2005-04-16 15:20:36 -07:00
/*******************************************************************************
*
* Module Name : nsnames - Name manipulation and search
*
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/*
2008-04-23 23:00:13 -04:00
* Copyright ( C ) 2000 - 2008 , Intel Corp .
2005-04-16 15:20:36 -07:00
* All rights reserved .
*
* Redistribution and use in source and binary forms , with or without
* modification , are permitted provided that the following conditions
* are met :
* 1. Redistributions of source code must retain the above copyright
* notice , this list of conditions , and the following disclaimer ,
* without modification .
* 2. Redistributions in binary form must reproduce at minimum a disclaimer
* substantially similar to the " NO WARRANTY " disclaimer below
* ( " Disclaimer " ) and any redistribution must be conditioned upon
* including a substantially similar Disclaimer requirement for further
* binary redistribution .
* 3. Neither the names of the above - listed copyright holders nor the names
* of any contributors may be used to endorse or promote products derived
* from this software without specific prior written permission .
*
* Alternatively , this software may be distributed under the terms of the
* GNU General Public License ( " GPL " ) version 2 as published by the Free
* Software Foundation .
*
* NO WARRANTY
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* " AS IS " AND ANY EXPRESS OR IMPLIED WARRANTIES , INCLUDING , BUT NOT
* LIMITED TO , THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED . IN NO EVENT SHALL THE COPYRIGHT
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL , EXEMPLARY , OR CONSEQUENTIAL
* DAMAGES ( INCLUDING , BUT NOT LIMITED TO , PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES ; LOSS OF USE , DATA , OR PROFITS ; OR BUSINESS INTERRUPTION )
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY , WHETHER IN CONTRACT ,
* STRICT LIABILITY , OR TORT ( INCLUDING NEGLIGENCE OR OTHERWISE ) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE , EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGES .
*/
# include <acpi/acpi.h>
2009-01-09 00:30:03 -05:00
# include "accommon.h"
# include "amlcode.h"
# include "acnamesp.h"
2005-04-16 15:20:36 -07:00
# define _COMPONENT ACPI_NAMESPACE
2005-08-05 00:44:28 -04:00
ACPI_MODULE_NAME ( " nsnames " )
2005-04-16 15:20:36 -07:00
/*******************************************************************************
*
* FUNCTION : acpi_ns_build_external_path
*
* PARAMETERS : Node - NS node whose pathname is needed
* Size - Size of the pathname
* * name_buffer - Where to return the pathname
*
2008-08-04 11:13:01 +08:00
* RETURN : Status
* Places the pathname into the name_buffer , in external format
2005-04-16 15:20:36 -07:00
* ( name segments separated by path separators )
*
* DESCRIPTION : Generate a full pathaname
*
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-08-04 11:13:01 +08:00
acpi_status
2005-08-05 00:44:28 -04:00
acpi_ns_build_external_path ( struct acpi_namespace_node * node ,
acpi_size size , char * name_buffer )
2005-04-16 15:20:36 -07:00
{
2005-08-05 00:44:28 -04:00
acpi_size index ;
struct acpi_namespace_node * parent_node ;
2005-04-16 15:20:36 -07:00
2006-01-13 16:22:00 -05:00
ACPI_FUNCTION_ENTRY ( ) ;
2005-04-16 15:20:36 -07:00
/* Special case for root */
index = size - 1 ;
if ( index < ACPI_NAME_SIZE ) {
name_buffer [ 0 ] = AML_ROOT_PREFIX ;
name_buffer [ 1 ] = 0 ;
2008-08-04 11:13:01 +08:00
return ( AE_OK ) ;
2005-04-16 15:20:36 -07:00
}
/* Store terminator byte, then build name backwards */
parent_node = node ;
name_buffer [ index ] = 0 ;
while ( ( index > ACPI_NAME_SIZE ) & & ( parent_node ! = acpi_gbl_root_node ) ) {
index - = ACPI_NAME_SIZE ;
/* Put the name into the buffer */
2005-08-05 00:44:28 -04:00
ACPI_MOVE_32_TO_32 ( ( name_buffer + index ) , & parent_node - > name ) ;
parent_node = acpi_ns_get_parent_node ( parent_node ) ;
2005-04-16 15:20:36 -07:00
/* Prefix name with the path separator */
index - - ;
name_buffer [ index ] = ACPI_PATH_SEPARATOR ;
}
/* Overwrite final separator with the root prefix character */
name_buffer [ index ] = AML_ROOT_PREFIX ;
if ( index ! = 0 ) {
2006-01-27 16:43:00 -05:00
ACPI_ERROR ( ( AE_INFO ,
2008-08-04 11:13:01 +08:00
" Could not construct external pathname; index=%X, size=%X, Path=%s " ,
2006-01-27 16:43:00 -05:00
( u32 ) index , ( u32 ) size , & name_buffer [ size ] ) ) ;
2008-08-04 11:13:01 +08:00
return ( AE_BAD_PARAMETER ) ;
2005-04-16 15:20:36 -07:00
}
2008-08-04 11:13:01 +08:00
return ( AE_OK ) ;
2005-04-16 15:20:36 -07:00
}
/*******************************************************************************
*
* FUNCTION : acpi_ns_get_external_pathname
*
2005-04-18 22:49:35 -04:00
* PARAMETERS : Node - Namespace node whose pathname is needed
2005-04-16 15:20:36 -07:00
*
* RETURN : Pointer to storage containing the fully qualified name of
* the node , In external format ( name segments separated by path
* separators . )
*
* DESCRIPTION : Used for debug printing in acpi_ns_search_table ( ) .
*
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-08-05 00:44:28 -04:00
char * acpi_ns_get_external_pathname ( struct acpi_namespace_node * node )
2005-04-16 15:20:36 -07:00
{
2008-08-04 11:13:01 +08:00
acpi_status status ;
2005-08-05 00:44:28 -04:00
char * name_buffer ;
acpi_size size ;
2005-04-16 15:20:36 -07:00
ACPI: ACPICA 20060421
Removed a device initialization optimization introduced in
20051216 where the _STA method was not run unless an _INI
was also present for the same device. This optimization
could cause problems because it could allow _INI methods
to be run within a not-present device subtree (If a
not-present device had no _INI, _STA would not be run,
the not-present status would not be discovered, and the
children of the device would be incorrectly traversed.)
Implemented a new _STA optimization where namespace
subtrees that do not contain _INI are identified and
ignored during device initialization. Selectively running
_STA can significantly improve boot time on large machines
(with assistance from Len Brown.)
Implemented support for the device initialization case
where the returned _STA flags indicate a device not-present
but functioning. In this case, _INI is not run, but the
device children are examined for presence, as per the
ACPI specification.
Implemented an additional change to the IndexField support
in order to conform to MS behavior. The value written to
the Index Register is not simply a byte offset, it is a
byte offset in units of the access width of the parent
Index Field. (Fiodor Suietov)
Defined and deployed a new OSL interface,
acpi_os_validate_address(). This interface is called during
the creation of all AML operation regions, and allows
the host OS to exert control over what addresses it will
allow the AML code to access. Operation Regions whose
addresses are disallowed will cause a runtime exception
when they are actually accessed (will not affect or abort
table loading.)
