            
>   Author: Joe Perches <joe@perches.com>                                      
>   Date:   Wed Aug 6 16:10:27 2014 -0700                                      
>                                                                              
>       checkpatch: attempt to find unnecessary 'out of memory' messages       
>                                                                              
>       Logging messages that show some type of "out of memory" error are      
>       generally unnecessary as there is a generic message and a stack dump   
>       done by the memory subsystem.                                          
>                                                                              
>       These messages generally increase kernel size without much added value.

Haha, that's exactly the patch I was referring to (Sorry for forgetting to
attach a link in last reply). So I will not add the warning messages back.

> 
> Thanks,
> Naoya Horiguchi

Thank you for comments.

Cheers.
Shuai
diff mbox series

Patch

diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c
index 5d37fb4bca67..b2fe309f395c 100644
--- a/drivers/acpi/apei/ghes.c
+++ b/drivers/acpi/apei/ghes.c
@@ -451,45 +451,79 @@  static void ghes_clear_estatus(struct ghes *ghes,
 }
 
 /*
- * Called as task_work before returning to user-space.
- * Ensure any queued work has been done before we return to the context that
- * triggered the notification.
+ * struct mce_task_work - for synchronous RAS event
+ *
+ * @twork:                callback_head for task work
+ * @pfn:                  page frame number of corrupted page
+ * @flags:                fine tune action taken
+ *
+ * Structure to pass task work to be handled before
+ * ret_to_user via task_work_add().
  */
-static void ghes_kick_task_work(struct callback_head *head)
+struct mce_task_work {
+	struct callback_head twork;
+	u64 pfn;
+	int flags;
+};
+
+static void memory_failure_cb(struct callback_head *twork)
 {
-	struct acpi_hest_generic_status *estatus;
-	struct ghes_estatus_node *estatus_node;
-	u32 node_len;
+	int ret;
+	struct mce_task_work *twcb =
+		container_of(twork, struct mce_task_work, twork);
 
-	estatus_node = container_of(head, struct ghes_estatus_node, task_work);
-	if (IS_ENABLED(CONFIG_ACPI_APEI_MEMORY_FAILURE))
-		memory_failure_queue_kick(estatus_node->task_work_cpu);
+	ret = memory_failure(twcb->pfn, twcb->flags);
+	kfree(twcb);
 
-	estatus = GHES_ESTATUS_FROM_NODE(estatus_node);
-	node_len = GHES_ESTATUS_NODE_LEN(cper_estatus_len(estatus));
-	gen_pool_free(ghes_estatus_pool, (unsigned long)estatus_node, node_len);
+	if (!ret)
+		return;
+
+	/*
+	 * -EHWPOISON from memory_failure() means that it already sent SIGBUS
+	 * to the current process with the proper error info,
+	 * -EOPNOTSUPP means hwpoison_filter() filtered the error event,
+	 *
+	 * In both cases, no further processing is required.
+	 */
+	if (ret == -EHWPOISON || ret == -EOPNOTSUPP)
+		return;
+
+	pr_err("Memory error not recovered");
+	force_sig(SIGBUS);
 }
 
-static bool ghes_do_memory_failure(u64 physical_addr, int flags)
+static void ghes_do_memory_failure(u64 physical_addr, int flags)
 {
 	unsigned long pfn;
+	struct mce_task_work *twcb;
 
 	if (!IS_ENABLED(CONFIG_ACPI_APEI_MEMORY_FAILURE))
-		return false;
+		return;
 
 	pfn = PHYS_PFN(physical_addr);
 	if (!pfn_valid(pfn) && !arch_is_platform_page(physical_addr)) {
 		pr_warn_ratelimited(FW_WARN GHES_PFX
 		"Invalid address in generic error data: %#llx\n",
 		physical_addr);
-		return false;
+		return;
+	}
+
+	if (flags == MF_ACTION_REQUIRED && current->mm) {
+		twcb = kmalloc(sizeof(*twcb), GFP_ATOMIC);
+		if (!twcb)
+			return;
+
+		twcb->pfn = pfn;
+		twcb->flags = flags;
+		init_task_work(&twcb->twork, memory_failure_cb);
+		task_work_add(current, &twcb->twork, TWA_RESUME);
+		return;
 	}
 
