Re: MacBookPro 5,1
Hi, Some more debugging reveals that: The Resource type is 15, which is: ACPI_RSCONVERT_INFO AcpiRsConvertExtIrq[9] = And that it fails on: ACPI_RSC_SOURCEX That means it writes beyond the 11 bytes reserved for this element! During sub-routines of AcpiRsCreateAmlResources(). --HPS On Sunday 17 October 2010 10:56:12 Hans Petter Selasky wrote: Hi, After debugging for some time now I've found the issue. 1) I extended all allocations from ACPI to PAGE_SIZE. 2) Then I filled the extra area with zero. 3) Then at free I checked if some buffers were overwritten, and indeed I got bingo this time. The printout has the format: printf(Dirty free allocation length first overwritten byte offset\n); kdb_backtrace(); Is this enough information for you to make a patch? unknown: I/O range not supported 0xff00024c1000 0xcf8 0xcff KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2a acpi_parse_resources() at acpi_parse_resources+0x287 acpi_probe_child() at acpi_probe_child+0x1b4 AcpiNsWalkNamespace() at AcpiNsWalkNamespace+0x163 AcpiWalkNamespace() at AcpiWalkNamespace+0xbf acpi_attach() at acpi_attach+0x8fa device_attach() at device_attach+0x69 bus_generic_attach() at bus_generic_attach+0x1a nexus_acpi_attach() at nexus_acpi_attach+0x69 device_attach() at device_attach+0x69 bus_generic_new_pass() at bus_generic_new_pass+0xd6 bus_set_pass() at bus_set_pass+0x7a configure() at configure+0xa mi_startup() at mi_startup+0x59 btext() at btext+0x2c hpet0: High Precision Event Timer iomem 0xfed0-0xfed003ff irq 0,8 on acpi0 Timecounter HPET frequency 2500 Hz quality 900 hpet0: [FILTER] Event timer HPET frequency 2500 Hz quality 450 Event timer HPET1 frequency 2500 Hz quality 440 Event timer HPET2 frequency 2500 Hz quality 440 Event timer HPET3 frequency 2500 Hz quality 440 Timecounter ACPI-safe frequency 3579545 Hz quality 850 acpi_timer0: 24-bit timer at 3.579545MHz port 0x408-0x40b on acpi0 cpu0: ACPI CPU on acpi0 cpu1: ACPI CPU on acpi0 acpi_acad0: AC Adapter on acpi0 acpi_lid0: Control Method Lid Switch on acpi0 acpi_lid0: enable wake failed acpi_button0: Power Button on acpi0 acpi_button1: Sleep Button on acpi0 pcib0: ACPI Host-PCI bridge on acpi0 pci0: ACPI PCI bus on pcib0 Dirty free 13 at 13 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2a AcpiOsFree() at AcpiOsFree+0x7a AcpiUtDeleteInternalObj() at AcpiUtDeleteInternalObj+0x77 AcpiUtUpdateRefCount() at AcpiUtUpdateRefCount+0xb4 AcpiUtUpdateObjectReference() at AcpiUtUpdateObjectReference+0x45 AcpiRsSetSrsMethodData() at AcpiRsSetSrsMethodData+0xf2 AcpiSetCurrentResources() at AcpiSetCurrentResources+0x49 acpi_pci_link_route_irqs() at acpi_pci_link_route_irqs+0x204 acpi_pci_link_route_interrupt() at acpi_pci_link_route_interrupt+0x1a9 acpi_pcib_route_interrupt() at acpi_pcib_route_interrupt+0x40d pci_assign_interrupt() at pci_assign_interrupt+0x1c3 pci_add_resources() at pci_add_resources+0x14a pci_add_children() at pci_add_children+0x10e acpi_pci_attach() at acpi_pci_attach+0xcd device_attach() at device_attach+0x69 bus_generic_attach() at bus_generic_attach+0x1a acpi_pcib_attach() at acpi_pcib_attach+0x1a7 acpi_pcib_acpi_attach() at acpi_pcib_acpi_attach+0x1fd device_attach() at device_attach+0x69 bus_generic_attach() at bus_generic_attach+0x1a acpi_attach() at acpi_attach+0xa28 device_attach() at device_attach+0x69 bus_generic_attach() at bus_generic_attach+0x1a nexus_acpi_attach() at nexus_acpi_attach+0x69 device_attach() at device_attach+0x69 bus_generic_new_pass() at bus_generic_new_pass+0xd6 bus_set_pass() at bus_set_pass+0x7a configure() at configure+0xa mi_startup() at mi_startup+0x59 btext() at btext+0x2c pci_link32: Enter debugger pci_link43: Enter debugger Dirty free 13 at 13 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2a AcpiOsFree() at AcpiOsFree+0x7a AcpiUtDeleteInternalObj() at