From 4a5e3638b11978262ab76bbb2062e57fefaaedba Mon Sep 17 00:00:00 2001 From: Bjorn Helgaas Date: Tue, 15 Jul 2008 09:42:57 -0600 Subject: ACPI: stop complaints about interrupt link End Tags and blank IRQ descriptors Silently ignore _PRS End Tags. We already ignore Start Dependent Functions in _PRS, and we already ignore End Tags in _CRS, so we might as well ignore End Tags in _PRS as well. Silently ignore _PRS IRQ descriptors that mention no interrupts. The spec allows this (section 6.4.2.1 in ACPI 3.0b spec), and it probably means the interrupt link can't be configured at all. This patch doesn't change any functional behavior; it just removes confusing complaints like these: ACPI: Blank IRQ resource ACPI: Resource is not an IRQ entry when parsing _PRS data "23 00 00 18 79 00" from an IBM xSeries 335 dual Pentium IV Xeon 2.40 GHz machine. For more details, see http://bugzilla.kernel.org/show_bug.cgi?id=11049 The "23 00 00 18" part is a three-byte-long small IRQ resource with no bits set in the IRQ mask ("00 00"), and level-triggered, active low, shareable ("18"). The "79 00" is an End Tag (type 0x7). It is superfluous since there is no Start Dependent Function tag and there are no resources after it, but it is harmless. Thanks to Gabriele Trombetti (aka Kurk) for reporting this and testing the patch. Signed-off-by: Bjorn Helgaas Signed-off-by: Andi Kleen --- drivers/acpi/pci_link.c | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) (limited to 'drivers/acpi') diff --git a/drivers/acpi/pci_link.c b/drivers/acpi/pci_link.c index 233c40c5168..89f3b2abfdc 100644 --- a/drivers/acpi/pci_link.c +++ b/drivers/acpi/pci_link.c @@ -113,20 +113,23 @@ acpi_pci_link_check_possible(struct acpi_resource *resource, void *context) switch (resource->type) { case ACPI_RESOURCE_TYPE_START_DEPENDENT: + case ACPI_RESOURCE_TYPE_END_TAG: return AE_OK; case ACPI_RESOURCE_TYPE_IRQ: { struct acpi_resource_irq *p = &resource->data.irq; if (!p || !p->interrupt_count) { - printk(KERN_WARNING PREFIX "Blank IRQ resource\n"); + ACPI_DEBUG_PRINT((ACPI_DB_INFO, + "Blank _PRS IRQ resource\n")); return AE_OK; } for (i = 0; (i < p->interrupt_count && i < ACPI_PCI_LINK_MAX_POSSIBLE); i++) { if (!p->interrupts[i]) { - printk(KERN_WARNING PREFIX "Invalid IRQ %d\n", - p->interrupts[i]); + printk(KERN_WARNING PREFIX + "Invalid _PRS IRQ %d\n", + p->interrupts[i]); continue; } link->irq.possible[i] = p->interrupts[i]; @@ -143,15 +146,16 @@ acpi_pci_link_check_possible(struct acpi_resource *resource, void *context) &resource->data.extended_irq; if (!p || !p->interrupt_count) { printk(KERN_WARNING PREFIX - "Blank EXT IRQ resource\n"); + "Blank _PRS EXT IRQ resource\n"); return AE_OK; } for (i = 0; (i < p->interrupt_count && i < ACPI_PCI_LINK_MAX_POSSIBLE); i++) { if (!p->interrupts[i]) { - printk(KERN_WARNING PREFIX "Invalid IRQ %d\n", - p->interrupts[i]); + printk(KERN_WARNING PREFIX + "Invalid _PRS IRQ %d\n", + p->interrupts[i]); continue; } link->irq.possible[i] = p->interrupts[i]; @@ -163,7 +167,8 @@ acpi_pci_link_check_possible(struct acpi_resource *resource, void *context) break; } default: - printk(KERN_ERR PREFIX "Resource is not an IRQ entry\n"); + printk(KERN_ERR PREFIX "_PRS resource type 0x%x isn't an IRQ\n", + resource->type); return AE_OK; } @@ -199,6 +204,9 @@ acpi_pci_link_check_current(struct acpi_resource *resource, void *context) switch (resource->type) { + case ACPI_RESOURCE_TYPE_START_DEPENDENT: + case ACPI_RESOURCE_TYPE_END_TAG: + return AE_OK; case ACPI_RESOURCE_TYPE_IRQ: { struct acpi_resource_irq *p = &resource->data.irq; @@ -208,7 +216,7 @@ acpi_pci_link_check_current(struct acpi_resource *resource, void *context) * particularly those those w/ _STA disabled */ ACPI_DEBUG_PRINT((ACPI_DB_INFO, - "Blank IRQ resource\n")); + "Blank _CRS IRQ resource\n")); return AE_OK; } *irq = p->interrupts[0]; @@ -224,7 +232,7 @@ acpi_pci_link_check_current(struct acpi_resource *resource, void *context) * return at least 1 IRQ */ printk(KERN_WARNING PREFIX - "Blank EXT IRQ resource\n"); + "Blank _CRS EXT IRQ resource\n"); return AE_OK; } *irq = p->interrupts[0]; @@ -232,10 +240,11 @@ acpi_pci_link_check_current(struct acpi_resource *resource, void *context) } break; default: - printk(KERN_ERR PREFIX "Resource %d isn't an IRQ\n", resource->type); - case ACPI_RESOURCE_TYPE_END_TAG: + printk(KERN_ERR PREFIX "_CRS resource type 0x%x isn't an IRQ\n", + resource->type); return AE_OK; } + return AE_CTRL_TERMINATE; } -- cgit v1.2.3 From c2c789057f075022658b38b498755c29c1ba8055 Mon Sep 17 00:00:00 2001 From: Zhao Yakui Date: Thu, 17 Jul 2008 10:46:05 +0800 Subject: ACPI: Ignore _BQC object when registering backlight device According to acpi spec , the objectes of _BCL and _BCM are required if integrated LCD is present and supports brightness level and the _BQC is the optional object. So the _BQC object will be ignored when the backlight device is registered. At the same time when there is no _BQC object, the current brightness will be set to the maximum. http://bugzilla.kernel.org/show_bug.cgi?id=10206 Signed-off-by: Zhao Yakui Signed-off-by: Zhang Rui Signed-off-by: Andi Kleen --- drivers/acpi/video.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'drivers/acpi') diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c index 64c889331f3..e32b6c14d92 100644 --- a/drivers/acpi/video.c +++ b/drivers/acpi/video.c @@ -741,7 +741,7 @@ static void acpi_video_device_find_cap(struct acpi_video_device *device) max_level = acpi_video_init_brightness(device); - if (device->cap._BCL && device->cap._BCM && device->cap._BQC && max_level > 0){ + if (device->cap._BCL && device->cap._BCM && max_level > 0) { int result; static int count = 0; char *name; @@ -753,7 +753,17 @@ static void acpi_video_device_find_cap(struct acpi_video_device *device) device->backlight = backlight_device_register(name, NULL, device, &acpi_backlight_ops); device->backlight->props.max_brightness = device->brightness->count-3; - device->backlight->props.brightness = acpi_video_get_brightness(device->backlight); + /* + * If there exists the _BQC object, the _BQC object will be + * called to get the current backlight brightness. Otherwise + * the brightness will be set to the maximum. + */ + if (device->cap._BQC) + device->backlight->props.brightness = + acpi_video_get_brightness(device->backlight); + else + device->backlight->props.brightness = + device->backlight->props.max_brightness; backlight_update_status(device->backlight); kfree(name); -- cgit v1.2.3 From ea51011a27db48ea0a80a5e20de3969b292d5d4d Mon Sep 17 00:00:00 2001 From: Zhao Yakui Date: Mon, 14 Jul 2008 15:14:03 +0800 Subject: ACPI : Set FAN device to correct state in boot phase Subject:ACPI: Set FAN device to correct state in boot phase From: Zhao Yakui On some laptops when ACPI FAN driver is loaded, maybe the FAN device will be turned on. But if the temperature is below the threshold, the corresponding FAN device should be turned off in the course of loading thermal driver. So it is necessary to set the FAN device to the correct state in course of loading the thermal driver. http://bugzilla.kernel.org/show_bug.cgi?id=8049 Signed-off-by: Zhao Yakui Signed-off-by: Zhang Rui Signed-off-by: Andi Kleen --- drivers/acpi/thermal.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) (limited to 'drivers/acpi') diff --git a/drivers/acpi/thermal.c b/drivers/acpi/thermal.c index 84c795fb9b1..9adfd180df6 100644 --- a/drivers/acpi/thermal.c +++ b/drivers/acpi/thermal.c @@ -769,6 +769,47 @@ static void acpi_thermal_run(unsigned long data) acpi_os_execute(OSL_GPE_HANDLER, acpi_thermal_check, (void *)data); } +static void acpi_thermal_active_off(void *data) +{ + int result = 0; + struct acpi_thermal *tz = data; + int i = 0; + int j = 0; + struct acpi_thermal_active *active = NULL; + + if (!tz) { + printk(KERN_ERR PREFIX "Invalid (NULL) context\n"); + return; + } + + result = acpi_thermal_get_temperature(tz); + if (result) + return; + + for (i = 0; i < ACPI_THERMAL_MAX_ACTIVE; i++) { + active = &(tz->trips.active[i]); + if (!active || !active->flags.valid) + break; + if (tz->temperature >= active->temperature) { + /* + * If the thermal temperature is greater than the + * active threshod, unnecessary to turn off the + * the active cooling device. + */ + continue; + } + /* + * Below Threshold? + * ---------------- + * Turn OFF all cooling devices associated with this + * threshold. + */ + for (j = 0; j < active->devices.count; j++) + result = acpi_bus_set_power(active->devices.handles[j], + ACPI_STATE_D3); + } +} + static void acpi_thermal_check(void *data) { int result = 0; @@ -1624,6 +1665,8 @@ static int acpi_thermal_add(struct acpi_device *device) init_timer(&tz->timer); + acpi_thermal_active_off(tz); + acpi_thermal_check(tz); status = acpi_install_notify_handler(device->handle, -- cgit v1.2.3 From b1d77fae0c429d1be84ca0c9e627d9ab0e2a6d0b Mon Sep 17 00:00:00 2001 From: Andi Kleen Date: Fri, 18 Jul 2008 01:42:20 +0200 Subject: Revert "Fix FADT parsing" This reverts commit 01a5bba576b9364b33f61f0cd9fa70c2cf5535e2. There seem to be some FADTs around with bogus information in the v2 fields. Revert this patch for now until this can be properly resolved. Signed-off-by: Andi Kleen --- drivers/acpi/tables/tbfadt.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) (limited to 'drivers/acpi') diff --git a/drivers/acpi/tables/tbfadt.c b/drivers/acpi/tables/tbfadt.c index ccb5b64bbef..a4a41ba2484 100644 --- a/drivers/acpi/tables/tbfadt.c +++ b/drivers/acpi/tables/tbfadt.c @@ -124,7 +124,7 @@ static struct acpi_fadt_info fadt_info_table[] = { static void inline acpi_tb_init_generic_address(struct acpi_generic_address *generic_address, - u8 byte_width, u64 address) + u8 bit_width, u64 address) { /* @@ -136,7 +136,7 @@ acpi_tb_init_generic_address(struct acpi_generic_address *generic_address, /* All other fields are byte-wide */ generic_address->space_id = ACPI_ADR_SPACE_SYSTEM_IO; - generic_address->bit_width = byte_width << 3; + generic_address->bit_width = bit_width; generic_address->bit_offset = 0; generic_address->access_width = 0; } @@ -343,11 +343,9 @@ static void acpi_tb_convert_fadt(void) * * The PM event blocks are split into two register blocks, first is the * PM Status Register block, followed immediately by the PM Enable Register - * block. Each is of length (xpm1x_event_block.bit_width/2) + * block. Each is of length (pm1_event_length/2) */ - WARN_ON(ACPI_MOD_16(acpi_gbl_FADT.xpm1a_event_block.bit_width)); - pm1_register_length = (u8) ACPI_DIV_16(acpi_gbl_FADT - .xpm1a_event_block.bit_width); + pm1_register_length = (u8) ACPI_DIV_2(acpi_gbl_FADT.pm1_event_length); /* The PM1A register block is required */ @@ -362,17 +360,14 @@ static void acpi_tb_convert_fadt(void) /* The PM1B register block is optional, ignore if not present */ if (acpi_gbl_FADT.xpm1b_event_block.address) { - WARN_ON(ACPI_MOD_16(acpi_gbl_FADT.xpm1b_event_block.bit_width)); - pm1_register_length = (u8) ACPI_DIV_16(acpi_gbl_FADT - .xpm1b_event_block - .bit_width); acpi_tb_init_generic_address(&acpi_gbl_xpm1b_enable, pm1_register_length, (acpi_gbl_FADT.xpm1b_event_block. address + pm1_register_length)); /* Don't forget to copy space_id of the GAS */ acpi_gbl_xpm1b_enable.space_id = - acpi_gbl_FADT.xpm1b_event_block.space_id; + acpi_gbl_FADT.xpm1a_event_block.space_id; + } } -- cgit v1.2.3 From e1469c34eb623cd1945ef09bfd7de7bc2f9ff6b3 Mon Sep 17 00:00:00 2001 From: Andi Kleen Date: Fri, 18 Jul 2008 01:43:08 +0200 Subject: Revert "dock: bay: Don't call acpi_walk_namespace() when ACPI is disabled." Revert double commit by mistake. Noticed by Thomas Gleixner. This reverts commit cc7e51666d82aedfd6b9a033ca1a10d71c21f1ca. Signed-off-by: Andi Kleen --- drivers/acpi/bay.c | 3 --- drivers/acpi/dock.c | 3 --- 2 files changed, 6 deletions(-) (limited to 'drivers/acpi') diff --git a/drivers/acpi/bay.c b/drivers/acpi/bay.c index e6caf5d42e0..61b6c5beb2d 100644 --- a/drivers/acpi/bay.c +++ b/drivers/acpi/bay.c @@ -377,9 +377,6 @@ static int __init bay_init(void) INIT_LIST_HEAD(&drive_bays); - if (acpi_disabled) - return -ENODEV; - if (acpi_disabled) return -ENODEV; diff --git a/drivers/acpi/dock.c b/drivers/acpi/dock.c index 1e872e79db3..bb7c51f712b 100644 --- a/drivers/acpi/dock.c +++ b/drivers/acpi/dock.c @@ -917,9 +917,6 @@ static int __init dock_init(void) dock_station = NULL; - if (acpi_disabled) - return 0; - if (acpi_disabled) return 0; -- cgit v1.2.3 From 725c3a2d70f958adee807c178178819a50f68a56 Mon Sep 17 00:00:00 2001 From: Andi Kleen Date: Fri, 18 Jul 2008 09:12:49 +0200 Subject: Revert "ACPI: don't walk tables if ACPI was disabled" This reverts commit d1857056904d5f313f11184fcfa624652ff9620a. Double commit, noticed by Thomas Gleixner. Signed-off-by: Andi Kleen --- drivers/acpi/glue.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'drivers/acpi') diff --git a/drivers/acpi/glue.c b/drivers/acpi/glue.c index 0f2dd81736b..2f173e83f8a 100644 --- a/drivers/acpi/glue.c +++ b/drivers/acpi/glue.c @@ -335,9 +335,6 @@ static int __init acpi_rtc_init(void) { struct device *dev = get_rtc_dev(); - if (acpi_disabled) - return 0; - if (acpi_disabled) return 0; -- cgit v1.2.3 From f88133d76ea38761b7379d6233b752ed82250a4a Mon Sep 17 00:00:00 2001 From: Ingo Molnar Date: Mon, 21 Jul 2008 15:57:45 +0200 Subject: acpi: fix crash in core ACPI code, triggered by CONFIG_ACPI_PCI_SLOT=y -tip testing found the following boot crash on 32-bit x86 (Core2Duo laptop) yesterday: [ 5.606664] scsi4 : ata_piix [ 5.606664] scsi5 : ata_piix [ 5.606664] ACPI Error (psargs-0358): [\_SB_.PCI0.LPC_.EC__.BSTA] Namespace lookup failure, AE_NOT_FOUND [ 5.606664] ACPI Error (psparse-0530): ACPI Error (nsnames-0186): Invalid NS Node (f7c0e960) while traversing path [20080609] [ 5.606664] BUG: unable to handle kernel NULL pointer dereference at 0000000f [ 5.606664] IP: [<80339e2f>] acpi_ns_build_external_path+0x1f/0x80 [ 5.609997] *pdpt = 0000000000a03001 *pde = 0000000000000000 [ 5.609997] Oops: 0002 [#1] SMP [ 5.609997] [ 5.609997] Pid: 1, comm: swapper Not tainted (2.6.26-tip-03965-gbbfb62e-dirty #3153) [ 5.609997] EIP: 0060:[<80339e2f>] EFLAGS: 00010286 CPU: 0 [ 5.609997] EIP is at acpi_ns_build_external_path+0x1f/0x80 [ 5.609997] EAX: f7c18c18 EBX: ffffffff ECX: 00000010 EDX: 00000000 [ 5.609997] ESI: f7c18c18 EDI: 00000010 EBP: f7c4dc28 ESP: f7c4dc18 [ 5.609997] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 [ 5.609997] Process swapper (pid: 1, ti=f7c4c000 task=f7c50000 task.ti=f7c4c000) [ 5.609997] Stack: 00000000 00000000 f7c18c18 f7c4dc48 f7c4dc40 80339ed0 00000000 f7c18c18 [ 5.609997] 8084c1b6 8084c1b6 f7c4dc58 8033a60a 00000000 00000010 00000000 f7c18c18 [ 5.609997] f7c4dc70 8033a68f f7c18c18 00000000 f6de7600 00000005 f7c4dc98 8033c34d [ 5.609997] Call Trace: [ 5.609997] [<80339ed0>] ? acpi_ns_handle_to_pathname+0x40/0x72 [ 5.609997] [<8033a60a>] ? acpi_ns_print_node_pathname+0x2c/0x61 [ 5.609997] [<8033a68f>] ? acpi_ns_report_method_error+0x50/0x6d [ 5.609997] [<8033c34d>] ? acpi_ps_parse_aml+0x149/0x2f9 [ 5.609997] [<8033d6dd>] ? acpi_ps_execute_method+0x132/0x201 [ 5.609997] [<80339d19>] ? acpi_ns_evaluate+0x1ad/0x258 [ 5.609997] [<803406c4>] ? acpi_ut_evaluate_object+0x55/0x18f [ 5.609997] [<803408b7>] ? acpi_ut_execute_STA+0x22/0x7a [ 5.609997] [<8033a907>] ? acpi_get_object_info+0x131/0x1be [ 5.609997] [<80344bb2>] ? do_acpi_find_child+0x22/0x4b [ 5.609997] [<8033b855>] ? acpi_ns_walk_namespace+0xa5/0x124 [ 5.609997] [<803394f3>] ? acpi_walk_namespace+0x54/0x74 [ 5.609997] [<80344b90>] ? do_acpi_find_child+0x0/0x4b [ 5.609997] [<80344b85>] ? acpi_get_child+0x38/0x43 [ 5.609997] [<80344b90>] ? do_acpi_find_child+0x0/0x4b [ 5.609997] [<804d0148>] ? ata_acpi_associate+0xb5/0x1b5 [ 5.609997] [<804c6ecb>] ? ata_scsi_add_hosts+0x8e/0xdc [ 5.609997] [<804c40c8>] ? ata_host_register+0x9f/0x1d6 [ 5.609997] [<804cbc7f>] ? ata_pci_sff_activate_host+0x179/0x19f [ 5.609997] [<804cdd45>] ? ata_sff_interrupt+0x0/0x1c7 [ 5.609997] [<8069b033>] ? piix_init_one+0x569/0x5b0 [ 5.609997] [<801bd400>] ? sysfs_ilookup_test+0x0/0x11 [ 5.609997] [<801987d7>] ? ilookup5_nowait+0x29/0x30 [ 5.609997] [<802efc7e>] ? pci_match_device+0x99/0xa3 [ 5.609997] [<802efd3c>] ? pci_device_probe+0x39/0x59 [ 5.609997] [<803bc4af>] ? driver_probe_device+0xa0/0x11b [ 5.609997] [<803bc564>] ? __driver_attach+0x3a/0x59 [ 5.609997] [<803bbde3>] ? bus_for_each_dev+0x36/0x58 [ 5.609997] [<803bc354>] ? driver_attach+0x14/0x16 [ 5.609997] [<803bc52a>] ? __driver_attach+0x0/0x59 [ 5.609997] [<803bc161>] ? bus_add_driver+0x93/0x196 [ 5.609997] [<803bc773>] ? driver_register+0x71/0xcd [ 5.609997] [<802eff05>] ? __pci_register_driver+0x3f/0x6e [ 5.609997] [<809af7ff>] ? piix_init+0x14/0x24 [ 5.609997] [<80984568>] ? kernel_init+0x128/0x269 [ 5.609997] [<809af7eb>] ? piix_init+0x0/0x24 [ 5.609997] [<802e2758>] ? trace_hardirqs_on_thunk+0xc/0x10 [ 5.609997] [<80116aef>] ? restore_nocheck_notrace+0x0/0xe [ 5.609997] [<80984440>] ? kernel_init+0x0/0x269 [ 5.609997] [<80984440>] ? kernel_init+0x0/0x269 [ 5.609997] [<80117d87>] ? kernel_thread_helper+0x7/0x10 [ 5.609997] ======================= [ 5.609997] Code: 75 02 b3 01 8d 43 01 8b 5d fc c9 c3 55 89 e5 57 89 cf 56 53 89 d3 4b 83 ec 04 83 fb 03 89 55 f0 77 09 c6 01 5c c6 41 01 00 eb 59 04 19 00 8b 55 f0 8d 34 11 89 c2 eb 19 8b 42 08 83 eb 05 89 [ 5.609997] EIP: [<80339e2f>] acpi_ns_build_external_path+0x1f/0x80 SS:ESP 0068:f7c4dc18 [ 5.613331] Kernel panic - not syncing: Fatal exception [ 5.613331] Rebooting in 1 seconds..[ 4.646664] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) I have bisected it down to: # bad: [5b664cbe] Merge branch 'upstream-linus' of git://git.kernel. # good: [bce7f795] Linux 2.6.26 # good: [e18425ab] Merge branch 'tracing/for-linus' of git://git.kern # good: [cadc7236] Merge branch 'bkl-removal' into next # good: [4515889a] Merge branch 'merge' of git://git.kernel.org/pub/s # good: [42fdd14e] Merge git://git.kernel.org/pub/scm/linux/kernel/gi # good: [8a0ca91f] Merge branch 'for-linus' of git://git.kernel.org/p # bad: [0af4b8cb] ACPI: Introduce new device wakeup flag 'prepared' # good: [fe997407] PCI: construct one fakephp slot per PCI slot # bad: [531f254a] PCIE: aer: use dev_printk when possible # bad: [15650a20] x86/PCI: fixup early quirk probing # good: [0e6859d9] ACPI PM: Remove obsolete Toshiba workaround # bad: [8344b566] PCI: ACPI PCI slot detection driver # good: [f46753c9] PCI: introduce pci_slot | 8344b568f5bdc7ee1bba909de3294c6348c36056 is first bad commit | commit 8344b568f5bdc7ee1bba909de3294c6348c36056 | Author: Alex Chiang | Date: Tue Jun 10 15:30:42 2008 -0600 | | PCI: ACPI PCI slot detection driver | | Detect all physical PCI slots as described by ACPI, and create entries in | /sys/bus/pci/slots/. I.e. the new CONFIG_ACPI_PCI_SLOT=y option was causing this crash. But the bug is not mainly in this new PCI code - that code was just hitting the ACPI code in a new way which made ACPI break. The crash signature shows that we are crashing on this instruction: movb $0x0, (%ecx, %ebx, 1) ECX and EBX are 0x10 and -1. It's this line in drivers/acpi/namespace/nsnames.c's acpi_ns_build_external_path(): name_buffer[index] = 0; I.e. name_buffer is 0x10 and index is -1. index -1 corresponds to size 0, and name_buffer 0x10 is slab's ZERO_SIZE_PTR special-case for zero-sized allocations. I.e. when we called acpi_ns_handle_to_pathname(), we got required_size of 0 due to an error condition, but this is passed to the ACPI allocator unconditionally: required_size = acpi_ns_get_pathname_length(node); /* Validate/Allocate/Clear caller buffer */ status = acpi_ut_initialize_buffer(buffer, required_size); if (ACPI_FAILURE(status)) { return_ACPI_STATUS(status); } Where acpi_ut_initialize_buffer(), through many (unnecessary) layers, ends up calling kzalloc(0). Which returns 0x10 and that then causes the crash later on. So fix both callers of acpi_ns_get_pathname_length(), which can return 0 in case of an invalid node. Also add a WARN_ON() against zero sized allocations in acpi_ut_initialize_buffer() to make it easier to find similar instances of this bug. I have tested this patch for the past 24 hours and the crash has not reappeared. Signed-off-by: Ingo Molnar Signed-off-by: Andi Kleen --- drivers/acpi/namespace/nsnames.c | 8 ++++++++ drivers/acpi/utilities/utalloc.c | 4 ++++ 2 files changed, 12 insertions(+) (limited to 'drivers/acpi') diff --git a/drivers/acpi/namespace/nsnames.c b/drivers/acpi/namespace/nsnames.c index cffef1bcbdb..549db42f16c 100644 --- a/drivers/acpi/namespace/nsnames.c +++ b/drivers/acpi/namespace/nsnames.c @@ -137,6 +137,10 @@ char *acpi_ns_get_external_pathname(struct acpi_namespace_node *node) /* Calculate required buffer size based on depth below root */ size = acpi_ns_get_pathname_length(node); + if (!size) { + ACPI_ERROR((AE_INFO, "Invalid node failure")); + return_PTR(NULL); + } /* Allocate a buffer to be returned to caller */ @@ -229,6 +233,10 @@ acpi_ns_handle_to_pathname(acpi_handle target_handle, /* Determine size required for the caller buffer */ required_size = acpi_ns_get_pathname_length(node); + if (!required_size) { + ACPI_ERROR((AE_INFO, "Invalid node failure")); + return_ACPI_STATUS(AE_ERROR); + } /* Validate/Allocate/Clear caller buffer */ diff --git a/drivers/acpi/utilities/utalloc.c b/drivers/acpi/utilities/utalloc.c index 3dfb8a442b2..e7bf34a7b1d 100644 --- a/drivers/acpi/utilities/utalloc.c +++ b/drivers/acpi/utilities/utalloc.c @@ -242,6 +242,10 @@ acpi_ut_initialize_buffer(struct acpi_buffer * buffer, { acpi_status status = AE_OK; + if (!required_length) { + WARN_ON(1); + return AE_ERROR; + } switch (buffer->length) { case ACPI_NO_BUFFER: -- cgit v1.2.3