Defined and deployed a new OSL interface,
acpi_os_validate_interface(). This interface allows the host OS
to match the various "optional" interface/behavior strings
for the _OSI predefined control method as appropriate
(with assistance from Bjorn Helgaas.)
Restructured and corrected various problems in the
exception handling code paths within DsCallControlMethod
and DsTerminateControlMethod in dsmethod (with assistance
from Takayoshi Kochi.)
Modified the Linux source converter to ignore quoted string
literals while converting identifiers from mixed to lower
case. This will correct problems with the disassembler
and other areas where such strings must not be modified.
The ACPI_FUNCTION_* macros no longer require quotes around
the function name. This allows the Linux source converter
to convert the names, now that the converter ignores
quoted strings.
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2006-04-21 17:15:00 -04:00
ACPI_FUNCTION_TRACE_PTR ( ns_get_external_pathname , node ) ;
2005-04-16 15:20:36 -07:00
/* Calculate required buffer size based on depth below root */
2005-08-05 00:44:28 -04:00
size = acpi_ns_get_pathname_length ( node ) ;
acpi: fix crash in core ACPI code, triggered by CONFIG_ACPI_PCI_SLOT=y
-tip testing found the following boot crash on 32-bit x86 (Core2Duo
laptop) yesterday:
[ 5.606664] scsi4 : ata_piix
[ 5.606664] scsi5 : ata_piix
[ 5.606664] ACPI Error (psargs-0358): [\_SB_.PCI0.LPC_.EC__.BSTA] Namespace lookup failure, AE_NOT_FOUND
[ 5.606664] ACPI Error (psparse-0530): ACPI Error (nsnames-0186): Invalid NS Node (f7c0e960) while traversing path [20080609]
[ 5.606664] BUG: unable to handle kernel NULL pointer dereference at 0000000f
[ 5.606664] IP: [<80339e2f>] acpi_ns_build_external_path+0x1f/0x80
[ 5.609997] *pdpt = 0000000000a03001 *pde = 0000000000000000
[ 5.609997] Oops: 0002 [#1] SMP
[ 5.609997]
[ 5.609997] Pid: 1, comm: swapper Not tainted (2.6.26-tip-03965-gbbfb62e-dirty #3153)
[ 5.609997] EIP: 0060:[<80339e2f>] EFLAGS: 00010286 CPU: 0
[ 5.609997] EIP is at acpi_ns_build_external_path+0x1f/0x80
[ 5.609997] EAX: f7c18c18 EBX: ffffffff ECX: 00000010 EDX: 00000000
[ 5.609997] ESI: f7c18c18 EDI: 00000010 EBP: f7c4dc28 ESP: f7c4dc18
[ 5.609997] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[ 5.609997] Process swapper (pid: 1, ti=f7c4c000 task=f7c50000 task.ti=f7c4c000)
[ 5.609997] Stack: 00000000 00000000 f7c18c18 f7c4dc48 f7c4dc40 80339ed0 00000000 f7c18c18
[ 5.609997] 8084c1b6 8084c1b6 f7c4dc58 8033a60a 00000000 00000010 00000000 f7c18c18
[ 5.609997] f7c4dc70 8033a68f f7c18c18 00000000 f6de7600 00000005 f7c4dc98 8033c34d
[ 5.609997] Call Trace:
[ 5.609997] [<80339ed0>] ? acpi_ns_handle_to_pathname+0x40/0x72
[ 5.609997] [<8033a60a>] ? acpi_ns_print_node_pathname+0x2c/0x61
[ 5.609997] [<8033a68f>] ? acpi_ns_report_method_error+0x50/0x6d
[ 5.609997] [<8033c34d>] ? acpi_ps_parse_aml+0x149/0x2f9
[ 5.609997] [<8033d6dd>] ? acpi_ps_execute_method+0x132/0x201
[ 5.609997] [<80339d19>] ? acpi_ns_evaluate+0x1ad/0x258
[ 5.609997] [<803406c4>] ? acpi_ut_evaluate_object+0x55/0x18f
[ 5.609997] [<803408b7>] ? acpi_ut_execute_STA+0x22/0x7a
[ 5.609997] [<8033a907>] ? acpi_get_object_info+0x131/0x1be
[ 5.609997] [<80344bb2>] ? do_acpi_find_child+0x22/0x4b
[ 5.609997] [<8033b855>] ? acpi_ns_walk_namespace+0xa5/0x124
[ 5.609997] [<803394f3>] ? acpi_walk_namespace+0x54/0x74
[ 5.609997] [<80344b90>] ? do_acpi_find_child+0x0/0x4b
[ 5.609997] [<80344b85>] ? acpi_get_child+0x38/0x43
[ 5.609997] [<80344b90>] ? do_acpi_find_child+0x0/0x4b
[ 5.609997] [<804d0148>] ? ata_acpi_associate+0xb5/0x1b5
[ 5.609997] [<804c6ecb>] ? ata_scsi_add_hosts+0x8e/0xdc
[ 5.609997] [<804c40c8>] ? ata_host_register+0x9f/0x1d6
[ 5.609997] [<804cbc7f>] ? ata_pci_sff_activate_host+0x179/0x19f
[ 5.609997] [<804cdd45>] ? ata_sff_interrupt+0x0/0x1c7
[ 5.609997] [<8069b033>] ? piix_init_one+0x569/0x5b0
[ 5.609997] [<801bd400>] ? sysfs_ilookup_test+0x0/0x11
[ 5.609997] [<801987d7>] ? ilookup5_nowait+0x29/0x30
[ 5.609997] [<802efc7e>] ? pci_match_device+0x99/0xa3
[ 5.609997] [<802efd3c>] ? pci_device_probe+0x39/0x59
[ 5.609997] [<803bc4af>] ? driver_probe_device+0xa0/0x11b
[ 5.609997] [<803bc564>] ? __driver_attach+0x3a/0x59
[ 5.609997] [<803bbde3>] ? bus_for_each_dev+0x36/0x58
[ 5.609997] [<803bc354>] ? driver_attach+0x14/0x16
[ 5.609997] [<803bc52a>] ? __driver_attach+0x0/0x59
[ 5.609997] [<803bc161>] ? bus_add_driver+0x93/0x196
[ 5.609997] [<803bc773>] ? driver_register+0x71/0xcd
[ 5.609997] [<802eff05>] ? __pci_register_driver+0x3f/0x6e
[ 5.609997] [<809af7ff>] ? piix_init+0x14/0x24
[ 5.609997] [<80984568>] ? kernel_init+0x128/0x269
[ 5.609997] [<809af7eb>] ? piix_init+0x0/0x24
[ 5.609997] [<802e2758>] ? trace_hardirqs_on_thunk+0xc/0x10
[ 5.609997] [<80116aef>] ? restore_nocheck_notrace+0x0/0xe
[ 5.609997] [<80984440>] ? kernel_init+0x0/0x269
[ 5.609997] [<80984440>] ? kernel_init+0x0/0x269
[ 5.609997] [<80117d87>] ? kernel_thread_helper+0x7/0x10
[ 5.609997] =======================
[ 5.609997] Code: 75 02 b3 01 8d 43 01 8b 5d fc c9 c3 55 89 e5 57 89 cf 56 53 89 d3 4b 83 ec 04 83 fb 03 89 55 f0 77 09 c6 01 5c c6 41 01 00 eb 59 <c6> 04 19 00 8b 55 f0 8d 34 11 89 c2 eb 19 8b 42 08 83 eb 05 89
[ 5.609997] EIP: [<80339e2f>] acpi_ns_build_external_path+0x1f/0x80 SS:ESP 0068:f7c4dc18
[ 5.613331] Kernel panic - not syncing: Fatal exception
[ 5.613331] Rebooting in 1 seconds..[ 4.646664] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
I have bisected it down to:
# bad: [5b664cbe] Merge branch 'upstream-linus' of git://git.kernel.
# good: [bce7f795] Linux 2.6.26
# good: [e18425ab] Merge branch 'tracing/for-linus' of git://git.kern
# good: [cadc7236] Merge branch 'bkl-removal' into next
# good: [4515889a] Merge branch 'merge' of git://git.kernel.org/pub/s
# good: [42fdd14e] Merge git://git.kernel.org/pub/scm/linux/kernel/gi
# good: [8a0ca91f] Merge branch 'for-linus' of git://git.kernel.org/p
# bad: [0af4b8cb] ACPI: Introduce new device wakeup flag 'prepared'
# good: [fe997407] PCI: construct one fakephp slot per PCI slot
# bad: [531f254a] PCIE: aer: use dev_printk when possible
# bad: [15650a20] x86/PCI: fixup early quirk probing
# good: [0e6859d9] ACPI PM: Remove obsolete Toshiba workaround
# bad: [8344b566] PCI: ACPI PCI slot detection driver
# good: [f46753c9] PCI: introduce pci_slot
| 8344b568f5bdc7ee1bba909de3294c6348c36056 is first bad commit
| commit 8344b568f5bdc7ee1bba909de3294c6348c36056
| Author: Alex Chiang <achiang@hp.com>
| Date: Tue Jun 10 15:30:42 2008 -0600
|
| PCI: ACPI PCI slot detection driver
|
| Detect all physical PCI slots as described by ACPI, and create entries in
| /sys/bus/pci/slots/.
I.e. the new CONFIG_ACPI_PCI_SLOT=y option was causing this crash.
But the bug is not mainly in this new PCI code - that code was just
hitting the ACPI code in a new way which made ACPI break.
The crash signature shows that we are crashing on this instruction:
movb $0x0, (%ecx, %ebx, 1)
ECX and EBX are 0x10 and -1. It's this line in
drivers/acpi/namespace/nsnames.c's acpi_ns_build_external_path():
name_buffer[index] = 0;
I.e. name_buffer is 0x10 and index is -1.
index -1 corresponds to size 0, and name_buffer 0x10 is slab's
ZERO_SIZE_PTR special-case for zero-sized allocations.
I.e. when we called acpi_ns_handle_to_pathname(), we got required_size
of 0 due to an error condition, but this is passed to the ACPI allocator
unconditionally:
required_size = acpi_ns_get_pathname_length(node);
/* Validate/Allocate/Clear caller buffer */
status = acpi_ut_initialize_buffer(buffer, required_size);
if (ACPI_FAILURE(status)) {
return_ACPI_STATUS(status);
}
Where acpi_ut_initialize_buffer(), through many (unnecessary) layers,
ends up calling kzalloc(0). Which returns 0x10 and that then causes the
crash later on.
So fix both callers of acpi_ns_get_pathname_length(), which can return 0
in case of an invalid node.
Also add a WARN_ON() against zero sized allocations in
acpi_ut_initialize_buffer() to make it easier to find similar instances
of this bug.
I have tested this patch for the past 24 hours and the crash has not
reappeared.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
2008-07-21 15:57:45 +02:00
if ( ! size ) {
2008-09-27 11:12:36 +08:00
return_PTR ( NULL ) ;
acpi: fix crash in core ACPI code, triggered by CONFIG_ACPI_PCI_SLOT=y
-tip testing found the following boot crash on 32-bit x86 (Core2Duo
laptop) yesterday:
[ 5.606664] scsi4 : ata_piix
[ 5.606664] scsi5 : ata_piix
[ 5.606664] ACPI Error (psargs-0358): [\_SB_.PCI0.LPC_.EC__.BSTA] Namespace lookup failure, AE_NOT_FOUND
[ 5.606664] ACPI Error (psparse-0530): ACPI Error (nsnames-0186): Invalid NS Node (f7c0e960) while traversing path [20080609]
[ 5.606664] BUG: unable to handle kernel NULL pointer dereference at 0000000f
[ 5.606664] IP: [<80339e2f>] acpi_ns_build_external_path+0x1f/0x80
[ 5.609997] *pdpt = 0000000000a03001 *pde = 0000000000000000
[ 5.609997] Oops: 0002 [#1] SMP
[ 5.609997]
[ 5.609997] Pid: 1, comm: swapper Not tainted (2.6.26-tip-03965-gbbfb62e-dirty #3153)
[ 5.609997] EIP: 0060:[<80339e2f>] EFLAGS: 00010286 CPU: 0
[ 5.609997] EIP is at acpi_ns_build_external_path+0x1f/0x80
[ 5.609997] EAX: f7c18c18 EBX: ffffffff ECX: 00000010 EDX: 00000000
[ 5.609997] ESI: f7c18c18 EDI: 00000010 EBP: f7c4dc28 ESP: f7c4dc18
[ 5.609997] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[ 5.609997] Process swapper (pid: 1, ti=f7c4c000 task=f7c50000 task.ti=f7c4c000)
[ 5.609997] Stack: 00000000 00000000 f7c18c18 f7c4dc48 f7c4dc40 80339ed0 00000000 f7c18c18
[ 5.609997] 8084c1b6 8084c1b6 f7c4dc58 8033a60a 00000000 00000010 00000000 f7c18c18
[ 5.609997] f7c4dc70 8033a68f f7c18c18 00000000 f6de7600 00000005 f7c4dc98 8033c34d
[ 5.609997] Call Trace:
[ 5.609997] [<80339ed0>] ? acpi_ns_handle_to_pathname+0x40/0x72
[ 5.609997] [<8033a60a>] ? acpi_ns_print_node_pathname+0x2c/0x61
[ 5.609997] [<8033a68f>] ? acpi_ns_report_method_error+0x50/0x6d
[ 5.609997] [<8033c34d>] ? acpi_ps_parse_aml+0x149/0x2f9
[ 5.609997] [<8033d6dd>] ? acpi_ps_execute_method+0x132/0x201
[ 5.609997] [<80339d19>] ? acpi_ns_evaluate+0x1ad/0x258
[ 5.609997] [<803406c4>] ? acpi_ut_evaluate_object+0x55/0x18f
[ 5.609997] [<803408b7>] ? acpi_ut_execute_STA+0x22/0x7a
[ 5.609997] [<8033a907>] ? acpi_get_object_info+0x131/0x1be
[ 5.609997] [<80344bb2>] ? do_acpi_find_child+0x22/0x4b
[ 5.609997] [<8033b855>] ? acpi_ns_walk_namespace+0xa5/0x124
[ 5.609997] [<803394f3>] ? acpi_walk_namespace+0x54/0x74
[ 5.609997] [<80344b90>] ? do_acpi_find_child+0x0/0x4b
[ 5.609997] [<80344b85>] ? acpi_get_child+0x38/0x43
[ 5.609997] [<80344b90>] ? do_acpi_find_child+0x0/0x4b
[ 5.609997] [<804d0148>] ? ata_acpi_associate+0xb5/0x1b5
[ 5.609997] [<804c6ecb>] ? ata_scsi_add_hosts+0x8e/0xdc
[ 5.609997] [<804c40c8>] ? ata_host_register+0x9f/0x1d6
[ 5.609997] [<804cbc7f>] ? ata_pci_sff_activate_host+0x179/0x19f
[ 5.609997] [<804cdd45>] ? ata_sff_interrupt+0x0/0x1c7
[ 5.609997] [<8069b033>] ? piix_init_one+0x569/0x5b0
[ 5.609997] [<801bd400>] ? sysfs_ilookup_test+0x0/0x11
[ 5.609997] [<801987d7>] ? ilookup5_nowait+0x29/0x30
[ 5.609997] [<802efc7e>] ? pci_match_device+0x99/0xa3
[ 5.609997] [<802efd3c>] ? pci_device_probe+0x39/0x59
[ 5.609997] [<803bc4af>] ? driver_probe_device+0xa0/0x11b
[ 5.609997] [<803bc564>] ? __driver_attach+0x3a/0x59
[ 5.609997] [<803bbde3>] ? bus_for_each_dev+0x36/0x58
[ 5.609997] [<803bc354>] ? driver_attach+0x14/0x16
[ 5.609997] [<803bc52a>] ? __driver_attach+0x0/0x59
[ 5.609997] [<803bc161>] ? bus_add_driver+0x93/0x196
[ 5.609997] [<803bc773>] ? driver_register+0x71/0xcd
[ 5.609997] [<802eff05>] ? __pci_register_driver+0x3f/0x6e
[ 5.609997] [<809af7ff>] ? piix_init+0x14/0x24
[ 5.609997] [<80984568>] ? kernel_init+0x128/0x269
[ 5.609997] [<809af7eb>] ? piix_init+0x0/0x24
[ 5.609997] [<802e2758>] ? trace_hardirqs_on_thunk+0xc/0x10
[ 5.609997] [<80116aef>] ? restore_nocheck_notrace+0x0/0xe
[ 5.609997] [<80984440>] ? kernel_init+0x0/0x269
[ 5.609997] [<80984440>] ? kernel_init+0x0/0x269
[ 5.609997] [<80117d87>] ? kernel_thread_helper+0x7/0x10
[ 5.609997] =======================
[ 5.609997] Code: 75 02 b3 01 8d 43 01 8b 5d fc c9 c3 55 89 e5 57 89 cf 56 53 89 d3 4b 83 ec 04 83 fb 03 89 55 f0 77 09 c6 01 5c c6 41 01 00 eb 59 <c6> 04 19 00 8b 55 f0 8d 34 11 89 c2 eb 19 8b 42 08 83 eb 05 89
[ 5.609997] EIP: [<80339e2f>] acpi_ns_build_external_path+0x1f/0x80 SS:ESP 0068:f7c4dc18
[ 5.613331] Kernel panic - not syncing: Fatal exception
[ 5.613331] Rebooting in 1 seconds..[ 4.646664] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
I have bisected it down to:
# bad: [5b664cbe] Merge branch 'upstream-linus' of git://git.kernel.
# good: [bce7f795] Linux 2.6.26
# good: [e18425ab] Merge branch 'tracing/for-linus' of git://git.kern
# good: [cadc7236] Merge branch 'bkl-removal' into next
# good: [4515889a] Merge branch 'merge' of git://git.kernel.org/pub/s
# good: [42fdd14e] Merge git://git.kernel.org/pub/scm/linux/kernel/gi
# good: [8a0ca91f] Merge branch 'for-linus' of git://git.kernel.org/p
# bad: [0af4b8cb] ACPI: Introduce new device wakeup flag 'prepared'
# good: [fe997407] PCI: construct one fakephp slot per PCI slot
# bad: [531f254a] PCIE: aer: use dev_printk when possible
# bad: [15650a20] x86/PCI: fixup early quirk probing
# good: [0e6859d9] ACPI PM: Remove obsolete Toshiba workaround
# bad: [8344b566] PCI: ACPI PCI slot detection driver
# good: [f46753c9] PCI: introduce pci_slot
| 8344b568f5bdc7ee1bba909de3294c6348c36056 is first bad commit
| commit 8344b568f5bdc7ee1bba909de3294c6348c36056
| Author: Alex Chiang <achiang@hp.com>
| Date: Tue Jun 10 15:30:42 2008 -0600
|
| PCI: ACPI PCI slot detection driver
|
| Detect all physical PCI slots as described by ACPI, and create entries in
| /sys/bus/pci/slots/.
I.e. the new CONFIG_ACPI_PCI_SLOT=y option was causing this crash.
But the bug is not mainly in this new PCI code - that code was just
hitting the ACPI code in a new way which made ACPI break.
The crash signature shows that we are crashing on this instruction:
movb $0x0, (%ecx, %ebx, 1)
ECX and EBX are 0x10 and -1. It's this line in
drivers/acpi/namespace/nsnames.c's acpi_ns_build_external_path():
name_buffer[index] = 0;
I.e. name_buffer is 0x10 and index is -1.
index -1 corresponds to size 0, and name_buffer 0x10 is slab's
ZERO_SIZE_PTR special-case for zero-sized allocations.
I.e. when we called acpi_ns_handle_to_pathname(), we got required_size
of 0 due to an error condition, but this is passed to the ACPI allocator
unconditionally:
required_size = acpi_ns_get_pathname_length(node);
/* Validate/Allocate/Clear caller buffer */
status = acpi_ut_initialize_buffer(buffer, required_size);
if (ACPI_FAILURE(status)) {
return_ACPI_STATUS(status);
}
Where acpi_ut_initialize_buffer(), through many (unnecessary) layers,
ends up calling kzalloc(0). Which returns 0x10 and that then causes the
crash later on.
So fix both callers of acpi_ns_get_pathname_length(), which can return 0
in case of an invalid node.
Also add a WARN_ON() against zero sized allocations in
acpi_ut_initialize_buffer() to make it easier to find similar instances
of this bug.