AcpiUtDeleteInternalObj+0x77 AcpiUtUpdateRefCount() at AcpiUtUpdateRefCount+0xb4 AcpiUtUpdateObjectReference() at AcpiUtUpdateObjectReference+0x45 AcpiRsSetSrsMethodData() at AcpiRsSetSrsMethodData+0xf2 AcpiSetCurrentResources() at AcpiSetCurrentResources+0x49 acpi_pci_link_route_irqs() at acpi_pci_link_route_irqs+0x204 acpi_pci_link_route_interrupt() at acpi_pci_link_route_interrupt+0x1a9 acpi_pcib_route_interrupt() at acpi_pcib_route_interrupt+0x40d pci_assign_interrupt() at pci_assign_interrupt+0x1c3 pci_add_resources() at pci_add_resources+0x14a pci_add_children() at pci_add_children+0x10e acpi_pci_attach() at acpi_pci_attach+0xcd device_attach() at device_attach+0x69 bus_generic_attach() at bus_generic_attach+0x1a acpi_pcib_attach() at acpi_pcib_attach+0x1a7 acpi_pcib_acpi_attach() at acpi_pcib_acpi_attach+0x1fd device_attach() at device_attach+0x69 bus_generic_attach() at bus_generic_attach+0x1a acpi_attach() at acpi_attach+0xa28 device_attach() at
Re: acpi_ec: request for review and testing
I can't tell you more on my computer, there nothing more than HP dv7. I can't change brightness too, there is an acpi message: can't evaluate \\_SB_.PCI0.PVGA.EVGA.LCD_._BQC - AE_NOT_FOUND I have the same problem with this error message when acpi_video was loaded I will try to load acpi_hp tomorrow, last time i loaded it, it crash with acpi_wmi error. You have to comment acpi_video in /boot/loader.conf and then load acpi_hp. Before applaying the patch my cpu fan running all the time and now not, have you ever had this problem ? I didn't have this problem. Which version of FreeBSD are you using ? I am using 8.1. Maybe we should report a bug. I don't know if it is solution for this problem :/ cheers, Kuba ___ freebsd-acpi@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-acpi To unsubscribe, send any mail to freebsd-acpi-unsubscr...@freebsd.org
RE: MacBookPro 5,1
Can you send us the acpidump for the machine? Also, tell us which control method is failing. Thanks -Original Message- From: owner-freebsd-a...@freebsd.org [mailto:owner-freebsd- a...@freebsd.org] On Behalf Of Hans Petter Selasky Sent: Sunday, October 17, 2010 6:48 AM To: freebsd-acpi@freebsd.org Cc: linux-a...@vger.kernel.org Subject: Re: MacBookPro 5,1 Hi, CC'ing the Linux guys, hence I belive you are using the same ACPI code like in FreeBSD. It appears that when a string is present in the extended interrupt descriptor (6.4.3.6, ACPIspec30.pdf), then this is not handled correctly, meaning that the precomputed buffer space when encoding to AML, is incorrect and that data is written beyond the destination buffer! The error is catched on a MacBookPro 5,1 and is visible if you zero-pad all ACPI allocations to 4096 bytes, and verify that the freed buffer is not written beyond the allocation. Also the Extended interrupt descriptor must be the last element encoded in the AML. The quick patch is to disable these elements. I tried to figure out why this happens, but this particular handling in the code looks very obfuscated to me. src/sys/contrib/dev/acpica %svk diff === resources/rsmisc.c == --- resources/rsmisc.c (revision 213698) +++ resources/rsmisc.c (local) @@ -311,6 +311,8 @@ case ACPI_RSC_SOURCEX: + break; /* RSC_SOURCEX is broken */ + /* * Optional ResourceSource (Index and String). This is the more * complicated case used by the Interrupt() macro @@ -537,6 +539,8 @@ case ACPI_RSC_SOURCEX: + break; /* RSC_SOURCEX is broken */ + /* * Optional ResourceSource (Index and String) */ Any comments are welcome! --HPS Please keep me CC'ed. ___ freebsd-acpi@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-acpi To unsubscribe, send any mail to freebsd-acpi-unsubscr...@freebsd.org ___ freebsd-acpi@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-acpi To unsubscribe, send any mail to freebsd-acpi-unsubscr...@freebsd.org
