Re: [bug] endless loop in arch/i386/kernel/mpparse.c

public inbox for linux-acpi@vger.kernel.org
 help / color / mirror / Atom feed

From: Matthew Wilcox <willy-8fiUuRrzOP0dnm+yROfE0A@public.gmane.org>
To: "Bjoern A. Zeeb"
	<bzeeb-lists-mt/InyFV0sMN6vK3N8ee0qxOck334EZe@public.gmane.org>
Cc: Linus Torvalds <torvalds-Lhe3bsMrZseB+jHODAdFcQ@public.gmane.org>,
	acpi-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: Re: [bug] endless loop in arch/i386/kernel/mpparse.c
Date: Sun, 29 Sep 2002 23:35:32 +0100	[thread overview]
Message-ID: <20020929233532.H18377@parcelfarce.linux.theplanet.co.uk> (raw)
In-Reply-To: <Pine.BSF.4.44.0209292102340.427-100000-pDROZl1FiGxrJICXbmAK0A3q8rc3x57SrE5yTffgRl4@public.gmane.org>; from bzeeb-lists-mt/InyFV0sMN6vK3N8ee0qxOck334EZe@public.gmane.org on Sun, Sep 29, 2002 at 09:27:41PM +0200

On Sun, Sep 29, 2002 at 09:27:41PM +0200, Bjoern A. Zeeb wrote:
>  void __init mp_config_ioapic_for_sci(int irq)
>  {
>         int ioapic;
>         int ioapic_pin;
> +       struct acpi_table_madt *madt;
> +       struct acpi_table_int_src_ovr *entry = NULL;
> +       void *madt_end;
> +       acpi_status status;
> +
> +       /*
> +        * Ensure that if there is an interrupt source override entry
> +        * for the ACPI SCI, we leave it as is. Unfortunately this involves
> +        * walking the MADT again.
> +        */
> +       status = acpi_get_firmware_table("APIC", 1, ACPI_LOGICAL_ADDRESSING,
> +               (acpi_table_header **) &madt);
> +       if (ACPI_SUCCESS(status)) {
> +               madt_end = madt + madt->header.length;
> +
> +               entry = (struct acpi_table_int_src_ovr *)
> +                ((unsigned long) madt + sizeof(struct acpi_table_madt));
> +
> +               while ((void *) entry < madt_end) {
> 			printk("[%s:%s:%d] madt_end=%p, entry=%p\n",
> 				__FILE__, __func__, __LINE__, madt_end, entry);
> +                       if (entry->header.type == ACPI_MADT_INT_SRC_OVR &&
> +                           acpi_fadt.sci_int == entry->global_irq)
> +                               return;
> +
> +                       entry = (struct acpi_table_int_src_ovr *)
> +                               ((unsigned long) entry + entry->header.length);
> +               }
> +       }
> 
>         ioapic = mp_find_ioapic(irq);

If entry->header.length is zero without entry being equal to madt_end,
this will loop for ever.  Maybe:

[...]
			if (entry->header.length <= 0)
				break;
			entry = (struct acpi_table_int_src_ovr *)
				((unsigned long) entry + entry->header.length);
		}

is the right solution?

> [mpparse.c:mp_config_ioapic_for_sci:1047] madt_end=d8808080, entry=d88070dc
> [mpparse.c:mp_config_ioapic_for_sci:1047] madt_end=d8808080, entry=d88070e4
> [mpparse.c:mp_config_ioapic_for_sci:1047] madt_end=d8808080, entry=d88070ec
> [mpparse.c:mp_config_ioapic_for_sci:1047] madt_end=d8808080, entry=d88070f8
> [mpparse.c:mp_config_ioapic_for_sci:1047] madt_end=d8808080, entry=d8807102
> [mpparse.c:mp_config_ioapic_for_sci:1047] madt_end=d8808080, entry=d880710c
> [mpparse.c:mp_config_ioapic_for_sci:1047] madt_end=d8808080, entry=d880710c

You can see that entry->header.length must be 0 at this point.  Probably a
buggy MADT, but let's not _crash_ when the vendor provides a shit BIOS.

-- 
Revolutions do not require corporate support.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

next prev parent reply	other threads:[~2002-09-29 22:35 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-09-29 19:27 [bug] endless loop in arch/i386/kernel/mpparse.c Bjoern A. Zeeb
     [not found] ` <Pine.BSF.4.44.0209292102340.427-100000-pDROZl1FiGxrJICXbmAK0A3q8rc3x57SrE5yTffgRl4@public.gmane.org>
2002-09-29 22:35   ` Matthew Wilcox [this message]
     [not found]     ` <20020929233532.H18377-+pPCBgu9SkPzIGdyhVEDUDl5KyyQGfY2kSSpQ9I8OhVaa/9Udqfwiw@public.gmane.org>
2002-09-30  5:41       ` Bjoern A. Zeeb
  -- strict thread matches above, loose matches on Subject: below --
2002-09-29 21:32 Grover, Andrew
     [not found] ` <EDC461A30AC4D511ADE10002A5072CAD0236DED9-OU+JdkIUtvd9zuciVAfUoVDQ4js95KgL@public.gmane.org>
2002-09-29 22:30   ` Ernst Herzberg
2002-09-30 17:59 Grover, Andrew

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20020929233532.H18377@parcelfarce.linux.theplanet.co.uk \
    --to=willy-8fiuurrzop0dnm+yrofe0a@public.gmane.org \
    --cc=acpi-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
    --cc=bzeeb-lists-mt/InyFV0sMN6vK3N8ee0qxOck334EZe@public.gmane.org \
    --cc=torvalds-Lhe3bsMrZseB+jHODAdFcQ@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox