From: Thomas Renninger <trenn-l3A5Bk7waGM@public.gmane.org>
To: "Brown, Len" <len.brown-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Cc: Voluspa <voluspa-zq6IREYz3ykAvxtiuMwx3w@public.gmane.org>,
acpi-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: Re: Re: acpidump replaces acpidmp
Date: Fri, 29 Jul 2005 14:37:09 +0200 [thread overview]
Message-ID: <42EA22F5.6060502@suse.de> (raw)
In-Reply-To: <F7DC2337C7631D4386A2DF6E8FB22B300428C441-N2PTB0HCzHKkrb+BlOpmy7fspsVTdybXVpNB7YpNyf8@public.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 852 bytes --]
Brown, Len wrote:
>
>>>../include/acpi/actypes.h:115
>>>Replace s64 with u64 and it at least compiles.
>
> I published this initial version while at OLS,
> having tested it only on ia32.
>
> I tested it now on x86_64 and ran into the same problem as you.
> The fix, however, is to use the typedef used in the kernel,
> a signed long long, in this case.
>
> After this change it works fine for me on x86_64 -- I'll
> push a new version momentarily.
>
Thanks.
Works with -O2 compile flag, it segfaults with -g.
The bad line is:
memcpy(&rsdt, tbl, tbl->length); (line 196)
The rsdt has an undefined amount of pointers to other ACPI
tables in the end, therefore tbl->length > sizeof(struct rsdt),
memcpy writes outside &rsdt.
Patch to avoid memcpy attached. Don't know how to integrate it nicer/shorter,
please review.
Thanks,
Thomas
[-- Attachment #2: acpidump_memcpy_beyond_rsdt_struct.diff --]
[-- Type: text/x-patch, Size: 6619 bytes --]
--- x/acpidump/acpidump.c 2005-07-29 14:10:09.000000000 +0200
+++ y/acpidump/acpidump.c 2005-07-29 14:18:30.000000000 +0200
@@ -188,20 +188,20 @@
static acpi_status acpi_dump_RSDT(int fd, struct rsdp_descriptor *rsdp)
{
- struct acpi_table_header *tbl =
+ struct acpi_table_header *tbl;
+ struct acpi_table_header *rsdt_header =
acpi_map_table(rsdp->rsdt_physical_address, RSDT_SIG);
- if (!tbl)
+ RSDT_DESCRIPTOR *rsdt = (RSDT_DESCRIPTOR*) rsdt_header;
+ if (!rsdt_header)
return AE_NOT_FOUND;
- RSDT_DESCRIPTOR rsdt;
- memcpy(&rsdt, tbl, tbl->length);
+
void *addr;
- acpi_unmap_table(tbl);
- int num = (rsdt.length - sizeof(RSDT_DESCRIPTOR)) / sizeof(u32) + 1;
+ int num = (rsdt_header->length - sizeof(RSDT_DESCRIPTOR)) / sizeof(u32) + 1;
int dsdt_idx = -1, facs_idx = -1, fadt1_idx = -1, fadt2_idx =
-1, fadt2m_idx = -1;
int i;
for (i = 0; i < num; ++i) {
- tbl = acpi_map_table(rsdt.table_offset_entry[i], 0);
+ tbl = acpi_map_table(rsdt->table_offset_entry[i], 0);
if (!tbl)
continue;
if (!memcmp(tbl->signature, FADT_SIG, 4)) {
@@ -221,9 +221,9 @@
} else if (!memcmp(tbl->signature, FACS_SIG, 4)) {
facs_idx = i;
}
- addr = (void *)rsdt.table_offset_entry[i];
+ addr = (void *)rsdt->table_offset_entry[i];
if (connect) {
- rsdt.table_offset_entry[i] =
+ rsdt->table_offset_entry[i] =
lseek(fd, 0, SEEK_CUR);
}
write_table(fd, tbl, addr);
@@ -232,19 +232,23 @@
}
if (fadt1_idx != -1) {
tbl =
- acpi_map_table(rsdt.table_offset_entry[fadt1_idx],
+ acpi_map_table(rsdt->table_offset_entry[fadt1_idx],
FADT_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
struct fadt_descriptor_rev1 x;
memcpy(&x, tbl, sizeof(struct fadt_descriptor_rev1));
acpi_unmap_table(tbl);
if (dsdt_idx != -1) {
- x.dsdt = rsdt.table_offset_entry[dsdt_idx];
+ x.dsdt = rsdt->table_offset_entry[dsdt_idx];
} else {
tbl = acpi_map_table(x.dsdt, DSDT_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
addr = (void *)x.dsdt;
if (connect) {
x.dsdt = lseek(fd, 0, SEEK_CUR);
@@ -253,11 +257,13 @@
acpi_unmap_table(tbl);
}
if (facs_idx != -1) {
- x.firmware_ctrl = rsdt.table_offset_entry[facs_idx];
+ x.firmware_ctrl = rsdt->table_offset_entry[facs_idx];
} else {
tbl = acpi_map_table(x.firmware_ctrl, FACS_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
addr = (void *)x.firmware_ctrl;
if (connect) {
x.firmware_ctrl = lseek(fd, 0, SEEK_CUR);
@@ -265,28 +271,32 @@
write_table(fd, tbl, addr);
acpi_unmap_table(tbl);
}
- addr = (void *)rsdt.table_offset_entry[fadt1_idx];
+ addr = (void *)rsdt->table_offset_entry[fadt1_idx];
if (connect) {
- rsdt.table_offset_entry[fadt1_idx] =
+ rsdt->table_offset_entry[fadt1_idx] =
lseek(fd, 0, SEEK_CUR);
}
write_table(fd, (struct acpi_table_header *)&x, addr);
}
if (fadt2_idx != -1) {
tbl =
- acpi_map_table(rsdt.table_offset_entry[fadt2_idx],
+ acpi_map_table(rsdt->table_offset_entry[fadt2_idx],
FADT_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
struct fadt_descriptor_rev2 x;
memcpy(&x, tbl, sizeof(struct fadt_descriptor_rev2));
acpi_unmap_table(tbl);
if (dsdt_idx != -1) {
- x.Xdsdt = rsdt.table_offset_entry[dsdt_idx];
+ x.Xdsdt = rsdt->table_offset_entry[dsdt_idx];
} else {
tbl = acpi_map_table(x.Xdsdt, DSDT_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
addr = (void *)(unsigned long)x.Xdsdt;
if (connect) {
x.Xdsdt = lseek(fd, 0, SEEK_CUR);
@@ -295,11 +305,13 @@
acpi_unmap_table(tbl);
}
if (facs_idx != -1) {
- x.xfirmware_ctrl = rsdt.table_offset_entry[facs_idx];
+ x.xfirmware_ctrl = rsdt->table_offset_entry[facs_idx];
} else {
tbl = acpi_map_table(x.xfirmware_ctrl, FACS_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
addr = (void *)(unsigned long)x.xfirmware_ctrl;
if (connect) {
x.xfirmware_ctrl = lseek(fd, 0, SEEK_CUR);
@@ -307,28 +319,32 @@
write_table(fd, tbl, addr);
acpi_unmap_table(tbl);
}
- addr = (void *)rsdt.table_offset_entry[fadt2_idx];
+ addr = (void *)rsdt->table_offset_entry[fadt2_idx];
if (connect) {
- rsdt.table_offset_entry[fadt2_idx] =
+ rsdt->table_offset_entry[fadt2_idx] =
lseek(fd, 0, SEEK_CUR);
}
write_table(fd, (struct acpi_table_header *)&x, addr);
}
if (fadt2m_idx != -1) {
tbl =
- acpi_map_table(rsdt.table_offset_entry[fadt2m_idx],
+ acpi_map_table(rsdt->table_offset_entry[fadt2m_idx],
FADT_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
struct fadt_descriptor_rev2_minus x;
