15 Aug, 2008
2 commits
-
Add error check after all calls to acpi_ns_get_pathname_length.
Add status return from acpi_ns_build_external_path and check after
all calls. Add parameter validation to acpi_ut_initialize_buffer.Reported by and initial patch by Ingo Molnar.
http://lkml.org/lkml/2008/7/21/176Signed-off-by: Bob Moore
Signed-off-by: Lin Ming
Signed-off-by: Andi Kleen -
Fixes a possible memory leak when thermal and processor objects
are deleted. Any associated notify handlers (and objects) were
not being deleted. Fiodor Suietov. BZ 506http://www.acpica.org/bugzilla/show_bug.cgi?id=506
Signed-off-by: Fiodor Suietov
Signed-off-by: Bob Moore
Signed-off-by: Lin Ming
Signed-off-by: Andi Kleen
22 Jul, 2008
1 commit
-
-tip testing found the following boot crash on 32-bit x86 (Core2Duo
laptop) yesterday:[ 5.606664] scsi4 : ata_piix
[ 5.606664] scsi5 : ata_piix
[ 5.606664] ACPI Error (psargs-0358): [\_SB_.PCI0.LPC_.EC__.BSTA] Namespace lookup failure, AE_NOT_FOUND
[ 5.606664] ACPI Error (psparse-0530): ACPI Error (nsnames-0186): Invalid NS Node (f7c0e960) while traversing path [20080609]
[ 5.606664] BUG: unable to handle kernel NULL pointer dereference at 0000000f
[ 5.606664] IP: [] acpi_ns_build_external_path+0x1f/0x80
[ 5.609997] *pdpt = 0000000000a03001 *pde = 0000000000000000
[ 5.609997] Oops: 0002 [#1] SMP
[ 5.609997]
[ 5.609997] Pid: 1, comm: swapper Not tainted (2.6.26-tip-03965-gbbfb62e-dirty #3153)
[ 5.609997] EIP: 0060:[] EFLAGS: 00010286 CPU: 0
[ 5.609997] EIP is at acpi_ns_build_external_path+0x1f/0x80
[ 5.609997] EAX: f7c18c18 EBX: ffffffff ECX: 00000010 EDX: 00000000
[ 5.609997] ESI: f7c18c18 EDI: 00000010 EBP: f7c4dc28 ESP: f7c4dc18
[ 5.609997] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[ 5.609997] Process swapper (pid: 1, ti=f7c4c000 task=f7c50000 task.ti=f7c4c000)
[ 5.609997] Stack: 00000000 00000000 f7c18c18 f7c4dc48 f7c4dc40 80339ed0 00000000 f7c18c18
[ 5.609997] 8084c1b6 8084c1b6 f7c4dc58 8033a60a 00000000 00000010 00000000 f7c18c18
[ 5.609997] f7c4dc70 8033a68f f7c18c18 00000000 f6de7600 00000005 f7c4dc98 8033c34d
[ 5.609997] Call Trace:
[ 5.609997] [] ? acpi_ns_handle_to_pathname+0x40/0x72
[ 5.609997] [] ? acpi_ns_print_node_pathname+0x2c/0x61
[ 5.609997] [] ? acpi_ns_report_method_error+0x50/0x6d
[ 5.609997] [] ? acpi_ps_parse_aml+0x149/0x2f9
[ 5.609997] [] ? acpi_ps_execute_method+0x132/0x201
[ 5.609997] [] ? acpi_ns_evaluate+0x1ad/0x258
[ 5.609997] [] ? acpi_ut_evaluate_object+0x55/0x18f
[ 5.609997] [] ? acpi_ut_execute_STA+0x22/0x7a
[ 5.609997] [] ? acpi_get_object_info+0x131/0x1be
[ 5.609997] [] ? do_acpi_find_child+0x22/0x4b
[ 5.609997] [] ? acpi_ns_walk_namespace+0xa5/0x124
[ 5.609997] [] ? acpi_walk_namespace+0x54/0x74
[ 5.609997] [] ? do_acpi_find_child+0x0/0x4b
[ 5.609997] [] ? acpi_get_child+0x38/0x43
[ 5.609997] [] ? do_acpi_find_child+0x0/0x4b
[ 5.609997] [] ? ata_acpi_associate+0xb5/0x1b5
[ 5.609997] [] ? ata_scsi_add_hosts+0x8e/0xdc
[ 5.609997] [] ? ata_host_register+0x9f/0x1d6
[ 5.609997] [] ? ata_pci_sff_activate_host+0x179/0x19f
[ 5.609997] [] ? ata_sff_interrupt+0x0/0x1c7
[ 5.609997] [] ? piix_init_one+0x569/0x5b0
[ 5.609997] [] ? sysfs_ilookup_test+0x0/0x11
[ 5.609997] [] ? ilookup5_nowait+0x29/0x30
[ 5.609997] [] ? pci_match_device+0x99/0xa3
[ 5.609997] [] ? pci_device_probe+0x39/0x59
[ 5.609997] [] ? driver_probe_device+0xa0/0x11b
[ 5.609997] [] ? __driver_attach+0x3a/0x59
[ 5.609997] [] ? bus_for_each_dev+0x36/0x58
[ 5.609997] [] ? driver_attach+0x14/0x16
[ 5.609997] [] ? __driver_attach+0x0/0x59
[ 5.609997] [] ? bus_add_driver+0x93/0x196
[ 5.609997] [] ? driver_register+0x71/0xcd
[ 5.609997] [] ? __pci_register_driver+0x3f/0x6e
[ 5.609997] [] ? piix_init+0x14/0x24
[ 5.609997] [] ? kernel_init+0x128/0x269
[ 5.609997] [] ? piix_init+0x0/0x24
[ 5.609997] [] ? trace_hardirqs_on_thunk+0xc/0x10
[ 5.609997] [] ? restore_nocheck_notrace+0x0/0xe
[ 5.609997] [] ? kernel_init+0x0/0x269
[ 5.609997] [] ? kernel_init+0x0/0x269
[ 5.609997] [] ? kernel_thread_helper+0x7/0x10
[ 5.609997] =======================
[ 5.609997] Code: 75 02 b3 01 8d 43 01 8b 5d fc c9 c3 55 89 e5 57 89 cf 56 53 89 d3 4b 83 ec 04 83 fb 03 89 55 f0 77 09 c6 01 5c c6 41 01 00 eb 59 04 19 00 8b 55 f0 8d 34 11 89 c2 eb 19 8b 42 08 83 eb 05 89
[ 5.609997] EIP: [] acpi_ns_build_external_path+0x1f/0x80 SS:ESP 0068:f7c4dc18
[ 5.613331] Kernel panic - not syncing: Fatal exception
[ 5.613331] Rebooting in 1 seconds..[ 4.646664] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)I have bisected it down to:
# bad: [5b664cbe] Merge branch 'upstream-linus' of git://git.kernel.
# good: [bce7f795] Linux 2.6.26
# good: [e18425ab] Merge branch 'tracing/for-linus' of git://git.kern
# good: [cadc7236] Merge branch 'bkl-removal' into next
# good: [4515889a] Merge branch 'merge' of git://git.kernel.org/pub/s
# good: [42fdd14e] Merge git://git.kernel.org/pub/scm/linux/kernel/gi
# good: [8a0ca91f] Merge branch 'for-linus' of git://git.kernel.org/p
# bad: [0af4b8cb] ACPI: Introduce new device wakeup flag 'prepared'
# good: [fe997407] PCI: construct one fakephp slot per PCI slot
# bad: [531f254a] PCIE: aer: use dev_printk when possible
# bad: [15650a20] x86/PCI: fixup early quirk probing
# good: [0e6859d9] ACPI PM: Remove obsolete Toshiba workaround
# bad: [8344b566] PCI: ACPI PCI slot detection driver
# good: [f46753c9] PCI: introduce pci_slot| 8344b568f5bdc7ee1bba909de3294c6348c36056 is first bad commit
| commit 8344b568f5bdc7ee1bba909de3294c6348c36056
| Author: Alex Chiang
| Date: Tue Jun 10 15:30:42 2008 -0600
|
| PCI: ACPI PCI slot detection driver
|
| Detect all physical PCI slots as described by ACPI, and create entries in
| /sys/bus/pci/slots/.I.e. the new CONFIG_ACPI_PCI_SLOT=y option was causing this crash.
But the bug is not mainly in this new PCI code - that code was just
hitting the ACPI code in a new way which made ACPI break.The crash signature shows that we are crashing on this instruction:
movb $0x0, (%ecx, %ebx, 1)
ECX and EBX are 0x10 and -1. It's this line in
drivers/acpi/namespace/nsnames.c's acpi_ns_build_external_path():name_buffer[index] = 0;
I.e. name_buffer is 0x10 and index is -1.
index -1 corresponds to size 0, and name_buffer 0x10 is slab's
ZERO_SIZE_PTR special-case for zero-sized allocations.I.e. when we called acpi_ns_handle_to_pathname(), we got required_size
of 0 due to an error condition, but this is passed to the ACPI allocator
unconditionally:required_size = acpi_ns_get_pathname_length(node);
/* Validate/Allocate/Clear caller buffer */
status = acpi_ut_initialize_buffer(buffer, required_size);
if (ACPI_FAILURE(status)) {
return_ACPI_STATUS(status);
}Where acpi_ut_initialize_buffer(), through many (unnecessary) layers,
ends up calling kzalloc(0). Which returns 0x10 and that then causes the
crash later on.So fix both callers of acpi_ns_get_pathname_length(), which can return 0
in case of an invalid node.Also add a WARN_ON() against zero sized allocations in
acpi_ut_initialize_buffer() to make it easier to find similar instances
of this bug.I have tested this patch for the past 24 hours and the crash has not
reappeared.Signed-off-by: Ingo Molnar
Signed-off-by: Andi Kleen
17 Jul, 2008
5 commits
-
Loop was terminating one iteration early, missing one of the
debugger handshake mutexes. Linn Crosetto.Signed-off-by: Bob Moore
Signed-off-by: Lin Ming
Signed-off-by: Len Brown
Signed-off-by: Andi Kleen -
Mostly MODULE_NAME and printf format strings.
Signed-off-by: Bob Moore
Signed-off-by: Lin Ming
Signed-off-by: Len Brown
Signed-off-by: Andi Kleen -
No longer needed; replaced mostly with u32, but also acpi_size
where a type that changes 32/64 bit on 32/64-bit platforms is
required.v2: Fix a cast of a 32-bit int to a pointer in ACPI to avoid a compiler warning.
from David HowellsSigned-off-by: Bob Moore
Signed-off-by: Lin Ming
Signed-off-by: Len Brown
Signed-off-by: Andi Kleen -
Added NULL fields to the exception string arrays to eliminate
the -1 subtraction on the SubStatus field.Signed-off-by: Bob Moore
Signed-off-by: Lin Ming
Signed-off-by: Len Brown
Signed-off-by: Andi Kleen -
Fixes problem where the new method argument count validation mechanism
will enter an infinite loop when a GPE method is dispatched.
Problem fixed be removing the obsolete code that passes GPE block
information to the notify handler via the control method parameter pointer.Signed-off-by: Bob Moore
Signed-off-by: Lin Ming
Signed-off-by: Len Brown
Signed-off-by: Andi Kleen
12 Jun, 2008
1 commit
-
Signed-off-by: Len Brown
01 May, 2008
1 commit
-
…-9916', 'ec', 'eeepc', 'idle', 'misc', 'pm-legacy', 'sysfs-links-2.6.26', 'thermal', 'thinkpad' and 'video' into release
25 Apr, 2008
1 commit
-
GPE could try to access EC region, so should not be enabled before
EC is installedhttp://bugzilla.kernel.org/show_bug.cgi?id=9916
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown
24 Apr, 2008
1 commit
-
Signed-off-by: Len Brown
23 Apr, 2008
15 commits
-
Implemented several changes for Notify handling: Added support
for new Notify values (ACPI 2.0+) and improved the Notify debug
output. Notify on PowerResource objects is no longer allowed,
as per the ACPI specification.Signed-off-by: Zhang Rui
Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown -
All Reference Objects returned via the AcpiEvaluteObject interface
are now marked as type "REFERENCE" instead of "ANY". The type ANY
is now reservered for NULL objects - either NULL package elements
or unresolved named references.Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Lin Ming
Signed-off-by: Len Brown -
Fixed problem where NULL package elements were not returned to
the AcpiEvaluateObject interface correctly. Instead of returning a
NULL ACPI_OBJECT package element, the element was simply ignored,
potentially causing a buffer overflow and/or confusing the caller
who expected a fixed number of elements.http://bugzilla.kernel.org/show_bug.cgi?id=10132
Signed-off-by: Lin Ming
Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown -
Fixed a problem where buffer and package objects passed as
arguments to a control method via the external AcpiEvaluateObject
interface could cause an AE_AML_INTERNAL exception depending on the
order and type of operators executed by the target control method.Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown -
New messages for the 2 AE_SUPPORT cases.
Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown -
Added missing va_end statements that should correspond with each
va_start statement.Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown -
Implemented support for the use of DDBHandles as an Indexed
Reference, as per the ACPI spec.http://www.acpica.org/bugzilla/show_bug.cgi?id=486.
Implemented support for UserTerm (Method invocation) for the Unload operator
as per the ACPI spec.http://www.acpica.org/bugzilla/show_bug.cgi?id=580
Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown -
Previously, only constants were supported, now any TermArg may
be used.http://www.acpica.org/bugzilla/show_bug.cgi?id=387
http://www.acpica.org/bugzilla/show_bug.cgi?id=393Signed-off-by: Lin Ming
Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown -
On some compilers, the ShortDivide function worked incorrectly,
causing problems with the BCD functions with large input
values. (Truncation from 64-bit to 32-bit occurred.) Internal
http://www.acpica.org/bugzilla/show_bug.cgi?id=435Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown -
Lint changes, fix compiler warnings, etc.
Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown -
Problem introduced in fix for Package references.
Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown -
Fixed a problem with the Load operator when loading a table from
a buffer object. The input buffer was prematurely zeroed and/or
deleted.http://www.acpica.org/bugzilla/show_bug.cgi?id=577
Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown -
Designed and implemented new external interfaces to install and
remove handlers for ACPI table-related events. Current events that
are defined are LOAD and UNLOAD. These interfaces allow the host to
track ACPI tables as they are dynamically loaded and unloaded. See
AcpiInstallTableHandler and AcpiRemoveTableHandler.Signed-off-by: Lin Ming
Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown -
Implemented support to allow multiple files to be
compiled/disassembled in a single invocation. This includes
command line wildcard support for both the Windows and Unix
versions of the compiler. This feature simplifies the disassembly
and compilation of multiple ACPI tables in a single directory.Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown -
Allows AcpiAcquireGlobalLock external interface to be called
multiple times by the
same thread. Allows use of AML fields that require the global
lock while the running AML is already holding the global lock.Signed-off-by: Bob Moore
Signed-off-by: Alexey Starikovskiy
Signed-off-by: Len Brown
13 Mar, 2008
1 commit
-
…toshiba' into release
11 Mar, 2008
2 commits
-
__FUNCTION__ is gcc-specific, use __func__
Signed-off-by: Harvey Harrison
Signed-off-by: Len Brown -
Fix a memory overflow bug when copying
NULL internal package element object to external.http://bugzilla.kernel.org/show_bug.cgi?id=10132
Signed-off-by: Lin Ming
Signed-off-by: Zhang Rui
Signed-off-by: Len Brown
07 Feb, 2008
1 commit
-
See Documentation/ABI/testing/sysfs-firmware-acpi
Based-on-original-patch-by: Luming Yu
Acked-by: Greg Kroah-Hartman
Signed-off-by: Len Brown
03 Feb, 2008
1 commit
-
Signed-off-by: Joe Perches
Signed-off-by: Adrian Bunk
25 Aug, 2007
1 commit
-
Dump the stack so we can find the secretive caller to acpi_format_exception().
Signed-off-by: Andrew Morton
Signed-off-by: Len Brown
24 Jul, 2007
1 commit
-
Define standardized HIDs - Rename current acpi_device_id to acpica_device_id
Signed-off-by: Thomas Renninger
Signed-off-by: Len Brown
22 Jul, 2007
1 commit
03 Jul, 2007
1 commit
-
Latest update for the Windows strings, with comments. Removed
unused strings.Signed-off-by: Bob Moore
Signed-off-by: Len Brown
18 Jun, 2007
1 commit
-
In the routine acpi_ut_create_package_object(), if the
ACPI_ALLOCATE_ZEROED() fails then ACPI_FREE(package_desc) is called as
part of the cleanup. This should instead be
acpi_ut_remove_reference(package_desc) in order to remove the reference
acquired from acpi_ut_create_internal_object() [see the routine
acpi_ut_create_buffer_object() as an example of proper functionality].Signed-off-by: Myron Stowe
Signed-off-by: Len Brown
02 Jun, 2007
2 commits
-
Implemented support to allow Package objects to be passed as
method arguments to the acpi_evaluate_object interface. Previously,
this would return an AE_NOT_IMPLEMENTED exception.Signed-off-by: Bob Moore
Signed-off-by: Len Brown
30 May, 2007
1 commit
-
Add __init to:
acpi_initialize_subsystem() (and un-export it)
acpi_os_initialize()Add __initdata to:
acpi_osl_dmi_table[]Signed-off-by: Len Brown