aboutsummaryrefslogtreecommitdiff
path: root/drivers/acpi/namespace/nsnames.c
AgeCommit message (Collapse)Author
2008-10-22ACPICA: New: Validation for predefined ACPI methods/objectsBob Moore
Validates predefined ACPI objects that appear in the namespace, at the time they are evaluated. The argument count and the type of the returned object are validated. The purpose of this validation is to detect problems with the BIOS-exposed predefined ACPI objects before the results are returned to the ACPI-related drivers. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Lin Ming <ming.m.lin@intel.com> Signed-off-by: Len Brown <len.brown@intel.com>
2008-10-22ACPICA: Fix possible memory leak in acpi_ns_get_external_pathnameBob Moore
Fixes a memory leak in the error exit path. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Lin Ming <ming.m.lin@intel.com> Signed-off-by: Len Brown <len.brown@intel.com>
2008-08-15ACPICA: Additional error checking for pathname utilitiesBob Moore
Add error check after all calls to acpi_ns_get_pathname_length. Add status return from acpi_ns_build_external_path and check after all calls. Add parameter validation to acpi_ut_initialize_buffer. Reported by and initial patch by Ingo Molnar. http://lkml.org/lkml/2008/7/21/176 Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Lin Ming <ming.m.lin@intel.com> Signed-off-by: Andi Kleen <ak@linux.intel.com>
2008-07-22acpi: fix crash in core ACPI code, triggered by CONFIG_ACPI_PCI_SLOT=yIngo Molnar
-tip testing found the following boot crash on 32-bit x86 (Core2Duo laptop) yesterday: [ 5.606664] scsi4 : ata_piix [ 5.606664] scsi5 : ata_piix [ 5.606664] ACPI Error (psargs-0358): [\_SB_.PCI0.LPC_.EC__.BSTA] Namespace lookup failure, AE_NOT_FOUND [ 5.606664] ACPI Error (psparse-0530): ACPI Error (nsnames-0186): Invalid NS Node (f7c0e960) while traversing path [20080609] [ 5.606664] BUG: unable to handle kernel NULL pointer dereference at 0000000f [ 5.606664] IP: [<80339e2f>] acpi_ns_build_external_path+0x1f/0x80 [ 5.609997] *pdpt = 0000000000a03001 *pde = 0000000000000000 [ 5.609997] Oops: 0002 [#1] SMP [ 5.609997] [ 5.609997] Pid: 1, comm: swapper Not tainted (2.6.26-tip-03965-gbbfb62e-dirty #3153) [ 5.609997] EIP: 0060:[<80339e2f>] EFLAGS: 00010286 CPU: 0 [ 5.609997] EIP is at acpi_ns_build_external_path+0x1f/0x80 [ 5.609997] EAX: f7c18c18 EBX: ffffffff ECX: 00000010 EDX: 00000000 [ 5.609997] ESI: f7c18c18 EDI: 00000010 EBP: f7c4dc28 ESP: f7c4dc18 [ 5.609997] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 [ 5.609997] Process swapper (pid: 1, ti=f7c4c000 task=f7c50000 task.ti=f7c4c000) [ 5.609997] Stack: 00000000 00000000 f7c18c18 f7c4dc48 f7c4dc40 80339ed0 00000000 f7c18c18 [ 5.609997] 8084c1b6 8084c1b6 f7c4dc58 8033a60a 00000000 00000010 00000000 f7c18c18 [ 5.609997] f7c4dc70 8033a68f f7c18c18 00000000 f6de7600 00000005 f7c4dc98 8033c34d [ 5.609997] Call Trace: [ 5.609997] [<80339ed0>] ? acpi_ns_handle_to_pathname+0x40/0x72 [ 5.609997] [<8033a60a>] ? acpi_ns_print_node_pathname+0x2c/0x61 [ 5.609997] [<8033a68f>] ? acpi_ns_report_method_error+0x50/0x6d [ 5.609997] [<8033c34d>] ? acpi_ps_parse_aml+0x149/0x2f9 [ 5.609997] [<8033d6dd>] ? acpi_ps_execute_method+0x132/0x201 [ 5.609997] [<80339d19>] ? acpi_ns_evaluate+0x1ad/0x258 [ 5.609997] [<803406c4>] ? acpi_ut_evaluate_object+0x55/0x18f [ 5.609997] [<803408b7>] ? acpi_ut_execute_STA+0x22/0x7a [ 5.609997] [<8033a907>] ? acpi_get_object_info+0x131/0x1be [ 5.609997] [<80344bb2>] ? do_acpi_find_child+0x22/0x4b [ 5.609997] [<8033b855>] ? acpi_ns_walk_namespace+0xa5/0x124 [ 5.609997] [<803394f3>] ? acpi_walk_namespace+0x54/0x74 [ 5.609997] [<80344b90>] ? do_acpi_find_child+0x0/0x4b [ 5.609997] [<80344b85>] ? acpi_get_child+0x38/0x43 [ 5.609997] [<80344b90>] ? do_acpi_find_child+0x0/0x4b [ 5.609997] [<804d0148>] ? ata_acpi_associate+0xb5/0x1b5 [ 5.609997] [<804c6ecb>] ? ata_scsi_add_hosts+0x8e/0xdc [ 5.609997] [<804c40c8>] ? ata_host_register+0x9f/0x1d6 [ 5.609997] [<804cbc7f>] ? ata_pci_sff_activate_host+0x179/0x19f [ 5.609997] [<804cdd45>] ? ata_sff_interrupt+0x0/0x1c7 [ 5.609997] [<8069b033>] ? piix_init_one+0x569/0x5b0 [ 5.609997] [<801bd400>] ? sysfs_ilookup_test+0x0/0x11 [ 5.609997] [<801987d7>] ? ilookup5_nowait+0x29/0x30 [ 5.609997] [<802efc7e>] ? pci_match_device+0x99/0xa3 [ 5.609997] [<802efd3c>] ? pci_device_probe+0x39/0x59 [ 5.609997] [<803bc4af>] ? driver_probe_device+0xa0/0x11b [ 5.609997] [<803bc564>] ? __driver_attach+0x3a/0x59 [ 5.609997] [<803bbde3>] ? bus_for_each_dev+0x36/0x58 [ 5.609997] [<803bc354>] ? driver_attach+0x14/0x16 [ 5.609997] [<803bc52a>] ? __driver_attach+0x0/0x59 [ 5.609997] [<803bc161>] ? bus_add_driver+0x93/0x196 [ 5.609997] [<803bc773>] ? driver_register+0x71/0xcd [ 5.609997] [<802eff05>] ? __pci_register_driver+0x3f/0x6e [ 5.609997] [<809af7ff>] ? piix_init+0x14/0x24 [ 5.609997] [<80984568>] ? kernel_init+0x128/0x269 [ 5.609997] [<809af7eb>] ? piix_init+0x0/0x24 [ 5.609997] [<802e2758>] ? trace_hardirqs_on_thunk+0xc/0x10 [ 5.609997] [<80116aef>] ? restore_nocheck_notrace+0x0/0xe [ 5.609997] [<80984440>] ? kernel_init+0x0/0x269 [ 5.609997] [<80984440>] ? kernel_init+0x0/0x269 [ 5.609997] [<80117d87>] ? kernel_thread_helper+0x7/0x10 [ 5.609997] ======================= [ 5.609997] Code: 75 02 b3 01 8d 43 01 8b 5d fc c9 c3 55 89 e5 57 89 cf 56 53 89 d3 4b 83 ec 04 83 fb 03 89 55 f0 77 09 c6 01 5c c6 41 01 00 eb 59 <c6> 04 19 00 8b 55 f0 8d 34 11 89 c2 eb 19 8b 42 08 83 eb 05 89 [ 5.609997] EIP: [<80339e2f>] acpi_ns_build_external_path+0x1f/0x80 SS:ESP 0068:f7c4dc18 [ 5.613331] Kernel panic - not syncing: Fatal exception [ 5.613331] Rebooting in 1 seconds..[ 4.646664] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) I have bisected it down to: # bad: [5b664cbe] Merge branch 'upstream-linus' of git://git.kernel. # good: [bce7f795] Linux 2.6.26 # good: [e18425ab] Merge branch 'tracing/for-linus' of git://git.kern # good: [cadc7236] Merge branch 'bkl-removal' into next # good: [4515889a] Merge branch 'merge' of git://git.kernel.org/pub/s # good: [42fdd14e] Merge git://git.kernel.org/pub/scm/linux/kernel/gi # good: [8a0ca91f] Merge branch 'for-linus' of git://git.kernel.org/p # bad: [0af4b8cb] ACPI: Introduce new device wakeup flag 'prepared' # good: [fe997407] PCI: construct one fakephp slot per PCI slot # bad: [531f254a] PCIE: aer: use dev_printk when possible # bad: [15650a20] x86/PCI: fixup early quirk probing # good: [0e6859d9] ACPI PM: Remove obsolete Toshiba workaround # bad: [8344b566] PCI: ACPI PCI slot detection driver # good: [f46753c9] PCI: introduce pci_slot | 8344b568f5bdc7ee1bba909de3294c6348c36056 is first bad commit | commit 8344b568f5bdc7ee1bba909de3294c6348c36056 | Author: Alex Chiang <achiang@hp.com> | Date: Tue Jun 10 15:30:42 2008 -0600 | | PCI: ACPI PCI slot detection driver | | Detect all physical PCI slots as described by ACPI, and create entries in | /sys/bus/pci/slots/. I.e. the new CONFIG_ACPI_PCI_SLOT=y option was causing this crash. But the bug is not mainly in this new PCI code - that code was just hitting the ACPI code in a new way which made ACPI break. The crash signature shows that we are crashing on this instruction: movb $0x0, (%ecx, %ebx, 1) ECX and EBX are 0x10 and -1. It's this line in drivers/acpi/namespace/nsnames.c's acpi_ns_build_external_path(): name_buffer[index] = 0; I.e. name_buffer is 0x10 and index is -1. index -1 corresponds to size 0, and name_buffer 0x10 is slab's ZERO_SIZE_PTR special-case for zero-sized allocations. I.e. when we called acpi_ns_handle_to_pathname(), we got required_size of 0 due to an error condition, but this is passed to the ACPI allocator unconditionally: required_size = acpi_ns_get_pathname_length(node); /* Validate/Allocate/Clear caller buffer */ status = acpi_ut_initialize_buffer(buffer, required_size); if (ACPI_FAILURE(status)) { return_ACPI_STATUS(status); } Where acpi_ut_initialize_buffer(), through many (unnecessary) layers, ends up calling kzalloc(0). Which returns 0x10 and that then causes the crash later on. So fix both callers of acpi_ns_get_pathname_length(), which can return 0 in case of an invalid node. Also add a WARN_ON() against zero sized allocations in acpi_ut_initialize_buffer() to make it easier to find similar instances of this bug. I have tested this patch for the past 24 hours and the crash has not reappeared. Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andi Kleen <ak@linux.intel.com>
2008-04-23ACPICA: update Intel copyrightLen Brown
Signed-off-by: Len Brown <len.brown@intel.com>
2008-04-22ACPICA: Cosmetic changes only, no functional changesBob Moore
Lint changes, fix compiler warnings, etc. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de> Signed-off-by: Len Brown <len.brown@intel.com>
2008-04-22ACPICA: Add error checks to prevent faultsBob Moore
Added additional error checking to prevent run-time faults. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de> Signed-off-by: Len Brown <len.brown@intel.com>
2007-02-02ACPICA: Update copyright to 2007.Bob Moore
Added 2007 copyright to all module headers and signons. This affects virtually every file in the ACPICA core subsystem, iASL compiler, and the utilities. Signed-off-by: Alexey Starikovskiy <alexey.y.starikovskiy@intel.com> Signed-off-by: Len Brown <len.brown@intel.com>
2006-06-14ACPI: ACPICA 20060421Bob Moore
Removed a device initialization optimization introduced in 20051216 where the _STA method was not run unless an _INI was also present for the same device. This optimization could cause problems because it could allow _INI methods to be run within a not-present device subtree (If a not-present device had no _INI, _STA would not be run, the not-present status would not be discovered, and the children of the device would be incorrectly traversed.) Implemented a new _STA optimization where namespace subtrees that do not contain _INI are identified and ignored during device initialization. Selectively running _STA can significantly improve boot time on large machines (with assistance from Len Brown.) Implemented support for the device initialization case where the returned _STA flags indicate a device not-present but functioning. In this case, _INI is not run, but the device children are examined for presence, as per the ACPI specification. Implemented an additional change to the IndexField support in order to conform to MS behavior. The value written to the Index Register is not simply a byte offset, it is a byte offset in units of the access width of the parent Index Field. (Fiodor Suietov) Defined and deployed a new OSL interface, acpi_os_validate_address(). This interface is called during the creation of all AML operation regions, and allows the host OS to exert control over what addresses it will allow the AML code to access. Operation Regions whose addresses are disallowed will cause a runtime exception when they are actually accessed (will not affect or abort table loading.) Defined and deployed a new OSL interface, acpi_os_validate_interface(). This interface allows the host OS to match the various "optional" interface/behavior strings for the _OSI predefined control method as appropriate (with assistance from Bjorn Helgaas.) Restructured and corrected various problems in the exception handling code paths within DsCallControlMethod and DsTerminateControlMethod in dsmethod (with assistance from Takayoshi Kochi.) Modified the Linux source converter to ignore quoted string literals while converting identifiers from mixed to lower case. This will correct problems with the disassembler and other areas where such strings must not be modified. The ACPI_FUNCTION_* macros no longer require quotes around the function name. This allows the Linux source converter to convert the names, now that the converter ignores quoted strings. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Len Brown <len.brown@intel.com>
2006-04-01ACPI: ACPICA 20060310Bob Moore
Tagged all external interfaces to the subsystem with the new ACPI_EXPORT_SYMBOL macro. This macro can be defined as necessary to assist kernel integration. For Linux, the macro resolves to the EXPORT_SYMBOL macro. The default definition is NULL. Added the ACPI_THREAD_ID type for the return value from acpi_os_get_thread_id(). This allows the host to define this as necessary to simplify kernel integration. The default definition is ACPI_NATIVE_UINT. Valery Podrezov fixed two interpreter problems related to error processing, the deletion of objects, and placing invalid pointers onto the internal operator result stack. http://bugzilla.kernel.org/show_bug.cgi?id=6028 http://bugzilla.kernel.org/show_bug.cgi?id=6151 Increased the reference count threshold where a warning is emitted for large reference counts in order to eliminate unnecessary warnings on systems with large namespaces (especially 64-bit.) Increased the value from 0x400 to 0x800. Due to universal disagreement as to the meaning of the 'c' in the calloc() function, the ACPI_MEM_CALLOCATE macro has been renamed to ACPI_ALLOCATE_ZEROED so that the purpose of the interface is 'clear'. ACPI_MEM_ALLOCATE and ACPI_MEM_FREE are renamed to ACPI_ALLOCATE and ACPI_FREE. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Len Brown <len.brown@intel.com>
2006-01-31[ACPI] ACPICA 20060127Bob Moore
Implemented support in the Resource Manager to allow unresolved namestring references within resource package objects for the _PRT method. This support is in addition to the previously implemented unresolved reference support within the AML parser. If the interpreter slack mode is enabled (true on Linux unless acpi=strict), these unresolved references will be passed through to the caller as a NULL package entry. http://bugzilla.kernel.org/show_bug.cgi?id=5741 Implemented and deployed new macros and functions for error and warning messages across the subsystem. These macros are simpler and generate less code than their predecessors. The new macros ACPI_ERROR, ACPI_EXCEPTION, ACPI_WARNING, and ACPI_INFO replace the ACPI_REPORT_* macros. Implemented the acpi_cpu_flags type to simplify host OS integration of the Acquire/Release Lock OSL interfaces. Suggested by Steven Rostedt and Andrew Morton. Fixed a problem where Alias ASL operators are sometimes not correctly resolved. causing AE_AML_INTERNAL http://bugzilla.kernel.org/show_bug.cgi?id=5189 http://bugzilla.kernel.org/show_bug.cgi?id=5674 Fixed several problems with the implementation of the ConcatenateResTemplate ASL operator. As per the ACPI specification, zero length buffers are now treated as a single EndTag. One-length buffers always cause a fatal exception. Non-zero length buffers that do not end with a full 2-byte EndTag cause a fatal exception. Fixed a possible structure overwrite in the AcpiGetObjectInfo external interface. (With assistance from Thomas Renninger) Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Len Brown <len.brown@intel.com>
2006-01-20[ACPI] ACPICA 20060113Bob Moore
Added 2006 copyright. At SuSE's suggestion, enabled all error messages without enabling function tracing, ie with CONFIG_ACPI_DEBUG=n Replaced all instances of the ACPI_DEBUG_PRINT macro invoked at the ACPI_DB_ERROR and ACPI_DB_WARN debug levels with the ACPI_REPORT_ERROR and ACPI_REPORT_WARNING macros, respectively. This preserves all error and warning messages in the non-debug version of the ACPICA code (this has been referred to as the "debug lite" option.) Over 200 cases were converted to create a total of over 380 error/warning messages across the ACPICA code. This increases the code and data size of the default non-debug version by about 13K. Added ACPI_NO_ERROR_MESSAGES flag to enable deleting all messages. The size of the debug version remains about the same. Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Len Brown <len.brown@intel.com>
2005-12-10[ACPI] ACPICA 20050930Bob Moore
Completed a major overhaul of the Resource Manager code - specifically, optimizations in the area of the AML/internal resource conversion code. The code has been optimized to simplify and eliminate duplicated code, CPU stack use has been decreased by optimizing function parameters and local variables, and naming conventions across the manager have been standardized for clarity and ease of maintenance (this includes function, parameter, variable, and struct/typedef names.) All Resource Manager dispatch and information tables have been moved to a single location for clarity and ease of maintenance. One new file was created, named "rsinfo.c". The ACPI return macros (return_ACPI_STATUS, etc.) have been modified to guarantee that the argument is not evaluated twice, making them less prone to macro side-effects. However, since there exists the possibility of additional stack use if a particular compiler cannot optimize them (such as in the debug generation case), the original macros are optionally available. Note that some invocations of the return_VALUE macro may now cause size mismatch warnings; the return_UINT8 and return_UINT32 macros are provided to eliminate these. (From Randy Dunlap) Implemented a new mechanism to enable debug tracing for individual control methods. A new external interface, acpi_debug_trace(), is provided to enable this mechanism. The intent is to allow the host OS to easily enable and disable tracing for problematic control methods. This interface can be easily exposed to a user or debugger interface if desired. See the file psxface.c for details. acpi_ut_callocate() will now return a valid pointer if a length of zero is specified - a length of one is used and a warning is issued. This matches the behavior of acpi_ut_allocate(). Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Len Brown <len.brown@intel.com>
2005-08-05[ACPI] Lindent all ACPI filesLen Brown
Signed-off-by: Len Brown <len.brown@intel.com>
2005-07-12ACPICA 20050408 from Bob MooreRobert Moore
Fixed three cases in the interpreter where an "index" argument to an ASL function was still (internally) 32 bits instead of the required 64 bits. This was the Index argument to the Index, Mid, and Match operators. The "strupr" function is now permanently local (acpi_ut_strupr), since this is not a POSIX-defined function and not present in most kernel-level C libraries. References to the C library strupr function have been removed from the headers. Completed the deployment of static functions/prototypes. All prototypes with the static attribute have been moved from the headers to the owning C file. ACPICA 20050329 from Bob Moore An error is now generated if an attempt is made to create a Buffer Field of length zero (A CreateField with a length operand of zero.) The interpreter now issues a warning whenever executable code at the module level is detected during ACPI table load. This will give some idea of the prevalence of this type of code. Implemented support for references to named objects (other than control methods) within package objects. Enhanced package object output for the debug object. Package objects are now completely dumped, showing all elements. Enhanced miscellaneous object output for the debug object. Any object can now be written to the debug object (for example, a device object can be written, and the type of the object will be displayed.) The "static" qualifier has been added to all local functions across the core subsystem. The number of "long" lines (> 80 chars) within the source has been significantly reduced, by about 1/3. Cleaned up all header files to ensure that all CA/iASL functions are prototyped (even static functions) and the formatting is consistent. Two new header files have been added, acopcode.h and acnames.h. Removed several obsolete functions that were no longer used. Signed-off-by: Len Brown <len.brown@intel.com>
2005-04-16Linux-2.6.12-rc2Linus Torvalds
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!