I have tested this patch for the past 24 hours and the crash has not
reappeared.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
2008-07-21 15:57:45 +02:00
}
2005-04-16 15:20:36 -07:00
/* Allocate a buffer to be returned to caller */
2006-10-03 00:00:00 -04:00
name_buffer = ACPI_ALLOCATE_ZEROED ( size ) ;
2005-04-16 15:20:36 -07:00
if ( ! name_buffer ) {
2009-04-22 12:52:51 +08:00
ACPI_ERROR ( ( AE_INFO , " Could not allocate %u bytes " , ( u32 ) size ) ) ;
2005-08-05 00:44:28 -04:00
return_PTR ( NULL ) ;
2005-04-16 15:20:36 -07:00
}
/* Build the path in the allocated buffer */
2008-08-04 11:13:01 +08:00
status = acpi_ns_build_external_path ( node , size , name_buffer ) ;
if ( ACPI_FAILURE ( status ) ) {
2008-09-27 11:12:36 +08:00
ACPI_FREE ( name_buffer ) ;
return_PTR ( NULL ) ;
2008-08-04 11:13:01 +08:00
}
2005-08-05 00:44:28 -04:00
return_PTR ( name_buffer ) ;
2005-04-16 15:20:36 -07:00
}
/*******************************************************************************
*
* FUNCTION : acpi_ns_get_pathname_length
*
* PARAMETERS : Node - Namespace node
*
* RETURN : Length of path , including prefix
*
* DESCRIPTION : Get the length of the pathname string for this node
*
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-08-05 00:44:28 -04:00
acpi_size acpi_ns_get_pathname_length ( struct acpi_namespace_node * node )
2005-04-16 15:20:36 -07:00
{
2005-08-05 00:44:28 -04:00
acpi_size size ;
struct acpi_namespace_node * next_node ;
2005-04-16 15:20:36 -07:00
2005-08-05 00:44:28 -04:00
ACPI_FUNCTION_ENTRY ( ) ;
2005-04-16 15:20:36 -07:00
/*
* Compute length of pathname as 5 * number of name segments .
* Go back up the parent tree to the root
*/
size = 0 ;
next_node = node ;
while ( next_node & & ( next_node ! = acpi_gbl_root_node ) ) {
2008-04-10 19:06:39 +04:00
if ( ACPI_GET_DESCRIPTOR_TYPE ( next_node ) ! = ACPI_DESC_TYPE_NAMED ) {
ACPI_ERROR ( ( AE_INFO ,
2008-08-04 11:13:01 +08:00
" Invalid Namespace Node (%p) while traversing namespace " ,
2008-04-10 19:06:39 +04:00
next_node ) ) ;
return 0 ;
}
2005-04-16 15:20:36 -07:00
size + = ACPI_PATH_SEGMENT_LENGTH ;
2005-08-05 00:44:28 -04:00
next_node = acpi_ns_get_parent_node ( next_node ) ;
2005-04-16 15:20:36 -07:00
}
if ( ! size ) {
2005-08-05 00:44:28 -04:00
size = 1 ; /* Root node case */
2005-04-16 15:20:36 -07:00
}
2005-08-05 00:44:28 -04:00
return ( size + 1 ) ; /* +1 for null string terminator */
2005-04-16 15:20:36 -07:00
}
/*******************************************************************************
*
* FUNCTION : acpi_ns_handle_to_pathname
*
* PARAMETERS : target_handle - Handle of named object whose name is
* to be found
* Buffer - Where the pathname is returned
*
* RETURN : Status , Buffer is filled with pathname if status is AE_OK
*
* DESCRIPTION : Build and return a full namespace pathname
*
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
acpi_status
2005-08-05 00:44:28 -04:00
acpi_ns_handle_to_pathname ( acpi_handle target_handle ,
struct acpi_buffer * buffer )
2005-04-16 15:20:36 -07:00
{
2005-08-05 00:44:28 -04:00
acpi_status status ;
struct acpi_namespace_node * node ;
acpi_size required_size ;
2005-04-16 15:20:36 -07:00
ACPI: ACPICA 20060421
Removed a device initialization optimization introduced in
20051216 where the _STA method was not run unless an _INI
was also present for the same device. This optimization
could cause problems because it could allow _INI methods
to be run within a not-present device subtree (If a
not-present device had no _INI, _STA would not be run,
the not-present status would not be discovered, and the
children of the device would be incorrectly traversed.)
Implemented a new _STA optimization where namespace
subtrees that do not contain _INI are identified and
ignored during device initialization. Selectively running
_STA can significantly improve boot time on large machines
(with assistance from Len Brown.)
Implemented support for the device initialization case
where the returned _STA flags indicate a device not-present
but functioning. In this case, _INI is not run, but the
device children are examined for presence, as per the
ACPI specification.
Implemented an additional change to the IndexField support
in order to conform to MS behavior. The value written to
the Index Register is not simply a byte offset, it is a
byte offset in units of the access width of the parent
Index Field. (Fiodor Suietov)
Defined and deployed a new OSL interface,
acpi_os_validate_address(). This interface is called during
the creation of all AML operation regions, and allows
the host OS to exert control over what addresses it will
allow the AML code to access. Operation Regions whose
addresses are disallowed will cause a runtime exception
when they are actually accessed (will not affect or abort
table loading.)
Defined and deployed a new OSL interface,
acpi_os_validate_interface(). This interface allows the host OS
to match the various "optional" interface/behavior strings
for the _OSI predefined control method as appropriate
(with assistance from Bjorn Helgaas.)
Restructured and corrected various problems in the
exception handling code paths within DsCallControlMethod
and DsTerminateControlMethod in dsmethod (with assistance
from Takayoshi Kochi.)
Modified the Linux source converter to ignore quoted string
literals while converting identifiers from mixed to lower
case. This will correct problems with the disassembler
and other areas where such strings must not be modified.
The ACPI_FUNCTION_* macros no longer require quotes around
the function name. This allows the Linux source converter
to convert the names, now that the converter ignores
quoted strings.
