Hi :)
I tried to "port" kmsgdump to 2.5.47 and for some reason, it worked.
Attached is the full dmesg
Alan: I ran dmidecode under 2.4.19 which said simply "PNP BIOS present"
This is a thinkpad 760e, really old..I don't even think I need pnpbios support
for anything. 2.5.47/2.5.47-ac5 boot with pnpbios turned off, so I think you
just need to add this to your blacklist?
--
-Justin
Justin A wrote:
>
> Hi :)
>
> I tried to "port" kmsgdump to 2.5.47 and for some reason, it worked.
>
> Attached is the full dmesg
>
> Alan: I ran dmidecode under 2.4.19 which said simply "PNP BIOS present"
>
> This is a thinkpad 760e, really old..I don't even think I need pnpbios support
> for anything. 2.5.47/2.5.47-ac5 boot with pnpbios turned off, so I think you
> just need to add this to your blacklist?
>
The BUG in slab indicates that something overran the end of a kmalloced
buffer. That'll be either pnp_bios_get_dev_node() or node_set_resources()
ran off the end of `node'.
Andrew Morton wrote:
>
> Justin A wrote:
> >
> > Hi :)
> >
> > I tried to "port" kmsgdump to 2.5.47 and for some reason, it worked.
> >
> > Attached is the full dmesg
> >
> > Alan: I ran dmidecode under 2.4.19 which said simply "PNP BIOS present"
> >
> > This is a thinkpad 760e, really old..I don't even think I need pnpbios support
> > for anything. 2.5.47/2.5.47-ac5 boot with pnpbios turned off, so I think you
> > just need to add this to your blacklist?
> >
>
> The BUG in slab indicates that something overran the end of a kmalloced
> buffer. That'll be either pnp_bios_get_dev_node() or node_set_resources()
> ran off the end of `node'.
err...
node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
max_node_size appears to never be initialised.
On Sat, Nov 16, 2002 at 05:52:21PM -0800, Andrew Morton wrote:
> Andrew Morton wrote:
> >
> > Justin A wrote:
> > >
> > > Hi :)
> > >
> > > I tried to "port" kmsgdump to 2.5.47 and for some reason, it worked.
> > >
> > > Attached is the full dmesg
> > >
> > > Alan: I ran dmidecode under 2.4.19 which said simply "PNP BIOS present"
> > >
> > > This is a thinkpad 760e, really old..I don't even think I need pnpbios
support
If it was calling pnpbios_set_resources you probably do. This means it was
trying to activate a device. If a device is not active you cannot use it.
This device was most likely a serial port or modem. Try turning on PnP
Debug after applying the below patch and see if a device is activated.
> > > for anything. 2.5.47/2.5.47-ac5 boot with pnpbios turned off, so I think
you
> > > just need to add this to your blacklist?
> > >
> >
> > The BUG in slab indicates that something overran the end of a kmalloced
> > buffer. That'll be either pnp_bios_get_dev_node() or node_set_resources()
> > ran off the end of `node'.
>
> err...
>
> node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
>
> max_node_size appears to never be initialised.
Oops. I put the pnpbios_kmalloc in the wrong place. It's amazing it still
worked on my test box. Here's a patch that should fix it. Justin: could you
please try it.
Thanks,
Adam
The typo appears to be in pnpbios_set_resources. Andrew: Is this where you
found it?
--- a/drivers/pnp/pnpbios/core.c Wed Nov 6 17:51:53 2002
+++ b/drivers/pnp/pnpbios/core.c Sat Nov 16 23:03:00 2002
@@ -1285,9 +1285,9 @@
return -EBUSY;
if (flags == PNP_DYNAMIC && !pnp_is_dynamic(dev))
return -EPERM;
- node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
if (pnp_bios_dev_node_info(&node_info) != 0)
return -ENODEV;
+ node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
if (!node)
return -1;
if (pnp_bios_get_dev_node(&nodenum, (char )1, node))
Adam Belay wrote:
>
> The typo appears to be in pnpbios_set_resources. Andrew: Is this where you
> found it?
Well no.
> --- a/drivers/pnp/pnpbios/core.c Wed Nov 6 17:51:53 2002
> +++ b/drivers/pnp/pnpbios/core.c Sat Nov 16 23:03:00 2002
> @@ -1285,9 +1285,9 @@
> return -EBUSY;
> if (flags == PNP_DYNAMIC && !pnp_is_dynamic(dev))
> return -EPERM;
> - node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
> if (pnp_bios_dev_node_info(&node_info) != 0)
> return -ENODEV;
> + node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
As far as I can see, max_node_size is never initialised anywhere.
mnm:/usr/src/25> grep -rI max_node_size .
./drivers/pnp/pnpbios/core.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
./drivers/pnp/pnpbios/core.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
./drivers/pnp/pnpbios/core.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
./drivers/pnp/pnpbios/core.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
./drivers/pnp/pnpbios/proc.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
./drivers/pnp/pnpbios/proc.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
./drivers/pnp/pnpbios/proc.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
./drivers/pnp/pnpbios/proc.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
./fs/reiserfs/fix_node.c: int total_node_size, max_node_size, current_item_size;
./fs/reiserfs/fix_node.c: max_node_size = MAX_CHILD_SIZE (PATH_H_PBUFFER (tb->tb_path, h));
./fs/reiserfs/fix_node.c: if (i == max_node_size)
./fs/reiserfs/fix_node.c: return (i / max_node_size + 1);
./fs/reiserfs/fix_node.c: cur_free = max_node_size;
./fs/reiserfs/fix_node.c: if (total_node_size + current_item_size <= max_node_size) {
./fs/reiserfs/fix_node.c: if (current_item_size > max_node_size) {
./fs/reiserfs/fix_node.c: current_item_size, max_node_size);
./fs/reiserfs/fix_node.c: free_space = max_node_size - total_node_size - IH_SIZE;
./include/linux/pnpbios.h: __u16 max_node_size;
On Saturday 16 November 2002 06:25 pm, Adam Belay wrote:
> Oops. I put the pnpbios_kmalloc in the wrong place. It's amazing it still
> worked on my test box. Here's a patch that should fix it. Justin: could
> you please try it.
>
> Thanks,
> Adam
I had a fealing that call_pnp_bios was doing something with data so I tried it
anyway with:
CONFIG_PNP=y
CONFIG_PNP_NAMES=y
CONFIG_PNP_DEBUG=y
CONFIG_ISAPNP=y
CONFIG_PNPBIOS=y
and it booted ok. You were right, it was a serial port(even though that port
always worked without pnp:))
I didn't have NAMES and DEBUG on before, so hopefully neither of those is what
fixed it in this case.
Here is the new dmseg, you can ignore the crap at the end, thats just pcmcia
being broken, it goes away if I move /l/m/2/k/d/pcmcia out of the way.
--
-Justin
On Sat, Nov 16, 2002 at 08:35:54PM -0800, Andrew Morton wrote:
> Adam Belay wrote:
> >
> > The typo appears to be in pnpbios_set_resources. Andrew: Is this where you
> > found it?
>
> Well no.
>
> > --- a/drivers/pnp/pnpbios/core.c Wed Nov 6 17:51:53 2002
> > +++ b/drivers/pnp/pnpbios/core.c Sat Nov 16 23:03:00 2002
> > @@ -1285,9 +1285,9 @@
> > return -EBUSY;
> > if (flags == PNP_DYNAMIC && !pnp_is_dynamic(dev))
> > return -EPERM;
> > - node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
> > if (pnp_bios_dev_node_info(&node_info) != 0)
> > return -ENODEV;
> > + node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
>
> As far as I can see, max_node_size is never initialised anywhere.
>
> mnm:/usr/src/25> grep -rI max_node_size .
> ./drivers/pnp/pnpbios/core.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
> ./drivers/pnp/pnpbios/core.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
> ./drivers/pnp/pnpbios/core.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
> ./drivers/pnp/pnpbios/core.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
> ./drivers/pnp/pnpbios/proc.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
> ./drivers/pnp/pnpbios/proc.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
> ./drivers/pnp/pnpbios/proc.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
> ./drivers/pnp/pnpbios/proc.c: node = pnpbios_kmalloc(node_info.max_node_size, GFP_KERNEL);
> ./fs/reiserfs/fix_node.c: int total_node_size, max_node_size, current_item_size;
> ./fs/reiserfs/fix_node.c: max_node_size = MAX_CHILD_SIZE (PATH_H_PBUFFER (tb->tb_path, h));
> ./fs/reiserfs/fix_node.c: if (i == max_node_size)
> ./fs/reiserfs/fix_node.c: return (i / max_node_size + 1);
> ./fs/reiserfs/fix_node.c: cur_free = max_node_size;
> ./fs/reiserfs/fix_node.c: if (total_node_size + current_item_size <= max_node_size) {
> ./fs/reiserfs/fix_node.c: if (current_item_size > max_node_size) {
> ./fs/reiserfs/fix_node.c: current_item_size, max_node_size);
> ./fs/reiserfs/fix_node.c: free_space = max_node_size - total_node_size - IH_SIZE;
> ./include/linux/pnpbios.h: __u16 max_node_size;
It may not appear to be initialized but in reality it actually is. pnp_bios_dev_node_info
recieves a pointer to the node_info structure containing max_node_size. It then passes the
pointer to __pnp_bios_dev_node_info which then passes the pointer to call_pnp_bios.
call_pnp_bios is in assembler primarily and writes data directly to the pointer almost as if
it were a buffer. As a result the structure contains a value for max_node_size.
I appreciate your input. Let me know if you need any additional information.
Thanks,
Adam
On Sun, Nov 17, 2002 at 01:00:53AM -0500, Justin A wrote:
> On Saturday 16 November 2002 06:25 pm, Adam Belay wrote:
>
> > Oops. I put the pnpbios_kmalloc in the wrong place. It's amazing it still
> > worked on my test box. Here's a patch that should fix it. Justin: could
> > you please try it.
> >
> > Thanks,
> > Adam
> I had a fealing that call_pnp_bios was doing something with data so I tried it
> anyway with:
>
> CONFIG_PNP=y
> CONFIG_PNP_NAMES=y
> CONFIG_PNP_DEBUG=y
> CONFIG_ISAPNP=y
> CONFIG_PNPBIOS=y
>
> and it booted ok. You were right, it was a serial port(even though that port
> always worked without pnp:))
>
> I didn't have NAMES and DEBUG on before, so hopefully neither of those is what
> fixed it in this case.
>
> Here is the new dmseg, you can ignore the crap at the end, thats just pcmcia
> being broken, it goes away if I move /l/m/2/k/d/pcmcia out of the way.
>
> --
> -Justin
> pnp: the driver 'serial' has been registered
> pnp: pnp: match found with the PnP device '00:13' and the driver 'serial'
> pnp: the device '00:13' has been activated
> PnPBIOS: set_dev_node: Unexpected status 0x85
Hmm, this isn't right. 0x85 means unable to set resources. If you have it
could you please send me a copy of the output of lspnp for node 13. I'm not
sure what this device is, do you have a second serial port?
Thanks,
Adam
On Sunday 17 November 2002 01:05 pm, Adam Belay wrote:
> >
> > pnp: the driver 'serial' has been registered
> > pnp: pnp: match found with the PnP device '00:13' and the driver 'serial'
> > pnp: the device '00:13' has been activated
> > PnPBIOS: set_dev_node: Unexpected status 0x85
>
> Hmm, this isn't right. 0x85 means unable to set resources. If you have it
> could you please send me a copy of the output of lspnp for node 13. I'm
> not sure what this device is, do you have a second serial port?
>
> Thanks,
> Adam
lspnp output at the end.
It has 2 infrared ports(well its the same port in 2 places....) , one rs232
port on the back, and a modem port.
This is an IBM thinkpad, so imagine BIOS from hell, its all gooey and
useless... I think you are supposed to be able to switch the serial port
from infrared to the rs232 port, but I don't know how. I use the infrared
anyway so thats ok :)
It might be flipping out over the modem, its one of those mwave DSP things.
Neither the modem or the sound work in linux right now... I would need to
install http://www-124.ibm.com/acpmodem/ to get just the modem working..and I
really don't even care :)
If anything I would like the sound to work. I think once its initialized it
ends up being sb compatible, but I think even then its only 8bit sound, which
isn't even worth it.
even after
"PnPBIOS: set_dev_node: Unexpected status 0x85"
The IR port still works, so it doesn't seem to break anything...
13 PNP0501 communications device: RS-232
flags: none [static]
allocated resources:
irq disabled [high edge]
io disabled
possible resources:
[start dep fn]
irq 4 [high edge]
io 0x03f8-0x03ff
[start dep fn]
irq 3 [high edge]
io 0x02f8-0x02ff
[start dep fn]
irq 4 [high edge]
io 0x03e8-0x03ef
[start dep fn]
irq 3 [high edge]
io 0x02e8-0x02ef
[end dep fn]
00 PNP0000 system peripheral: programmable interrupt controller
01 PNP0200 system peripheral: DMA controller
02 PNP0100 system peripheral: system timer
03 PNP0b00 system peripheral: real time clock
04 PNP0303 input device: keyboard
05 PNP0f13 input device: mouse
06 PNP0c04 system peripheral: other
07 PNP0700 mass storage device: floppy
08 PNP0680 mass storage device: IDE
0d PNP0a03 bridge controller: PCI
10 PNP0c02 system peripheral: other
11 PNP0400 communications device: AT parallel port
13 PNP0501 communications device: RS-232
14 IBM0070 communications device: other
15 IBM36e1 multimedia controller: audio
19 PNP0e03 bridge controller: PCMCIA
--
-Justin
There is at least one other problem. The pnp layer is initialized way
too early. I've moved pnpbios and isapnp to init after acpi and pci in
my tree and at least one weird oops on Telsa's Cyrix MediaGX + CS5520
box has gone away.
Now to figure out how I broke IDE ;)