 	memory_failure_queue(pfn, flags);
-	return true;
 }
 
-static bool ghes_handle_memory_failure(struct acpi_hest_generic_data *gdata,
+static void ghes_handle_memory_failure(struct acpi_hest_generic_data *gdata,
 				       int sev, bool sync)
 {
 	int flags = -1;
@@ -497,7 +531,7 @@  static bool ghes_handle_memory_failure(struct acpi_hest_generic_data *gdata,
 	struct cper_sec_mem_err *mem_err = acpi_hest_get_payload(gdata);
 
 	if (!(mem_err->validation_bits & CPER_MEM_VALID_PA))
-		return false;
+		return;
 
 	/* iff following two events can be handled properly by now */
 	if (sec_sev == GHES_SEV_CORRECTED &&
@@ -507,16 +541,15 @@  static bool ghes_handle_memory_failure(struct acpi_hest_generic_data *gdata,
 		flags = sync ? MF_ACTION_REQUIRED : 0;
 
 	if (flags != -1)
-		return ghes_do_memory_failure(mem_err->physical_addr, flags);
+		ghes_do_memory_failure(mem_err->physical_addr, flags);
 
-	return false;
+	return;
 }
 
-static bool ghes_handle_arm_hw_error(struct acpi_hest_generic_data *gdata,
+static void ghes_handle_arm_hw_error(struct acpi_hest_generic_data *gdata,
 				       int sev, bool sync)
 {
 	struct cper_sec_proc_arm *err = acpi_hest_get_payload(gdata);
-	bool queued = false;
 	int sec_sev, i;
 	char *p;
 	int flags = sync ? MF_ACTION_REQUIRED : 0;
@@ -525,7 +558,7 @@  static bool ghes_handle_arm_hw_error(struct acpi_hest_generic_data *gdata,
 
 	sec_sev = ghes_severity(gdata->error_severity);
 	if (sev != GHES_SEV_RECOVERABLE || sec_sev != GHES_SEV_RECOVERABLE)
-		return false;
+		return;
 
 	p = (char *)(err + 1);
 	for (i = 0; i < err->err_info_num; i++) {
@@ -541,7 +574,7 @@  static bool ghes_handle_arm_hw_error(struct acpi_hest_generic_data *gdata,
 		 * and don't filter out 'corrected' error here.
 		 */
 		if (is_cache && has_pa) {
-			queued = ghes_do_memory_failure(err_info->physical_fault_addr, flags);
+			ghes_do_memory_failure(err_info->physical_fault_addr, flags);
 			p += err_info->length;
 			continue;
 		}
@@ -554,8 +587,6 @@  static bool ghes_handle_arm_hw_error(struct acpi_hest_generic_data *gdata,
 				    error_type);
 		p += err_info->length;
 	}
-
-	return queued;
 }
 
 /*
@@ -653,7 +684,7 @@  static void ghes_defer_non_standard_event(struct acpi_hest_generic_data *gdata,
 	schedule_work(&entry->work);
 }
 
-static bool ghes_do_proc(struct ghes *ghes,
+static void ghes_do_proc(struct ghes *ghes,
 			 const struct acpi_hest_generic_status *estatus)
 {
 	int sev, sec_sev;
@@ -661,7 +692,6 @@  static bool ghes_do_proc(struct ghes *ghes,
 	guid_t *sec_type;
 	const guid_t *fru_id = &guid_null;
 	char *fru_text = "";
-	bool queued = false;
 	bool sync = is_hest_sync_notify(ghes);
 
 	sev = ghes_severity(estatus->error_severity);
@@ -680,13 +710,13 @@  static bool ghes_do_proc(struct ghes *ghes,
 			atomic_notifier_call_chain(&ghes_report_chain, sev, mem_err);
 
 			arch_apei_report_mem_error(sev, mem_err);
-			queued = ghes_handle_memory_failure(gdata, sev, sync);
+			ghes_handle_memory_failure(gdata, sev, sync);
 		}
 		else if (guid_equal(sec_type, &CPER_SEC_PCIE)) {
 			ghes_handle_aer(gdata);
 		}
 		else if (guid_equal(sec_type, &CPER_SEC_PROC_ARM)) {
-			queued = ghes_handle_arm_hw_error(gdata, sev, sync);
+			ghes_handle_arm_hw_error(gdata, sev, sync);
 		} else {
 			void *err = acpi_hest_get_payload(gdata);
 