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2006-04-21 17:15:00 -04:00
ACPI_FUNCTION_TRACE_PTR ( ns_handle_to_pathname , target_handle ) ;
2005-04-16 15:20:36 -07:00
2009-12-11 14:57:00 +08:00
node = acpi_ns_validate_handle ( target_handle ) ;
2005-04-16 15:20:36 -07:00
if ( ! node ) {
2005-08-05 00:44:28 -04:00
return_ACPI_STATUS ( AE_BAD_PARAMETER ) ;
2005-04-16 15:20:36 -07:00
}
/* Determine size required for the caller buffer */
2005-08-05 00:44:28 -04:00
required_size = acpi_ns_get_pathname_length ( node ) ;
acpi: fix crash in core ACPI code, triggered by CONFIG_ACPI_PCI_SLOT=y
-tip testing found the following boot crash on 32-bit x86 (Core2Duo
laptop) yesterday:
[ 5.606664] scsi4 : ata_piix
[ 5.606664] scsi5 : ata_piix
[ 5.606664] ACPI Error (psargs-0358): [\_SB_.PCI0.LPC_.EC__.BSTA] Namespace lookup failure, AE_NOT_FOUND
[ 5.606664] ACPI Error (psparse-0530): ACPI Error (nsnames-0186): Invalid NS Node (f7c0e960) while traversing path [20080609]
[ 5.606664] BUG: unable to handle kernel NULL pointer dereference at 0000000f
[ 5.606664] IP: [<80339e2f>] acpi_ns_build_external_path+0x1f/0x80
[ 5.609997] *pdpt = 0000000000a03001 *pde = 0000000000000000
[ 5.609997] Oops: 0002 [#1] SMP
[ 5.609997]
[ 5.609997] Pid: 1, comm: swapper Not tainted (2.6.26-tip-03965-gbbfb62e-dirty #3153)
[ 5.609997] EIP: 0060:[<80339e2f>] EFLAGS: 00010286 CPU: 0
[ 5.609997] EIP is at acpi_ns_build_external_path+0x1f/0x80
[ 5.609997] EAX: f7c18c18 EBX: ffffffff ECX: 00000010 EDX: 00000000
[ 5.609997] ESI: f7c18c18 EDI: 00000010 EBP: f7c4dc28 ESP: f7c4dc18
[ 5.609997] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[ 5.609997] Process swapper (pid: 1, ti=f7c4c000 task=f7c50000 task.ti=f7c4c000)
[ 5.609997] Stack: 00000000 00000000 f7c18c18 f7c4dc48 f7c4dc40 80339ed0 00000000 f7c18c18
[ 5.609997] 8084c1b6 8084c1b6 f7c4dc58 8033a60a 00000000 00000010 00000000 f7c18c18
[ 5.609997] f7c4dc70 8033a68f f7c18c18 00000000 f6de7600 00000005 f7c4dc98 8033c34d
[ 5.609997] Call Trace:
[ 5.609997] [<80339ed0>] ? acpi_ns_handle_to_pathname+0x40/0x72
[ 5.609997] [<8033a60a>] ? acpi_ns_print_node_pathname+0x2c/0x61
[ 5.609997] [<8033a68f>] ? acpi_ns_report_method_error+0x50/0x6d
[ 5.609997] [<8033c34d>] ? acpi_ps_parse_aml+0x149/0x2f9
[ 5.609997] [<8033d6dd>] ? acpi_ps_execute_method+0x132/0x201
[ 5.609997] [<80339d19>] ? acpi_ns_evaluate+0x1ad/0x258
[ 5.609997] [<803406c4>] ? acpi_ut_evaluate_object+0x55/0x18f
[ 5.609997] [<803408b7>] ? acpi_ut_execute_STA+0x22/0x7a
[ 5.609997] [<8033a907>] ? acpi_get_object_info+0x131/0x1be
[ 5.609997] [<80344bb2>] ? do_acpi_find_child+0x22/0x4b
[ 5.609997] [<8033b855>] ? acpi_ns_walk_namespace+0xa5/0x124
[ 5.609997] [<803394f3>] ? acpi_walk_namespace+0x54/0x74
[ 5.609997] [<80344b90>] ? do_acpi_find_child+0x0/0x4b
[ 5.609997] [<80344b85>] ? acpi_get_child+0x38/0x43
[ 5.609997] [<80344b90>] ? do_acpi_find_child+0x0/0x4b
[ 5.609997] [<804d0148>] ? ata_acpi_associate+0xb5/0x1b5
[ 5.609997] [<804c6ecb>] ? ata_scsi_add_hosts+0x8e/0xdc
[ 5.609997] [<804c40c8>] ? ata_host_register+0x9f/0x1d6
[ 5.609997] [<804cbc7f>] ? ata_pci_sff_activate_host+0x179/0x19f
[ 5.609997] [<804cdd45>] ? ata_sff_interrupt+0x0/0x1c7
[ 5.609997] [<8069b033>] ? piix_init_one+0x569/0x5b0
[ 5.609997] [<801bd400>] ? sysfs_ilookup_test+0x0/0x11
[ 5.609997] [<801987d7>] ? ilookup5_nowait+0x29/0x30
[ 5.609997] [<802efc7e>] ? pci_match_device+0x99/0xa3
[ 5.609997] [<802efd3c>] ? pci_device_probe+0x39/0x59
[ 5.609997] [<803bc4af>] ? driver_probe_device+0xa0/0x11b
[ 5.609997] [<803bc564>] ? __driver_attach+0x3a/0x59
[ 5.609997] [<803bbde3>] ? bus_for_each_dev+0x36/0x58
[ 5.609997] [<803bc354>] ? driver_attach+0x14/0x16
[ 5.609997] [<803bc52a>] ? __driver_attach+0x0/0x59
[ 5.609997] [<803bc161>] ? bus_add_driver+0x93/0x196
[ 5.609997] [<803bc773>] ? driver_register+0x71/0xcd
[ 5.609997] [<802eff05>] ? __pci_register_driver+0x3f/0x6e
[ 5.609997] [<809af7ff>] ? piix_init+0x14/0x24
[ 5.609997] [<80984568>] ? kernel_init+0x128/0x269
[ 5.609997] [<809af7eb>] ? piix_init+0x0/0x24
[ 5.609997] [<802e2758>] ? trace_hardirqs_on_thunk+0xc/0x10
[ 5.609997] [<80116aef>] ? restore_nocheck_notrace+0x0/0xe
[ 5.609997] [<80984440>] ? kernel_init+0x0/0x269
[ 5.609997] [<80984440>] ? kernel_init+0x0/0x269
[ 5.609997] [<80117d87>] ? kernel_thread_helper+0x7/0x10
[ 5.609997] =======================
[ 5.609997] Code: 75 02 b3 01 8d 43 01 8b 5d fc c9 c3 55 89 e5 57 89 cf 56 53 89 d3 4b 83 ec 04 83 fb 03 89 55 f0 77 09 c6 01 5c c6 41 01 00 eb 59 <c6> 04 19 00 8b 55 f0 8d 34 11 89 c2 eb 19 8b 42 08 83 eb 05 89
[ 5.609997] EIP: [<80339e2f>] acpi_ns_build_external_path+0x1f/0x80 SS:ESP 0068:f7c4dc18
[ 5.613331] Kernel panic - not syncing: Fatal exception
[ 5.613331] Rebooting in 1 seconds..[ 4.646664] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
I have bisected it down to:
# bad: [5b664cbe] Merge branch 'upstream-linus' of git://git.kernel.
# good: [bce7f795] Linux 2.6.26
# good: [e18425ab] Merge branch 'tracing/for-linus' of git://git.kern
# good: [cadc7236] Merge branch 'bkl-removal' into next
# good: [4515889a] Merge branch 'merge' of git://git.kernel.org/pub/s
# good: [42fdd14e] Merge git://git.kernel.org/pub/scm/linux/kernel/gi
# good: [8a0ca91f] Merge branch 'for-linus' of git://git.kernel.org/p
# bad: [0af4b8cb] ACPI: Introduce new device wakeup flag 'prepared'
# good: [fe997407] PCI: construct one fakephp slot per PCI slot
# bad: [531f254a] PCIE: aer: use dev_printk when possible
# bad: [15650a20] x86/PCI: fixup early quirk probing
# good: [0e6859d9] ACPI PM: Remove obsolete Toshiba workaround
# bad: [8344b566] PCI: ACPI PCI slot detection driver
# good: [f46753c9] PCI: introduce pci_slot
| 8344b568f5bdc7ee1bba909de3294c6348c36056 is first bad commit
| commit 8344b568f5bdc7ee1bba909de3294c6348c36056
| Author: Alex Chiang <achiang@hp.com>
| Date: Tue Jun 10 15:30:42 2008 -0600
|
| PCI: ACPI PCI slot detection driver
|
| Detect all physical PCI slots as described by ACPI, and create entries in
| /sys/bus/pci/slots/.
I.e. the new CONFIG_ACPI_PCI_SLOT=y option was causing this crash.
But the bug is not mainly in this new PCI code - that code was just
hitting the ACPI code in a new way which made ACPI break.
The crash signature shows that we are crashing on this instruction:
movb $0x0, (%ecx, %ebx, 1)
ECX and EBX are 0x10 and -1. It's this line in
drivers/acpi/namespace/nsnames.c's acpi_ns_build_external_path():
name_buffer[index] = 0;
I.e. name_buffer is 0x10 and index is -1.
index -1 corresponds to size 0, and name_buffer 0x10 is slab's
ZERO_SIZE_PTR special-case for zero-sized allocations.
I.e. when we called acpi_ns_handle_to_pathname(), we got required_size
of 0 due to an error condition, but this is passed to the ACPI allocator
unconditionally:
required_size = acpi_ns_get_pathname_length(node);
/* Validate/Allocate/Clear caller buffer */
status = acpi_ut_initialize_buffer(buffer, required_size);
if (ACPI_FAILURE(status)) {
return_ACPI_STATUS(status);
}
Where acpi_ut_initialize_buffer(), through many (unnecessary) layers,
ends up calling kzalloc(0). Which returns 0x10 and that then causes the
crash later on.
So fix both callers of acpi_ns_get_pathname_length(), which can return 0
in case of an invalid node.
Also add a WARN_ON() against zero sized allocations in
acpi_ut_initialize_buffer() to make it easier to find similar instances
of this bug.
I have tested this patch for the past 24 hours and the crash has not
reappeared.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
2008-07-21 15:57:45 +02:00
if ( ! required_size ) {
2008-08-04 11:13:01 +08:00
return_ACPI_STATUS ( AE_BAD_PARAMETER ) ;
acpi: fix crash in core ACPI code, triggered by CONFIG_ACPI_PCI_SLOT=y
-tip testing found the following boot crash on 32-bit x86 (Core2Duo
laptop) yesterday:
[ 5.606664] scsi4 : ata_piix
[ 5.606664] scsi5 : ata_piix
[ 5.606664] ACPI Error (psargs-0358): [\_SB_.PCI0.LPC_.EC__.BSTA] Namespace lookup failure, AE_NOT_FOUND
[ 5.606664] ACPI Error (psparse-0530): ACPI Error (nsnames-0186): Invalid NS Node (f7c0e960) while traversing path [20080609]
[ 5.606664] BUG: unable to handle kernel NULL pointer dereference at 0000000f
[ 5.606664] IP: [<80339e2f>] acpi_ns_build_external_path+0x1f/0x80
[ 5.609997] *pdpt = 0000000000a03001 *pde = 0000000000000000
[ 5.609997] Oops: 0002 [#1] SMP
[ 5.609997]
[ 5.609997] Pid: 1, comm: swapper Not tainted (2.6.26-tip-03965-gbbfb62e-dirty #3153)
[ 5.609997] EIP: 0060:[<80339e2f>] EFLAGS: 00010286 CPU: 0
[ 5.609997] EIP is at acpi_ns_build_external_path+0x1f/0x80
[ 5.609997] EAX: f7c18c18 EBX: ffffffff ECX: 00000010 EDX: 00000000
[ 5.609997] ESI: f7c18c18 EDI: 00000010 EBP: f7c4dc28 ESP: f7c4dc18
[ 5.609997] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[ 5.609997] Process swapper (pid: 1, ti=f7c4c000 task=f7c50000 task.ti=f7c4c000)
[ 5.609997] Stack: 00000000 00000000 f7c18c18 f7c4dc48 f7c4dc40 80339ed0 00000000 f7c18c18
[ 5.609997] 8084c1b6 8084c1b6 f7c4dc58 8033a60a 00000000 00000010 00000000 f7c18c18
[ 5.609997] f7c4dc70 8033a68f f7c18c18 00000000 f6de7600 00000005 f7c4dc98 8033c34d
[ 5.609997] Call Trace:
[ 5.609997] [<80339ed0>] ? acpi_ns_handle_to_pathname+0x40/0x72
[ 5.609997] [<8033a60a>] ? acpi_ns_print_node_pathname+0x2c/0x61
[ 5.609997] [<8033a68f>] ? acpi_ns_report_method_error+0x50/0x6d
[ 5.609997] [<8033c34d>] ? acpi_ps_parse_aml+0x149/0x2f9
[ 5.609997] [<8033d6dd>] ? acpi_ps_execute_method+0x132/0x201
[ 5.609997] [<80339d19>] ? acpi_ns_evaluate+0x1ad/0x258
[ 5.609997] [<803406c4>] ? acpi_ut_evaluate_object+0x55/0x18f
[ 5.609997] [<803408b7>] ? acpi_ut_execute_STA+0x22/0x7a
[ 5.609997] [<8033a907>] ? acpi_get_object_info+0x131/0x1be
[ 5.609997] [<80344bb2>] ? do_acpi_find_child+0x22/0x4b
[ 5.609997] [<8033b855>] ? acpi_ns_walk_namespace+0xa5/0x124
[ 5.609997] [<803394f3>] ? acpi_walk_namespace+0x54/0x74
[ 5.609997] [<80344b90>] ? do_acpi_find_child+0x0/0x4b
[ 5.609997] [<80344b85>] ? acpi_get_child+0x38/0x43
[ 5.609997] [<80344b90>] ? do_acpi_find_child+0x0/0x4b
[ 5.609997] [<804d0148>] ? ata_acpi_associate+0xb5/0x1b5
[ 5.609997] [<804c6ecb>] ? ata_scsi_add_hosts+0x8e/0xdc
[ 5.609997] [<804c40c8>] ? ata_host_register+0x9f/0x1d6
[ 5.609997] [<804cbc7f>] ? ata_pci_sff_activate_host+0x179/0x19f
[ 5.609997] [<804cdd45>] ? ata_sff_interrupt+0x0/0x1c7
[ 5.609997] [<8069b033>] ? piix_init_one+0x569/0x5b0
[ 5.609997] [<801bd400>] ? sysfs_ilookup_test+0x0/0x11
[ 5.609997] [<801987d7>] ? ilookup5_nowait+0x29/0x30
[ 5.609997] [<802efc7e>] ? pci_match_device+0x99/0xa3
[ 5.609997] [<802efd3c>] ? pci_device_probe+0x39/0x59
[ 5.609997] [<803bc4af>] ? driver_probe_device+0xa0/0x11b
[ 5.609997] [<803bc564>] ? __driver_attach+0x3a/0x59
[ 5.609997] [<803bbde3>] ? bus_for_each_dev+0x36/0x58
[ 5.609997] [<803bc354>] ? driver_attach+0x14/0x16
[ 5.609997] [<803bc52a>] ? __driver_attach+0x0/0x59
[ 5.609997] [<803bc161>] ? bus_add_driver+0x93/0x196
[ 5.609997] [<803bc773>] ? driver_register+0x71/0xcd
[ 5.609997] [<802eff05>] ? __pci_register_driver+0x3f/0x6e
[ 5.609997] [<809af7ff>] ? piix_init+0x14/0x24
[ 5.609997] [<80984568>] ? kernel_init+0x128/0x269
[ 5.609997] [<809af7eb>] ? piix_init+0x0/0x24
[ 5.609997] [<802e2758>] ? trace_hardirqs_on_thunk+0xc/0x10
[ 5.609997] [<80116aef>] ? restore_nocheck_notrace+0x0/0xe
[ 5.609997] [<80984440>] ? kernel_init+0x0/0x269
[ 5.609997] [<80984440>] ? kernel_init+0x0/0x269
[ 5.609997] [<80117d87>] ? kernel_thread_helper+0x7/0x10
[ 5.609997] =======================
[ 5.609997] Code: 75 02 b3 01 8d 43 01 8b 5d fc c9 c3 55 89 e5 57 89 cf 56 53 89 d3 4b 83 ec 04 83 fb 03 89 55 f0 77 09 c6 01 5c c6 41 01 00 eb 59 <c6> 04 19 00 8b 55 f0 8d 34 11 89 c2 eb 19 8b 42 08 83 eb 05 89
[ 5.609997] EIP: [<80339e2f>] acpi_ns_build_external_path+0x1f/0x80 SS:ESP 0068:f7c4dc18
[ 5.613331] Kernel panic - not syncing: Fatal exception
[ 5.613331] Rebooting in 1 seconds..[ 4.646664] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
I have bisected it down to:
# bad: [5b664cbe] Merge branch 'upstream-linus' of git://git.kernel.
# good: [bce7f795] Linux 2.6.26
# good: [e18425ab] Merge branch 'tracing/for-linus' of git://git.kern
# good: [cadc7236] Merge branch 'bkl-removal' into next
# good: [4515889a] Merge branch 'merge' of git://git.kernel.org/pub/s
# good: [42fdd14e] Merge git://git.kernel.org/pub/scm/linux/kernel/gi
# good: [8a0ca91f] Merge branch 'for-linus' of git://git.kernel.org/p
# bad: [0af4b8cb] ACPI: Introduce new device wakeup flag 'prepared'
# good: [fe997407] PCI: construct one fakephp slot per PCI slot
# bad: [531f254a] PCIE: aer: use dev_printk when possible
# bad: [15650a20] x86/PCI: fixup early quirk probing
# good: [0e6859d9] ACPI PM: Remove obsolete Toshiba workaround
# bad: [8344b566] PCI: ACPI PCI slot detection driver
# good: [f46753c9] PCI: introduce pci_slot
| 8344b568f5bdc7ee1bba909de3294c6348c36056 is first bad commit
| commit 8344b568f5bdc7ee1bba909de3294c6348c36056
| Author: Alex Chiang <achiang@hp.com>
| Date: Tue Jun 10 15:30:42 2008 -0600
|
| PCI: ACPI PCI slot detection driver
|
| Detect all physical PCI slots as described by ACPI, and create entries in
| /sys/bus/pci/slots/.
I.e. the new CONFIG_ACPI_PCI_SLOT=y option was causing this crash.
But the bug is not mainly in this new PCI code - that code was just
hitting the ACPI code in a new way which made ACPI break.
The crash signature shows that we are crashing on this instruction:
movb $0x0, (%ecx, %ebx, 1)
ECX and EBX are 0x10 and -1. It's this line in
drivers/acpi/namespace/nsnames.c's acpi_ns_build_external_path():
name_buffer[index] = 0;
I.e. name_buffer is 0x10 and index is -1.
index -1 corresponds to size 0, and name_buffer 0x10 is slab's
ZERO_SIZE_PTR special-case for zero-sized allocations.
I.e. when we called acpi_ns_handle_to_pathname(), we got required_size
of 0 due to an error condition, but this is passed to the ACPI allocator
unconditionally:
required_size = acpi_ns_get_pathname_length(node);
/* Validate/Allocate/Clear caller buffer */
status = acpi_ut_initialize_buffer(buffer, required_size);
if (ACPI_FAILURE(status)) {
return_ACPI_STATUS(status);
}
Where acpi_ut_initialize_buffer(), through many (unnecessary) layers,
ends up calling kzalloc(0). Which returns 0x10 and that then causes the
crash later on.
So fix both callers of acpi_ns_get_pathname_length(), which can return 0
in case of an invalid node.
Also add a WARN_ON() against zero sized allocations in
acpi_ut_initialize_buffer() to make it easier to find similar instances
of this bug.
I have tested this patch for the past 24 hours and the crash has not
reappeared.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
2008-07-21 15:57:45 +02:00
}
2005-04-16 15:20:36 -07:00
/* Validate/Allocate/Clear caller buffer */
2005-08-05 00:44:28 -04:00
status = acpi_ut_initialize_buffer ( buffer , required_size ) ;
if ( ACPI_FAILURE ( status ) ) {
return_ACPI_STATUS ( status ) ;
2005-04-16 15:20:36 -07:00
}
/* Build the path in the caller buffer */
2008-08-04 11:13:01 +08:00
status =
acpi_ns_build_external_path ( node , required_size , buffer - > pointer ) ;
if ( ACPI_FAILURE ( status ) ) {
return_ACPI_STATUS ( status ) ;
}
2005-04-16 15:20:36 -07:00
[ACPI] ACPICA 20050930
Completed a major overhaul of the Resource Manager code -
specifically, optimizations in the area of the AML/internal
resource conversion code. The code has been optimized to
simplify and eliminate duplicated code, CPU stack use has
been decreased by optimizing function parameters and local
variables, and naming conventions across the manager have
been standardized for clarity and ease of maintenance (this
includes function, parameter, variable, and struct/typedef
names.)
All Resource Manager dispatch and information tables have
been moved to a single location for clarity and ease of
maintenance. One new file was created, named "rsinfo.c".
The ACPI return macros (return_ACPI_STATUS, etc.) have
been modified to guarantee that the argument is
not evaluated twice, making them less prone to macro
side-effects. However, since there exists the possibility
of additional stack use if a particular compiler cannot
optimize them (such as in the debug generation case),
the original macros are optionally available. Note that
some invocations of the return_VALUE macro may now cause
size mismatch warnings; the return_UINT8 and return_UINT32
macros are provided to eliminate these. (From Randy Dunlap)
Implemented a new mechanism to enable debug tracing for
individual control methods. A new external interface,
acpi_debug_trace(), is provided to enable this mechanism. The
intent is to allow the host OS to easily enable and disable
tracing for problematic control methods. This interface
can be easily exposed to a user or debugger interface if
desired. See the file psxface.c for details.
acpi_ut_callocate() will now return a valid pointer if a
length of zero is specified - a length of one is used
and a warning is issued. This matches the behavior of
acpi_ut_allocate().
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2005-09-30 19:03:00 -04:00
ACPI_DEBUG_PRINT ( ( ACPI_DB_EXEC , " %s [%X] \n " ,
2005-08-05 00:44:28 -04:00
( char * ) buffer - > pointer , ( u32 ) required_size ) ) ;
return_ACPI_STATUS ( AE_OK ) ;
2005-04-16 15:20:36 -07:00
}