Hi,
on insmod of asus_acpi on my Samsung P35 laptop I get the following
Oops (perfectly reproducible):
Asus Laptop ACPI Extras version 0.29
Unable to handle kernel NULL pointer dereference at virtual address 00000000
printing eip:
e1dfc362
*pde = 00000000
Oops: 0000 [#1]
Modules linked in: asus_acpi thermal processor fan button battery ac snd_pcm_oss snd_mixer_oss snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd soundcore
snd_page_alloc ipt_TOS ipt_LOG ipt_limit ipt_pkttype pcmcia firmware_class ipt_state ip6t_REJECT ipt_REJECT iptable_mangle iptable_nat iptable_filter ip6table_mangle
ip_nat_ftp ip_nat ip_conntrack_ftp ip_conntrack nfnetlink ip_tables ip6table_filter ip6_tables ipv6 evdev sg sd_mod sr_mod scsi_mod intel_agp agpgart ohci1394 ieee1394
yenta_socket rsrc_nonstatic pcmcia_core ehci_hcd uhci_hcd i2c_i801 joydev dm_mod usbcore 8139too mii reiserfs ide_cd cdrom ide_disk piix ide_core
CPU: 0
EIP: 0060:[<e1dfc362>] Not tainted VLI
EFLAGS: 00010203 (2.6.15-rc5)
EIP is at asus_hotk_get_info+0x17f/0x76c [asus_acpi]
eax: def75000 ebx: de8aaf54 ecx: 00000002 edx: 00000003
esi: 00000000 edi: e1e82a9c ebp: dde2fea0 esp: de8aaf48
ds: 007b es: 007b ss: 0068
Process modprobe (pid: 6566, threadinfo=de8aa000 task=ddac05b0)
Stack: 00000000 00005105 deef8000 00000010 dde2fea0 dfeddc00 e1e83196 dfeddc84
dfedd820 e1dfc982 e1dfca11 dfeddc00 e1e849e0 00000000 c021c2fa dfeddc00
e1e849e0 c021c39e e1e84b00 0805bc08 00000028 de8aa000 e1dfcb20 c0133b32
Call Trace:
[<e1dfc982>] asus_hotk_check+0x33/0x34 [asus_acpi]
[<e1dfca11>] asus_hotk_add+0x8e/0x148 [asus_acpi]
[<c021c2fa>] acpi_bus_driver_init+0x2e/0x57
[<c021c39e>] acpi_driver_attach+0x3e/0x63
[<e1dfcb20>] asus_acpi_init+0x55/0x7d [asus_acpi]
[<c0133b32>] sys_init_module+0xf2/0x180
[<c0102e6f>] sysenter_past_esp+0x54/0x75
Code: 08 68 7f 30 e8 e1 e8 0e f2 31 de 58 5a a1 10 4d e8 e1 ba 03 00 00 00 bf 9c 2a e8 e1 89 d1 c7 40 14 12 00 00 00 8b 75 08 49 78 08 <ac> ae 75 08 84 c0 75 f5 31 c0 eb 04
19 c0 0c 01 85 c0 75 11 a1
This oops affects all kernels since 2.6.12. Patch follows.
Please apply.
Regards,
Carl-Daniel
From: Christian Aichinger <[email protected]>
Subject: [PATCH] acpi: Fix oops in asus_acpi.c on Samsung P30/P35 Laptops
Date: 2005-09-23 23:36:25 GMT
Samsung P35's INIT returns an integer (instead of a string or a
plain buffer), which caused an oops when the result was treated as
string in asus_hotk_get_info() (since an invalid pointer got
dereferenced).
This patch explicitly checks for ACPI_TYPE_INTEGER and for the
return values possible on the P30/P35.
Signed-off-by: Christian Aichinger <[email protected]>
---
drivers/acpi/asus_acpi.c | 31 ++++++++++++++++++++++++++++---
1 files changed, 28 insertions(+), 3 deletions(-)
c51f431351c648519a9b91de3c5e1d636246d7bc
diff --git a/drivers/acpi/asus_acpi.c b/drivers/acpi/asus_acpi.c
--- a/drivers/acpi/asus_acpi.c
+++ b/drivers/acpi/asus_acpi.c
@@ -1006,6 +1006,24 @@ static int __init asus_hotk_get_info(voi
}
model = (union acpi_object *)buffer.pointer;
+
+ /* INIT on Samsung's P35 returns an integer, possible return
+ * values are tested below */
+ if (model->type == ACPI_TYPE_INTEGER) {
+ if (model->integer.value == -1 ||
+ model->integer.value == 0x58 ||
+ model->integer.value == 0x38) {
+ hotk->model = P30;
+ printk(KERN_NOTICE
+ " Samsung P35 detected, supported\n");
+ goto out_known;
+ } else {
+ printk(KERN_WARNING
+ " unknown integer returned by INIT\n");
+ goto out_unknown;
+ }
+ }
+
if (model->type == ACPI_TYPE_STRING) {
printk(KERN_NOTICE " %s model detected, ",
model->string.pointer);
@@ -1057,9 +1075,7 @@ static int __init asus_hotk_get_info(voi
hotk->model = L5x;
if (hotk->model == END_MODEL) {
- printk("unsupported, trying default values, supply the "
- "developers with your DSDT\n");
- hotk->model = M2E;
+ goto out_unknown;
} else {
printk("supported\n");
}
@@ -1088,6 +1104,15 @@ static int __init asus_hotk_get_info(voi
acpi_os_free(model);
return AE_OK;
+
+out_unknown:
+ printk(KERN_WARNING " unsupported, trying default values, "
+ "supply the developers with your DSDT\n");
+ hotk->model = M2E;
+out_known:
+ hotk->methods = &model_conf[hotk->model];
+ acpi_os_free(model);
+ return AE_OK;
}
static int __init asus_hotk_check(void)
On Tue, Dec 06, 2005 at 07:32:37PM +0100, Carl-Daniel Hailfinger wrote:
> Hi,
>
> on insmod of asus_acpi on my Samsung P35 laptop I get the following
> Oops (perfectly reproducible):
>
> Asus Laptop ACPI Extras version 0.29
> Unable to handle kernel NULL pointer dereference at virtual address 00000000
> printing eip:
> e1dfc362
> *pde = 00000000
> Oops: 0000 [#1]
> Modules linked in: asus_acpi thermal processor fan button battery ac
> snd_pcm_oss snd_mixer_oss snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm
> snd_timer snd soundcore
> snd_page_alloc ipt_TOS ipt_LOG ipt_limit ipt_pkttype pcmcia firmware_class
> ipt_state ip6t_REJECT ipt_REJECT iptable_mangle iptable_nat iptable_filter
> ip6table_mangle
> ip_nat_ftp ip_nat ip_conntrack_ftp ip_conntrack nfnetlink ip_tables
> ip6table_filter ip6_tables ipv6 evdev sg sd_mod sr_mod scsi_mod intel_agp
> agpgart ohci1394 ieee1394
> yenta_socket rsrc_nonstatic pcmcia_core ehci_hcd uhci_hcd i2c_i801 joydev
> dm_mod usbcore 8139too mii reiserfs ide_cd cdrom ide_disk piix ide_core
> CPU: 0
> EIP: 0060:[<e1dfc362>] Not tainted VLI
> EFLAGS: 00010203 (2.6.15-rc5)
> EIP is at asus_hotk_get_info+0x17f/0x76c [asus_acpi]
> eax: def75000 ebx: de8aaf54 ecx: 00000002 edx: 00000003
> esi: 00000000 edi: e1e82a9c ebp: dde2fea0 esp: de8aaf48
> ds: 007b es: 007b ss: 0068
> Process modprobe (pid: 6566, threadinfo=de8aa000 task=ddac05b0)
> Stack: 00000000 00005105 deef8000 00000010 dde2fea0 dfeddc00 e1e83196
> dfeddc84
> dfedd820 e1dfc982 e1dfca11 dfeddc00 e1e849e0 00000000 c021c2fa
> dfeddc00
> e1e849e0 c021c39e e1e84b00 0805bc08 00000028 de8aa000 e1dfcb20
> c0133b32
> Call Trace:
> [<e1dfc982>] asus_hotk_check+0x33/0x34 [asus_acpi]
> [<e1dfca11>] asus_hotk_add+0x8e/0x148 [asus_acpi]
> [<c021c2fa>] acpi_bus_driver_init+0x2e/0x57
> [<c021c39e>] acpi_driver_attach+0x3e/0x63
> [<e1dfcb20>] asus_acpi_init+0x55/0x7d [asus_acpi]
> [<c0133b32>] sys_init_module+0xf2/0x180
> [<c0102e6f>] sysenter_past_esp+0x54/0x75
> Code: 08 68 7f 30 e8 e1 e8 0e f2 31 de 58 5a a1 10 4d e8 e1 ba 03 00 00 00
> bf 9c 2a e8 e1 89 d1 c7 40 14 12 00 00 00 8b 75 08 49 78 08 <ac> ae 75 08
> 84 c0 75 f5 31 c0 eb 04
> 19 c0 0c 01 85 c0 75 11 a1
>
>
> This oops affects all kernels since 2.6.12. Patch follows.
> Please apply.
Is this patch accepted by the acpi maintainers yet?
> + /* INIT on Samsung's P35 returns an integer, possible return
> + * values are tested below */
> + if (model->type == ACPI_TYPE_INTEGER) {
> + if (model->integer.value == -1 ||
> + model->integer.value == 0x58 ||
> + model->integer.value == 0x38) {
> + hotk->model = P30;
> + printk(KERN_NOTICE
> + " Samsung P35 detected,
> supported\n");
Linewrapped :(
Are you sure that if logic is correct?
thanks,
greg k-h
Greg KH schrieb:
> On Tue, Dec 06, 2005 at 07:32:37PM +0100, Carl-Daniel Hailfinger wrote:
>
>>Hi,
>>
>>on insmod of asus_acpi on my Samsung P35 laptop I get the following
>>Oops (perfectly reproducible):
>>
>>Asus Laptop ACPI Extras version 0.29
>>Unable to handle kernel NULL pointer dereference at virtual address 00000000
>> printing eip:
>>e1dfc362
>>*pde = 00000000
>>Oops: 0000 [#1]
>>Modules linked in: asus_acpi thermal processor fan button battery ac
>>snd_pcm_oss snd_mixer_oss snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm
>>snd_timer snd soundcore
>>snd_page_alloc ipt_TOS ipt_LOG ipt_limit ipt_pkttype pcmcia firmware_class
>>ipt_state ip6t_REJECT ipt_REJECT iptable_mangle iptable_nat iptable_filter
>>ip6table_mangle
>>ip_nat_ftp ip_nat ip_conntrack_ftp ip_conntrack nfnetlink ip_tables
>>ip6table_filter ip6_tables ipv6 evdev sg sd_mod sr_mod scsi_mod intel_agp
>>agpgart ohci1394 ieee1394
>>yenta_socket rsrc_nonstatic pcmcia_core ehci_hcd uhci_hcd i2c_i801 joydev
>>dm_mod usbcore 8139too mii reiserfs ide_cd cdrom ide_disk piix ide_core
>>CPU: 0
>>EIP: 0060:[<e1dfc362>] Not tainted VLI
>>EFLAGS: 00010203 (2.6.15-rc5)
>>EIP is at asus_hotk_get_info+0x17f/0x76c [asus_acpi]
>>eax: def75000 ebx: de8aaf54 ecx: 00000002 edx: 00000003
>>esi: 00000000 edi: e1e82a9c ebp: dde2fea0 esp: de8aaf48
>>ds: 007b es: 007b ss: 0068
>>Process modprobe (pid: 6566, threadinfo=de8aa000 task=ddac05b0)
>>Stack: 00000000 00005105 deef8000 00000010 dde2fea0 dfeddc00 e1e83196
>>dfeddc84
>> dfedd820 e1dfc982 e1dfca11 dfeddc00 e1e849e0 00000000 c021c2fa
>> dfeddc00
>> e1e849e0 c021c39e e1e84b00 0805bc08 00000028 de8aa000 e1dfcb20
>> c0133b32
>>Call Trace:
>> [<e1dfc982>] asus_hotk_check+0x33/0x34 [asus_acpi]
>> [<e1dfca11>] asus_hotk_add+0x8e/0x148 [asus_acpi]
>> [<c021c2fa>] acpi_bus_driver_init+0x2e/0x57
>> [<c021c39e>] acpi_driver_attach+0x3e/0x63
>> [<e1dfcb20>] asus_acpi_init+0x55/0x7d [asus_acpi]
>> [<c0133b32>] sys_init_module+0xf2/0x180
>> [<c0102e6f>] sysenter_past_esp+0x54/0x75
>>Code: 08 68 7f 30 e8 e1 e8 0e f2 31 de 58 5a a1 10 4d e8 e1 ba 03 00 00 00
>>bf 9c 2a e8 e1 89 d1 c7 40 14 12 00 00 00 8b 75 08 49 78 08 <ac> ae 75 08
>>84 c0 75 f5 31 c0 eb 04
>>19 c0 0c 01 85 c0 75 11 a1
>>
>>
>>This oops affects all kernels since 2.6.12. Patch follows.
>>Please apply.
>
>
> Is this patch accepted by the acpi maintainers yet?
No, although it was posted to acpi-devel, it did not generate any
comment. The problem itself has been posted to acpi-devel many times
over. The first patch by Christian Aichinger did generate some
feedback and the patch I sent was his newest version which nobody
commented upon. This patch is also the last patch from
http://bugzilla.kernel.org/show_bug.cgi?id=5067
Only users commented on the patch, not any maintainer.
However, since this oops has been unfixed for over 5 months and
nobody seems to care, I submitted the patch to stable@ in the
hope somebody would at least look at it.
>>+ /* INIT on Samsung's P35 returns an integer, possible return
>>+ * values are tested below */
>>+ if (model->type == ACPI_TYPE_INTEGER) {
>>+ if (model->integer.value == -1 ||
>>+ model->integer.value == 0x58 ||
>>+ model->integer.value == 0x38) {
>>+ hotk->model = P30;
>>+ printk(KERN_NOTICE
>>+ " Samsung P35 detected,
>>supported\n");
>
>
> Linewrapped :(
Should not be. I just rechecked the settings, used view-source of
my mail and looked at the MARC archive. It's not wrapped afaics but
I might be wrong. Do you want the patch as attachment?
However, if you refer to the coding style, I have to agree.
> Are you sure that if logic is correct?
Well, it doesn't oops anymore and SUSE has been shipping this patch
in their kernels for SUSE 10.0. I don't know whether the logic is
correct, but at least it didn't break anything and fixed the bug.
> thanks,
>
> greg k-h
Regards,
Carl-Daniel
On Tue, Dec 06, 2005 at 09:12:27PM +0100, Carl-Daniel Hailfinger wrote:
> Greg KH schrieb:
> >On Tue, Dec 06, 2005 at 07:32:37PM +0100, Carl-Daniel Hailfinger wrote:
> >
> >>Hi,
> >>
> >>on insmod of asus_acpi on my Samsung P35 laptop I get the following
> >>Oops (perfectly reproducible):
> >>
> >>Asus Laptop ACPI Extras version 0.29
> >>Unable to handle kernel NULL pointer dereference at virtual address
> >>00000000
> >>printing eip:
> >>e1dfc362
> >>*pde = 00000000
> >>Oops: 0000 [#1]
> >>Modules linked in: asus_acpi thermal processor fan button battery ac
> >>snd_pcm_oss snd_mixer_oss snd_intel8x0 snd_ac97_codec snd_ac97_bus
> >>snd_pcm snd_timer snd soundcore
> >>snd_page_alloc ipt_TOS ipt_LOG ipt_limit ipt_pkttype pcmcia
> >>firmware_class ipt_state ip6t_REJECT ipt_REJECT iptable_mangle
> >>iptable_nat iptable_filter ip6table_mangle
> >>ip_nat_ftp ip_nat ip_conntrack_ftp ip_conntrack nfnetlink ip_tables
> >>ip6table_filter ip6_tables ipv6 evdev sg sd_mod sr_mod scsi_mod intel_agp
> >>agpgart ohci1394 ieee1394
> >>yenta_socket rsrc_nonstatic pcmcia_core ehci_hcd uhci_hcd i2c_i801 joydev
> >>dm_mod usbcore 8139too mii reiserfs ide_cd cdrom ide_disk piix ide_core
> >>CPU: 0
> >>EIP: 0060:[<e1dfc362>] Not tainted VLI
> >>EFLAGS: 00010203 (2.6.15-rc5)
> >>EIP is at asus_hotk_get_info+0x17f/0x76c [asus_acpi]
> >>eax: def75000 ebx: de8aaf54 ecx: 00000002 edx: 00000003
> >>esi: 00000000 edi: e1e82a9c ebp: dde2fea0 esp: de8aaf48
> >>ds: 007b es: 007b ss: 0068
> >>Process modprobe (pid: 6566, threadinfo=de8aa000 task=ddac05b0)
> >>Stack: 00000000 00005105 deef8000 00000010 dde2fea0 dfeddc00 e1e83196
> >>dfeddc84
> >> dfedd820 e1dfc982 e1dfca11 dfeddc00 e1e849e0 00000000 c021c2fa
> >> dfeddc00
> >> e1e849e0 c021c39e e1e84b00 0805bc08 00000028 de8aa000 e1dfcb20
> >> c0133b32
> >>Call Trace:
> >>[<e1dfc982>] asus_hotk_check+0x33/0x34 [asus_acpi]
> >>[<e1dfca11>] asus_hotk_add+0x8e/0x148 [asus_acpi]
> >>[<c021c2fa>] acpi_bus_driver_init+0x2e/0x57
> >>[<c021c39e>] acpi_driver_attach+0x3e/0x63
> >>[<e1dfcb20>] asus_acpi_init+0x55/0x7d [asus_acpi]
> >>[<c0133b32>] sys_init_module+0xf2/0x180
> >>[<c0102e6f>] sysenter_past_esp+0x54/0x75
> >>Code: 08 68 7f 30 e8 e1 e8 0e f2 31 de 58 5a a1 10 4d e8 e1 ba 03 00 00
> >>00 bf 9c 2a e8 e1 89 d1 c7 40 14 12 00 00 00 8b 75 08 49 78 08 <ac> ae 75
> >>08 84 c0 75 f5 31 c0 eb 04
> >>19 c0 0c 01 85 c0 75 11 a1
> >>
> >>
> >>This oops affects all kernels since 2.6.12. Patch follows.
> >>Please apply.
> >
> >
> >Is this patch accepted by the acpi maintainers yet?
>
> No, although it was posted to acpi-devel, it did not generate any
> comment. The problem itself has been posted to acpi-devel many times
> over. The first patch by Christian Aichinger did generate some
> feedback and the patch I sent was his newest version which nobody
> commented upon. This patch is also the last patch from
> http://bugzilla.kernel.org/show_bug.cgi?id=5067
> Only users commented on the patch, not any maintainer.
>
> However, since this oops has been unfixed for over 5 months and
> nobody seems to care, I submitted the patch to stable@ in the
> hope somebody would at least look at it.
I'd recommend bugging the acpi maintainers, as they are the ones who can
comment on this the best. Have you sent it to them yet?
thanks,
greg k-h
Dear ACPI maintainers,
could you please comment on the following patch?
From: Christian Aichinger <[email protected]>
Subject: [PATCH] acpi: Fix oops in asus_acpi.c on Samsung P30/P35 Laptops
Date: 2005-09-23 23:36:25 GMT
Samsung P35's INIT returns an integer (instead of a string or a
plain buffer), which caused an oops when the result was treated as
string in asus_hotk_get_info() (since an invalid pointer got
dereferenced).
This patch explicitly checks for ACPI_TYPE_INTEGER and for the
return values possible on the P30/P35.
Signed-off-by: Christian Aichinger <[email protected]>
---
drivers/acpi/asus_acpi.c | 31 ++++++++++++++++++++++++++++---
1 files changed, 28 insertions(+), 3 deletions(-)
c51f431351c648519a9b91de3c5e1d636246d7bc
diff --git a/drivers/acpi/asus_acpi.c b/drivers/acpi/asus_acpi.c
--- a/drivers/acpi/asus_acpi.c
+++ b/drivers/acpi/asus_acpi.c
@@ -1006,6 +1006,24 @@ static int __init asus_hotk_get_info(voi
}
model = (union acpi_object *)buffer.pointer;
+
+ /* INIT on Samsung's P35 returns an integer, possible return
+ * values are tested below */
+ if (model->type == ACPI_TYPE_INTEGER) {
+ if (model->integer.value == -1 ||
+ model->integer.value == 0x58 ||
+ model->integer.value == 0x38) {
+ hotk->model = P30;
+ printk(KERN_NOTICE
+ " Samsung P35 detected, supported\n");
+ goto out_known;
+ } else {
+ printk(KERN_WARNING
+ " unknown integer returned by INIT\n");
+ goto out_unknown;
+ }
+ }
+
if (model->type == ACPI_TYPE_STRING) {
printk(KERN_NOTICE " %s model detected, ",
model->string.pointer);
@@ -1057,9 +1075,7 @@ static int __init asus_hotk_get_info(voi
hotk->model = L5x;
if (hotk->model == END_MODEL) {
- printk("unsupported, trying default values, supply the "
- "developers with your DSDT\n");
- hotk->model = M2E;
+ goto out_unknown;
} else {
printk("supported\n");
}
@@ -1088,6 +1104,15 @@ static int __init asus_hotk_get_info(voi
acpi_os_free(model);
return AE_OK;
+
+out_unknown:
+ printk(KERN_WARNING " unsupported, trying default values, "
+ "supply the developers with your DSDT\n");
+ hotk->model = M2E;
+out_known:
+ hotk->methods = &model_conf[hotk->model];
+ acpi_os_free(model);
+ return AE_OK;
}
static int __init asus_hotk_check(void)
Greg KH schrieb:
> On Tue, Dec 06, 2005 at 09:12:27PM +0100, Carl-Daniel Hailfinger wrote:
>
>>Greg KH schrieb:
>>
>>>On Tue, Dec 06, 2005 at 07:32:37PM +0100, Carl-Daniel Hailfinger wrote:
>>>
>>>
>>>>Hi,
>>>>
>>>>on insmod of asus_acpi on my Samsung P35 laptop I get the following
>>>>Oops (perfectly reproducible):
>>>>
>>>>Asus Laptop ACPI Extras version 0.29
>>>>Unable to handle kernel NULL pointer dereference at virtual address
>>>>00000000
>>>>printing eip:
>>>>e1dfc362
>>>>*pde = 00000000
>>>>Oops: 0000 [#1]
>>>>Modules linked in: asus_acpi thermal processor fan button battery ac
>>>>snd_pcm_oss snd_mixer_oss snd_intel8x0 snd_ac97_codec snd_ac97_bus
>>>>snd_pcm snd_timer snd soundcore
>>>>snd_page_alloc ipt_TOS ipt_LOG ipt_limit ipt_pkttype pcmcia
>>>>firmware_class ipt_state ip6t_REJECT ipt_REJECT iptable_mangle
>>>>iptable_nat iptable_filter ip6table_mangle
>>>>ip_nat_ftp ip_nat ip_conntrack_ftp ip_conntrack nfnetlink ip_tables
>>>>ip6table_filter ip6_tables ipv6 evdev sg sd_mod sr_mod scsi_mod intel_agp
>>>>agpgart ohci1394 ieee1394
>>>>yenta_socket rsrc_nonstatic pcmcia_core ehci_hcd uhci_hcd i2c_i801 joydev
>>>>dm_mod usbcore 8139too mii reiserfs ide_cd cdrom ide_disk piix ide_core
>>>>CPU: 0
>>>>EIP: 0060:[<e1dfc362>] Not tainted VLI
>>>>EFLAGS: 00010203 (2.6.15-rc5)
>>>>EIP is at asus_hotk_get_info+0x17f/0x76c [asus_acpi]
>>>>eax: def75000 ebx: de8aaf54 ecx: 00000002 edx: 00000003
>>>>esi: 00000000 edi: e1e82a9c ebp: dde2fea0 esp: de8aaf48
>>>>ds: 007b es: 007b ss: 0068
>>>>Process modprobe (pid: 6566, threadinfo=de8aa000 task=ddac05b0)
>>>>Stack: 00000000 00005105 deef8000 00000010 dde2fea0 dfeddc00 e1e83196
>>>>dfeddc84
>>>> dfedd820 e1dfc982 e1dfca11 dfeddc00 e1e849e0 00000000 c021c2fa
>>>> dfeddc00
>>>> e1e849e0 c021c39e e1e84b00 0805bc08 00000028 de8aa000 e1dfcb20
>>>> c0133b32
>>>>Call Trace:
>>>>[<e1dfc982>] asus_hotk_check+0x33/0x34 [asus_acpi]
>>>>[<e1dfca11>] asus_hotk_add+0x8e/0x148 [asus_acpi]
>>>>[<c021c2fa>] acpi_bus_driver_init+0x2e/0x57
>>>>[<c021c39e>] acpi_driver_attach+0x3e/0x63
>>>>[<e1dfcb20>] asus_acpi_init+0x55/0x7d [asus_acpi]
>>>>[<c0133b32>] sys_init_module+0xf2/0x180
>>>>[<c0102e6f>] sysenter_past_esp+0x54/0x75
>>>>Code: 08 68 7f 30 e8 e1 e8 0e f2 31 de 58 5a a1 10 4d e8 e1 ba 03 00 00
>>>>00 bf 9c 2a e8 e1 89 d1 c7 40 14 12 00 00 00 8b 75 08 49 78 08 <ac> ae 75
>>>>08 84 c0 75 f5 31 c0 eb 04
>>>>19 c0 0c 01 85 c0 75 11 a1
>>>>
>>>>
>>>>This oops affects all kernels since 2.6.12. Patch follows.
>>>>Please apply.
>>>
>>>
>>>Is this patch accepted by the acpi maintainers yet?
>>
>>No, although it was posted to acpi-devel, it did not generate any
>>comment. The problem itself has been posted to acpi-devel many times
>>over. The first patch by Christian Aichinger did generate some
>>feedback and the patch I sent was his newest version which nobody
>>commented upon. This patch is also the last patch from
>>http://bugzilla.kernel.org/show_bug.cgi?id=5067
>>Only users commented on the patch, not any maintainer.
>>
>>However, since this oops has been unfixed for over 5 months and
>>nobody seems to care, I submitted the patch to stable@ in the
>>hope somebody would at least look at it.
>
>
> I'd recommend bugging the acpi maintainers, as they are the ones who can
> comment on this the best. Have you sent it to them yet?
>
> thanks,
> greg k-h
Thanks,
Carl-Daniel
Linus, Greg,
please apply the following patch to your trees. It fixes
http://bugzilla.kernel.org/show_bug.cgi?id=5067
The patch has been tested and verified, is shipped in the
SUSE 10.0 kernel and does not cause any regressions.