memcpy(&x, tbl, sizeof(struct fadt_descriptor_rev2_minus));
acpi_unmap_table(tbl);
if (dsdt_idx != -1) {
- x.V1_dsdt = rsdt.table_offset_entry[dsdt_idx];
+ x.V1_dsdt = rsdt->table_offset_entry[dsdt_idx];
} else {
tbl = acpi_map_table(x.V1_dsdt, DSDT_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
addr = (void *)(unsigned long)x.V1_dsdt;
if (connect) {
x.V1_dsdt = lseek(fd, 0, SEEK_CUR);
@@ -337,11 +353,13 @@
acpi_unmap_table(tbl);
}
if (facs_idx != -1) {
- x.V1_firmware_ctrl = rsdt.table_offset_entry[facs_idx];
+ x.V1_firmware_ctrl = rsdt->table_offset_entry[facs_idx];
} else {
tbl = acpi_map_table(x.V1_firmware_ctrl, FACS_SIG);
- if (!tbl)
+ if (!tbl){
+ acpi_unmap_table(rsdt_header);
return AE_NOT_FOUND;
+ }
addr = (void *)(unsigned long)x.V1_firmware_ctrl;
if (connect) {
x.V1_firmware_ctrl = lseek(fd, 0, SEEK_CUR);
@@ -349,9 +367,9 @@
write_table(fd, tbl, addr);
acpi_unmap_table(tbl);
}
- addr = (void *)rsdt.table_offset_entry[fadt2m_idx];
+ addr = (void *)rsdt->table_offset_entry[fadt2m_idx];
if (connect) {
- rsdt.table_offset_entry[fadt2m_idx] =
+ rsdt->table_offset_entry[fadt2m_idx] =
lseek(fd, 0, SEEK_CUR);
}
write_table(fd, (struct acpi_table_header *)&x, addr);
@@ -360,7 +378,8 @@
if (connect) {
rsdp->rsdt_physical_address = lseek(fd, 0, SEEK_CUR);
}
- write_table(fd, (struct acpi_table_header *)&rsdt, addr);
+ write_table(fd, (struct acpi_table_header *)rsdt_header, addr);
+ acpi_unmap_table(rsdt_header);
return AE_OK;
}
next prev parent reply other threads:[~2005-07-29 12:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-27 15:31 Re: acpidump replaces acpidmp Brown, Len
[not found] ` <F7DC2337C7631D4386A2DF6E8FB22B300428C441-N2PTB0HCzHKkrb+BlOpmy7fspsVTdybXVpNB7YpNyf8@public.gmane.org>
2005-07-29 12:37 ` Thomas Renninger [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-08-16 18:23 Brown, Len
[not found] ` <F7DC2337C7631D4386A2DF6E8FB22B300456A26A-N2PTB0HCzHKkrb+BlOpmy7fspsVTdybXVpNB7YpNyf8@public.gmane.org>
2005-08-16 21:32 ` Bjorn Helgaas
[not found] ` <200508161532.34578.bjorn.helgaas-VXdhtT5mjnY@public.gmane.org>
2005-08-17 7:45 ` Voluspa
2005-08-24 5:44 ` Len Brown
2005-07-27 15:00 Brown, Len
2005-07-26 17:24 Voluspa
[not found] ` <20050726192423.216b4be8.voluspa-zq6IREYz3ykAvxtiuMwx3w@public.gmane.org>
2005-07-27 11:05 ` Thomas Renninger
[not found] ` <42E76A79.2040702-l3A5Bk7waGM@public.gmane.org>
2005-07-27 12:56 ` Voluspa
2005-07-27 13:44 ` Voluspa
[not found] ` <20050727154458.455d16db.voluspa-zq6IREYz3ykAvxtiuMwx3w@public.gmane.org>
2005-07-27 15:05 ` Thomas Renninger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42EA22F5.6060502@suse.de \
--to=trenn-l3a5bk7wagm@public.gmane.org \
--cc=acpi-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=len.brown-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=voluspa-zq6IREYz3ykAvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox