Re: Acpi deadlocks with 3.7.0-rc4

From: Linus Torvalds
Date: Wed Nov 28 2012 - 14:07:44 EST

Next message: Konrad Rzeszutek Wilk: "Re: [PATCH v8 34/46] x86, mm: Add check before clear pte abovemax_low_pfn on 32bit"
Previous message: Ezequiel Garcia: "Re: [PATCH 0/23] media: Replace memcpy with struct assignment"
In reply to: Zdenek Kabelac: "Re: Acpi deadlocks with 3.7.0-rc4"
Next in thread: Rafael J. Wysocki: "Re: Acpi deadlocks with 3.7.0-rc4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 28, 2012 at 9:27 AM, Zdenek Kabelac <zkabelac@xxxxxxxxxx> wrote:
>
> I've attached bigger disasfun script output to BZ 51071.
> https://bugzilla.kernel.org/show_bug.cgi?id=51071#c1
>
>
> if (ACPI_GET_DESCRIPTOR_TYPE(prefix_node) !=
> 00000000000000a1 <acpi_ns_lookup+0xa1> cmpb $0xf,0x8(%rbx)
> 00000000000000a5 <acpi_ns_lookup+0xa5> je 0da <acpi_ns_lookup+0xda>
>
> seems to be going out of bounds.

The whole "prefix_node" pointer is bogus. It seems to have the value 0x1000.

I wonder how that happened. It's loaded from 'scope_info->scope.node',
and it *should* be a valid pointer.

Can you add a print-out of

scope_info->common.descriptor_type

and check that it is ACPI_DESC_TYPE_STATE_WSCOPE (== 8). If it is not,
return early.

Or just something like the attatched, which just uses the root node
(and warns once) if it's not a valid WSCOPE thing.

Linus

Attachment: patch.diff
Description: Binary data

Next message: Konrad Rzeszutek Wilk: "Re: [PATCH v8 34/46] x86, mm: Add check before clear pte abovemax_low_pfn on 32bit"
Previous message: Ezequiel Garcia: "Re: [PATCH 0/23] media: Replace memcpy with struct assignment"
In reply to: Zdenek Kabelac: "Re: Acpi deadlocks with 3.7.0-rc4"
Next in thread: Rafael J. Wysocki: "Re: Acpi deadlocks with 3.7.0-rc4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]