@@ -696,8 +726,6 @@  static bool ghes_do_proc(struct ghes *ghes,
 					       gdata->error_data_length);
 		}
 	}
-
-	return queued;
 }
 
 static void __ghes_print_estatus(const char *pfx,
@@ -999,9 +1027,7 @@  static void ghes_proc_in_irq(struct irq_work *irq_work)
 	struct ghes_estatus_node *estatus_node;
 	struct acpi_hest_generic *generic;
 	struct acpi_hest_generic_status *estatus;
-	bool task_work_pending;
 	u32 len, node_len;
-	int ret;
 
 	llnode = llist_del_all(&ghes_estatus_llist);
 	/*
@@ -1016,25 +1042,14 @@  static void ghes_proc_in_irq(struct irq_work *irq_work)
 		estatus = GHES_ESTATUS_FROM_NODE(estatus_node);
 		len = cper_estatus_len(estatus);
 		node_len = GHES_ESTATUS_NODE_LEN(len);
-		task_work_pending = ghes_do_proc(estatus_node->ghes, estatus);
+		ghes_do_proc(estatus_node->ghes, estatus);
 		if (!ghes_estatus_cached(estatus)) {
 			generic = estatus_node->generic;
 			if (ghes_print_estatus(NULL, generic, estatus))
 				ghes_estatus_cache_add(generic, estatus);
 		}
-
-		if (task_work_pending && current->mm) {
-			estatus_node->task_work.func = ghes_kick_task_work;
-			estatus_node->task_work_cpu = smp_processor_id();
-			ret = task_work_add(current, &estatus_node->task_work,
-					    TWA_RESUME);
-			if (ret)
-				estatus_node->task_work.func = NULL;
-		}
-
-		if (!estatus_node->task_work.func)
-			gen_pool_free(ghes_estatus_pool,
-				      (unsigned long)estatus_node, node_len);
+		gen_pool_free(ghes_estatus_pool, (unsigned long)estatus_node,
+			      node_len);
 
 		llnode = next;
 	}
@@ -1095,7 +1110,6 @@  static int ghes_in_nmi_queue_one_entry(struct ghes *ghes,
 
 	estatus_node->ghes = ghes;
 	estatus_node->generic = ghes->generic;
-	estatus_node->task_work.func = NULL;
 	estatus = GHES_ESTATUS_FROM_NODE(estatus_node);
 
 	if (__ghes_read_estatus(estatus, buf_paddr, fixmap_idx, len)) {
diff --git a/include/acpi/ghes.h b/include/acpi/ghes.h
index 3c8bba9f1114..e5e0c308d27f 100644
--- a/include/acpi/ghes.h
+++ b/include/acpi/ghes.h
@@ -35,9 +35,6 @@  struct ghes_estatus_node {
 	struct llist_node llnode;
 	struct acpi_hest_generic *generic;
 	struct ghes *ghes;
-
-	int task_work_cpu;
-	struct callback_head task_work;
 };
 
 struct ghes_estatus_cache {
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index a1ede7bdce95..d4fd983dfc97 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -2355,19 +2355,6 @@  static void memory_failure_work_func(struct work_struct *work)
 	}
 }
 
-/*
- * Process memory_failure work queued on the specified CPU.
- * Used to avoid return-to-userspace racing with the memory_failure workqueue.
- */
-void memory_failure_queue_kick(int cpu)
-{
-	struct memory_failure_cpu *mf_cpu;
-
-	mf_cpu = &per_cpu(memory_failure_cpu, cpu);
-	cancel_work_sync(&mf_cpu->work);
-	memory_failure_work_func(&mf_cpu->work);
-}
-
 static int __init memory_failure_init(void)
 {
 	struct memory_failure_cpu *mf_cpu;