Unfortunately, the ACPI maintainers have been ignoring
this patch for the last few months despite repeated
requests for review on acpi-devel. I even CCed all ACPI
maintainers personally and didn't receive any response.
Regards,
Carl-Daniel
From: Christian Aichinger <[email protected]>
Subject: [PATCH] acpi: Fix oops in asus_acpi.c on Samsung P30/P35 Laptops
Date: 2005-09-23 23:36:25 GMT
Samsung P35's INIT returns an integer (instead of a string or a
plain buffer), which caused an oops when the result was treated as
string in asus_hotk_get_info() (since an invalid pointer got
dereferenced).
This patch explicitly checks for ACPI_TYPE_INTEGER and for the
return values possible on the P30/P35.
Signed-off-by: Christian Aichinger <[email protected]>
drivers/acpi/asus_acpi.c | 31 ++++++++++++++++++++++++++++---
1 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/drivers/acpi/asus_acpi.c b/drivers/acpi/asus_acpi.c
--- a/drivers/acpi/asus_acpi.c
+++ b/drivers/acpi/asus_acpi.c
@@ -1006,6 +1006,24 @@ static int __init asus_hotk_get_info(voi
}
model = (union acpi_object *)buffer.pointer;
+
+ /* INIT on Samsung's P35 returns an integer, possible return
+ * values are tested below */
+ if (model->type == ACPI_TYPE_INTEGER) {
+ if (model->integer.value == -1 ||
+ model->integer.value == 0x58 ||
+ model->integer.value == 0x38) {
+ hotk->model = P30;
+ printk(KERN_NOTICE
+ " Samsung P35 detected, supported\n");
+ goto out_known;
+ } else {
+ printk(KERN_WARNING
+ " unknown integer returned by INIT\n");
+ goto out_unknown;
+ }
+ }
+
if (model->type == ACPI_TYPE_STRING) {
printk(KERN_NOTICE " %s model detected, ",
model->string.pointer);
@@ -1057,9 +1075,7 @@ static int __init asus_hotk_get_info(voi
hotk->model = L5x;
if (hotk->model == END_MODEL) {
- printk("unsupported, trying default values, supply the "
- "developers with your DSDT\n");
- hotk->model = M2E;
+ goto out_unknown;
} else {
printk("supported\n");
}
@@ -1088,6 +1104,15 @@ static int __init asus_hotk_get_info(voi
acpi_os_free(model);
return AE_OK;
+
+out_unknown:
+ printk(KERN_WARNING " unsupported, trying default values, "
+ "supply the developers with your DSDT\n");
+ hotk->model = M2E;
+out_known:
+ hotk->methods = &model_conf[hotk->model];
+ acpi_os_free(model);
+ return AE_OK;
}
static int __init asus_hotk_check(void)
On Wed, Dec 14, 2005 at 05:48:54AM +0100, Carl-Daniel Hailfinger wrote:
> Linus, Greg,
>
> please apply the following patch to your trees. It fixes
> http://bugzilla.kernel.org/show_bug.cgi?id=5067
>
> The patch has been tested and verified, is shipped in the
> SUSE 10.0 kernel and does not cause any regressions.
>
> Unfortunately, the ACPI maintainers have been ignoring
> this patch for the last few months despite repeated
> requests for review on acpi-devel. I even CCed all ACPI
> maintainers personally and didn't receive any response.
Give them a chance to respond. I'll wait for them to accept this before
adding it to the -stable tree.
> +
> + /* INIT on Samsung's P35 returns an integer, possible return
> + * values are tested below */
> + if (model->type == ACPI_TYPE_INTEGER) {
> + if (model->integer.value == -1 ||
> + model->integer.value == 0x58 ||
> + model->integer.value == 0x38) {
> + hotk->model = P30;
> + printk(KERN_NOTICE
> + " Samsung P35 detected,
> supported\n");
Patch is still linewrapped :(
And I still think that this comparison isn't right and want verification
from the ACPI maintainers about this. You really have P35 machines that
both return an error for the model value, and return 58 and 38?
> + goto out_known;
> + } else {
> + printk(KERN_WARNING
> + " unknown integer returned by INIT\n");
> + goto out_unknown;
> + }
> + }
Why exit so quickly here? What about the other models?
> if (model->type == ACPI_TYPE_STRING) {
> printk(KERN_NOTICE " %s model detected, ",
> model->string.pointer);
> @@ -1057,9 +1075,7 @@ static int __init asus_hotk_get_info(voi
> hotk->model = L5x;
>
> if (hotk->model == END_MODEL) {
> - printk("unsupported, trying default values, supply the "
> - "developers with your DSDT\n");
> - hotk->model = M2E;
> + goto out_unknown;
> } else {
> printk("supported\n");
> }
> @@ -1088,6 +1104,15 @@ static int __init asus_hotk_get_info(voi
> acpi_os_free(model);
>
> return AE_OK;
> +
> +out_unknown:
> + printk(KERN_WARNING " unsupported, trying default values, "
> + "supply the developers with your DSDT\n");
What's with the leading spaces here?
thanks,
greg k-h
On Wed, 14 Dec 2005, Carl-Daniel Hailfinger wrote:
>
> The patch has been tested and verified, is shipped in the
> SUSE 10.0 kernel and does not cause any regressions.
I'd be _much_ happier if
- the patch wasn't totally whitespace-damaged (your mailer seems
to not only remove spaces at the end of lines, it _also_ adds them to
the beginning when there was another space there, as far as I can tell)
Being right "on average" thanks to having two different bugs does not a
good mailer make.
- you were to separate out the oops-fixing code from the code that adds
handling for that (strange?) model type logic.
It seems that the _oops_ is because the later paths just assume that
it's a ACPI_TYPE_STRING and will dereference "model->string.pointer"
regardless of whether that is true or not. And you add a test for
ACPI_TYPE_INTEGER, however, you do _not_ fix the oops for any other
type, so the exact _same_ bug is still waiting to happen if there is
some other strange ACPI table entry some day.
So I think the proper fix is to _first_ just do something like
if (model->type != ACPI_TYPE_STRING)
goto unknown;
which should fix the oops (no?), and then handling ACPI_TYPE_INTEGER above
that as one case would be a separate patch.
Linus
Carl-Daniel Hailfinger <[email protected]> wrote:
>
> please apply the following patch to your trees. It fixes
> http://bugzilla.kernel.org/show_bug.cgi?id=5067
For some reason your patch doesn't even vaguely apply. Mozilla.
If we're going to print "unknown integer" then we surely should print out
what the integer _is_, no?
And yeah, this patch has been hanging around for far too long. It might be
in the acpi tree which Len is trying to get merged up (it has a few
git-related difficulties at present).
From: Christian Aichinger <[email protected]>
For a while now asus_acpi is broken on samsung laptops (causes oopses on
module loading and kernel panic if compiled into the kernel).
Signed-off-by: Christian Aichinger <[email protected]>
Cc: "Brown, Len" <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
---
drivers/acpi/asus_acpi.c | 30 +++++++++++++++++++++++++++---
1 files changed, 27 insertions(+), 3 deletions(-)
diff -puN drivers/acpi/asus_acpi.c~acpi-fix-asus_acpi-on-samsung-p30-p35 drivers/acpi/asus_acpi.c
--- devel/drivers/acpi/asus_acpi.c~acpi-fix-asus_acpi-on-samsung-p30-p35 2005-12-13 21:15:00.000000000 -0800
+++ devel-akpm/drivers/acpi/asus_acpi.c 2005-12-13 21:15:00.000000000 -0800
@@ -1006,6 +1006,24 @@ static int __init asus_hotk_get_info(voi
}
model = (union acpi_object *)buffer.pointer;
+
+ /* INIT on Samsung's P35 returns an integer, possible return
+ * values are tested below */
+ if (model->type == ACPI_TYPE_INTEGER) {
+ if (model->integer.value == -1 ||
+ model->integer.value == 0x58 ||
+ model->integer.value == 0x38) {
+ hotk->model = P30;
+ printk(KERN_NOTICE
+ " Samsung P35 detected, supported\n");
+ goto out_known;
+ } else {
+ printk(KERN_WARNING " unknown integer 0x%x returned "
+ "by INIT\n", model->integer.value);
+ goto out_unknown;
+ }
+ }
+
if (model->type == ACPI_TYPE_STRING) {
printk(KERN_NOTICE " %s model detected, ",
model->string.pointer);
@@ -1057,9 +1075,7 @@ static int __init asus_hotk_get_info(voi
hotk->model = L5x;
if (hotk->model == END_MODEL) {
- printk("unsupported, trying default values, supply the "
- "developers with your DSDT\n");
- hotk->model = M2E;
+ goto out_unknown;
} else {
printk("supported\n");
}
@@ -1088,6 +1104,14 @@ static int __init asus_hotk_get_info(voi
acpi_os_free(model);
return AE_OK;
+out_unknown:
+ printk(KERN_WARNING " unsupported, trying default values, "
+ "supply the developers with your DSDT\n");
+ hotk->model = M2E;
+out_known:
+ hotk->methods = &model_conf[hotk->model];
+ acpi_os_free(model);
+ return AE_OK;
}
static int __init asus_hotk_check(void)
_