From: Thomas Renninger <trenn-l3A5Bk7waGM@public.gmane.org>
To: "Brown, Len" <len.brown-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Cc: Voluspa <voluspa-zq6IREYz3ykAvxtiuMwx3w@public.gmane.org>,
acpi-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: Re: Re: acpidump replaces acpidmp
Date: Fri, 29 Jul 2005 14:37:09 +0200 [thread overview]
Message-ID: <42EA22F5.6060502@suse.de> (raw)
In-Reply-To: <F7DC2337C7631D4386A2DF6E8FB22B300428C441-N2PTB0HCzHKkrb+BlOpmy7fspsVTdybXVpNB7YpNyf8@public.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 852 bytes --]
Brown, Len wrote:
>
>>>../include/acpi/actypes.h:115
>>>Replace s64 with u64 and it at least compiles.
>
> I published this initial version while at OLS,
> having tested it only on ia32.
>
> I tested it now on x86_64 and ran into the same problem as you.
> The fix, however, is to use the typedef used in the kernel,
> a signed long long, in this case.
>
> After this change it works fine for me on x86_64 -- I'll
> push a new version momentarily.
>
Thanks.
Works with -O2 compile flag, it segfaults with -g.
The bad line is:
memcpy(&rsdt, tbl, tbl->length); (line 196)
The rsdt has an undefined amount of pointers to other ACPI
tables in the end, therefore tbl->length > sizeof(struct rsdt),
memcpy writes outside &rsdt.
Patch to avoid memcpy attached. Don't know how to integrate it nicer/shorter,
please review.
Thanks,
Thomas
[-- Attachment #2: acpidump_memcpy_beyond_rsdt_struct.diff --]
[-- Type: text/x-patch, Size: 6619 bytes --]
--- x/acpidump/acpidump.c 2005-07-29 14:10:09.000000000 +0200
+++ y/acpidump/acpidump.c 2005-07-29 14:18:30.000000000 +0200
@@ -188,20 +188,20 @@
static acpi_status acpi_dump_RSDT(int fd, struct rsdp_descriptor *rsdp)
{
- struct acpi_table_header *tbl =
+ struct acpi_table_header *tbl;
+ struct acpi_table_header *rsdt_header =
acpi_map_table(rsdp->rsdt_physical_address, RSDT_SIG);
- if (!tbl)
+ RSDT_DESCRIPTOR *rsdt = (RSDT_DESCRIPTOR*) rsdt_header;
+ if (!rsdt_header)
return AE_NOT_FOUND;
- RSDT_DESCRIPTOR rsdt;
- memcpy(&rsdt, tbl, tbl->length);
+
void *addr;
- acpi_unmap_table(tbl);
- int num = (rsdt.length - sizeof(RSDT_DESCRIPTOR)) / sizeof(u32) + 1;
+ int num = (rsdt_header->length - sizeof(RSDT_DESCRIPTOR)) / sizeof(u32) + 1;
int dsdt_idx = -1, facs_idx = -1, fadt1_idx = -1, fadt2_idx =
-1, fadt2m_idx = -1;
int i;
for (i = 0; i < num; ++i) {
- tbl = acpi_map_table(rsdt.table_offset_entry[i], 0);
+ tbl = acpi_map_table(rsdt->table_offset_entry[i], 0);
if (!tbl)
continue;
if (!memcmp(tbl->signature, FADT_SIG, 4)) {
@@ -221,9 +221,9 @@
} else if (!memcmp(tbl->signature, FACS_SIG, 4)) {
facs_idx = i;
}
- addr = (void *)rsdt.table_offset_entry[i];
+ addr = (void *)rsdt->table_offset_entry[i];
if (connect) {
- rsdt.table_offset_entry[i] =
+ rsdt->table_offset_entry[i] =
lseek(fd, 0, SEEK_CUR);
}
write_table(fd, tbl, addr);
@@ -232,19 +232,23 @@
}
if (fadt1_idx != -1) {
tbl =
- acpi_map_table(rsdt.table_offset_entry[fadt1_idx],
+ acpi_map_table(rsdt->table_offset_entry[fadt1_idx],
FADT_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
struct fadt_descriptor_rev1 x;
memcpy(&x, tbl, sizeof(struct fadt_descriptor_rev1));
acpi_unmap_table(tbl);
if (dsdt_idx != -1) {
- x.dsdt = rsdt.table_offset_entry[dsdt_idx];
+ x.dsdt = rsdt->table_offset_entry[dsdt_idx];
} else {
tbl = acpi_map_table(x.dsdt, DSDT_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
addr = (void *)x.dsdt;
if (connect) {
x.dsdt = lseek(fd, 0, SEEK_CUR);
@@ -253,11 +257,13 @@
acpi_unmap_table(tbl);
}
if (facs_idx != -1) {
- x.firmware_ctrl = rsdt.table_offset_entry[facs_idx];
+ x.firmware_ctrl = rsdt->table_offset_entry[facs_idx];
} else {
tbl = acpi_map_table(x.firmware_ctrl, FACS_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
addr = (void *)x.firmware_ctrl;
if (connect) {
x.firmware_ctrl = lseek(fd, 0, SEEK_CUR);
@@ -265,28 +271,32 @@
write_table(fd, tbl, addr);
acpi_unmap_table(tbl);
}
- addr = (void *)rsdt.table_offset_entry[fadt1_idx];
+ addr = (void *)rsdt->table_offset_entry[fadt1_idx];
if (connect) {
- rsdt.table_offset_entry[fadt1_idx] =
+ rsdt->table_offset_entry[fadt1_idx] =
lseek(fd, 0, SEEK_CUR);
}
write_table(fd, (struct acpi_table_header *)&x, addr);
}
if (fadt2_idx != -1) {
tbl =
- acpi_map_table(rsdt.table_offset_entry[fadt2_idx],
+ acpi_map_table(rsdt->table_offset_entry[fadt2_idx],
FADT_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
struct fadt_descriptor_rev2 x;
memcpy(&x, tbl, sizeof(struct fadt_descriptor_rev2));
acpi_unmap_table(tbl);
if (dsdt_idx != -1) {
- x.Xdsdt = rsdt.table_offset_entry[dsdt_idx];
+ x.Xdsdt = rsdt->table_offset_entry[dsdt_idx];
} else {
tbl = acpi_map_table(x.Xdsdt, DSDT_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
addr = (void *)(unsigned long)x.Xdsdt;
if (connect) {
x.Xdsdt = lseek(fd, 0, SEEK_CUR);
@@ -295,11 +305,13 @@
acpi_unmap_table(tbl);
}
if (facs_idx != -1) {
- x.xfirmware_ctrl = rsdt.table_offset_entry[facs_idx];
+ x.xfirmware_ctrl = rsdt->table_offset_entry[facs_idx];
} else {
tbl = acpi_map_table(x.xfirmware_ctrl, FACS_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
addr = (void *)(unsigned long)x.xfirmware_ctrl;
if (connect) {
x.xfirmware_ctrl = lseek(fd, 0, SEEK_CUR);
@@ -307,28 +319,32 @@
write_table(fd, tbl, addr);
acpi_unmap_table(tbl);
}
- addr = (void *)rsdt.table_offset_entry[fadt2_idx];
+ addr = (void *)rsdt->table_offset_entry[fadt2_idx];
if (connect) {
- rsdt.table_offset_entry[fadt2_idx] =
+ rsdt->table_offset_entry[fadt2_idx] =
lseek(fd, 0, SEEK_CUR);
}
write_table(fd, (struct acpi_table_header *)&x, addr);
}
if (fadt2m_idx != -1) {
tbl =
- acpi_map_table(rsdt.table_offset_entry[fadt2m_idx],
+ acpi_map_table(rsdt->table_offset_entry[fadt2m_idx],
FADT_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
struct fadt_descriptor_rev2_minus x;
memcpy(&x, tbl, sizeof(struct fadt_descriptor_rev2_minus));
acpi_unmap_table(tbl);
if (dsdt_idx != -1) {
- x.V1_dsdt = rsdt.table_offset_entry[dsdt_idx];
+ x.V1_dsdt = rsdt->table_offset_entry[dsdt_idx];
} else {
tbl = acpi_map_table(x.V1_dsdt, DSDT_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
addr = (void *)(unsigned long)x.V1_dsdt;
if (connect) {
x.V1_dsdt = lseek(fd, 0, SEEK_CUR);
@@ -337,11 +353,13 @@
acpi_unmap_table(tbl);
}
if (facs_idx != -1) {
- x.V1_firmware_ctrl = rsdt.table_offset_entry[facs_idx];
+ x.V1_firmware_ctrl = rsdt->table_offset_entry[facs_idx];
} else {
tbl = acpi_map_table(x.V1_firmware_ctrl, FACS_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
addr = (void *)(unsigned long)x.V1_firmware_ctrl;
if (connect) {
x.V1_firmware_ctrl = lseek(fd, 0, SEEK_CUR);
@@ -349,9 +367,9 @@
write_table(fd, tbl, addr);
acpi_unmap_table(tbl);
}
- addr = (void *)rsdt.table_offset_entry[fadt2m_idx];
+ addr = (void *)rsdt->table_offset_entry[fadt2m_idx];
if (connect) {
- rsdt.table_offset_entry[fadt2m_idx] =
+ rsdt->table_offset_entry[fadt2m_idx] =
lseek(fd, 0, SEEK_CUR);
}
write_table(fd, (struct acpi_table_header *)&x, addr);
@@ -360,7 +378,8 @@
if (connect) {
rsdp->rsdt_physical_address = lseek(fd, 0, SEEK_CUR);
}
- write_table(fd, (struct acpi_table_header *)&rsdt, addr);
+ write_table(fd, (struct acpi_table_header *)rsdt_header, addr);
+ acpi_unmap_table(rsdt_header);
return AE_OK;
}
next prev parent reply other threads:[~2005-07-29 12:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-27 15:31 Re: acpidump replaces acpidmp Brown, Len
[not found] ` <F7DC2337C7631D4386A2DF6E8FB22B300428C441-N2PTB0HCzHKkrb+BlOpmy7fspsVTdybXVpNB7YpNyf8@public.gmane.org>
2005-07-29 12:37 ` Thomas Renninger [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-08-16 18:23 Brown, Len
[not found] ` <F7DC2337C7631D4386A2DF6E8FB22B300456A26A-N2PTB0HCzHKkrb+BlOpmy7fspsVTdybXVpNB7YpNyf8@public.gmane.org>
2005-08-16 21:32 ` Bjorn Helgaas
[not found] ` <200508161532.34578.bjorn.helgaas-VXdhtT5mjnY@public.gmane.org>
2005-08-17 7:45 ` Voluspa
2005-08-24 5:44 ` Len Brown
2005-07-27 15:00 Brown, Len
2005-07-26 17:24 Voluspa
[not found] ` <20050726192423.216b4be8.voluspa-zq6IREYz3ykAvxtiuMwx3w@public.gmane.org>
2005-07-27 11:05 ` Thomas Renninger
[not found] ` <42E76A79.2040702-l3A5Bk7waGM@public.gmane.org>
2005-07-27 12:56 ` Voluspa
2005-07-27 13:44 ` Voluspa
[not found] ` <20050727154458.455d16db.voluspa-zq6IREYz3ykAvxtiuMwx3w@public.gmane.org>
2005-07-27 15:05 ` Thomas Renninger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42EA22F5.6060502@suse.de \
--to=trenn-l3a5bk7wagm@public.gmane.org \
--cc=acpi-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=len.brown-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=voluspa-zq6IREYz3ykAvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.