Commit Graph

30 Commits

Author SHA1 Message Date
Seunghun Han 97f3c0a4b0 ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
I found an ACPI cache leak in ACPI early termination and boot continuing case.

When early termination occurs due to malicious ACPI table, Linux kernel
terminates ACPI function and continues to boot process. While kernel terminates
ACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak.

Boot log of ACPI operand cache leak is as follows:
>[    0.464168] ACPI: Added _OSI(Module Device)
>[    0.467022] ACPI: Added _OSI(Processor Device)
>[    0.469376] ACPI: Added _OSI(3.0 _SCP Extensions)
>[    0.471647] ACPI: Added _OSI(Processor Aggregator Device)
>[    0.477997] ACPI Error: Null stack entry at ffff880215c0aad8 (20170303/exresop-174)
>[    0.482706] ACPI Exception: AE_AML_INTERNAL, While resolving operands for [opcode_name unavailable] (20170303/dswexec-461)
>[    0.487503] ACPI Error: Method parse/execution failed [\DBG] (Node ffff88021710ab40), AE_AML_INTERNAL (20170303/psparse-543)
>[    0.492136] ACPI Error: Method parse/execution failed [\_SB._INI] (Node ffff88021710a618), AE_AML_INTERNAL (20170303/psparse-543)
>[    0.497683] ACPI: Interpreter enabled
>[    0.499385] ACPI: (supports S0)
>[    0.501151] ACPI: Using IOAPIC for interrupt routing
>[    0.503342] ACPI Error: Null stack entry at ffff880215c0aad8 (20170303/exresop-174)
>[    0.506522] ACPI Exception: AE_AML_INTERNAL, While resolving operands for [opcode_name unavailable] (20170303/dswexec-461)
>[    0.510463] ACPI Error: Method parse/execution failed [\DBG] (Node ffff88021710ab40), AE_AML_INTERNAL (20170303/psparse-543)
>[    0.514477] ACPI Error: Method parse/execution failed [\_PIC] (Node ffff88021710ab18), AE_AML_INTERNAL (20170303/psparse-543)
>[    0.518867] ACPI Exception: AE_AML_INTERNAL, Evaluating _PIC (20170303/bus-991)
>[    0.522384] kmem_cache_destroy Acpi-Operand: Slab cache still has objects
>[    0.524597] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26
>[    0.526795] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006
>[    0.529668] Call Trace:
>[    0.530811]  ? dump_stack+0x5c/0x81
>[    0.532240]  ? kmem_cache_destroy+0x1aa/0x1c0
>[    0.533905]  ? acpi_os_delete_cache+0xa/0x10
>[    0.535497]  ? acpi_ut_delete_caches+0x3f/0x7b
>[    0.537237]  ? acpi_terminate+0xa/0x14
>[    0.538701]  ? acpi_init+0x2af/0x34f
>[    0.540008]  ? acpi_sleep_proc_init+0x27/0x27
>[    0.541593]  ? do_one_initcall+0x4e/0x1a0
>[    0.543008]  ? kernel_init_freeable+0x19e/0x21f
>[    0.546202]  ? rest_init+0x80/0x80
>[    0.547513]  ? kernel_init+0xa/0x100
>[    0.548817]  ? ret_from_fork+0x25/0x30
>[    0.550587] vgaarb: loaded
>[    0.551716] EDAC MC: Ver: 3.0.0
>[    0.553744] PCI: Probing PCI hardware
>[    0.555038] PCI host bridge to bus 0000:00
> ... Continue to boot and log is omitted ...

I analyzed this memory leak in detail and found acpi_ns_evaluate() function
only removes Info->return_object in AE_CTRL_RETURN_VALUE case. But, when errors
occur, the status value is not AE_CTRL_RETURN_VALUE, and Info->return_object is
also not null. Therefore, this causes acpi operand memory leak.

This cache leak causes a security threat because an old kernel (<= 4.9) shows
memory locations of kernel functions in stack dump. Some malicious users
could use this information to neutralize kernel ASLR.

I made a patch to fix ACPI operand cache leak.

Signed-off-by: Seunghun Han <kkamagui@gmail.com>
Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2018-03-18 18:51:59 +01:00
Bob Moore d82847acd4 ACPICA: Update error message, no functional change
ACPICA commit 0787fda3b224a78369e26ac6046658beb2b64c12

Clarify error when an attempt is made to evaluate things like
devices, events, etc. -- these objects have no data and cannot
be "evaluated".

Link: https://github.com/acpica/acpica/commit/0787fda3
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2018-02-21 23:51:08 +01:00
Bob Moore da6f8320d5 ACPICA: All acpica: Update copyrights to 2018
including tool signons.

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2018-02-06 10:31:20 +01:00
Bob Moore 7735ca0eb4 ACPICA: Source tree: Update copyright notices to 2017
ACPICA commit 16577e5265923f4999b4d2c0addb2343b18135e1

Affects all files.

Link: https://github.com/acpica/acpica/commit/16577e52
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2017-02-09 14:47:02 +01:00
Bob Moore 05fb04b54f ACPICA: Remove unnecessary arguments to ACPI_INFO
ACPICA commit 181f56605a771e0b91e24b0648d2565ca70bea20

This is used as a purely infomation message, without module name
and line number information. Therefore, these arguments are
not needed and they are unnecessary overhead.
Arguments are removed.
ACPICA BZ 872.

Link: https://github.com/acpica/acpica/commit/181f5660
Link: https://bugs.acpica.org/show_bug.cgi?id=872
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2016-02-24 14:14:49 +01:00
Bob Moore c8100dc464 ACPICA: Additional 2016 copyright changes
All tool/utility signons.
Dual-license module header.

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2016-01-15 22:18:09 +01:00
Lv Zheng 66e42ee57c ACPICA: Reduce regression fix divergence from upstream ACPICA
Linux has been fixed during 20151218 release cycle by reverting wrong code
in the following commit:
  ACPICA commit: 071eff738c59eda1792ac24b3b688b61691d7e7c
  Subject: Add per-table execution of module-level code, early region
           handlers
While upstream ACPICA fixes later in the following commit:
  ACPICA commit: bf6cfddb4784c349f781758981b207253b5a1252
  Subject: Fix for module-level-code regression introduced in 20151218

This results in the divergences and this patch is meant to reduce such
divergences. Lv Zheng.

Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2016-01-15 22:14:12 +01:00
Lv Zheng 0e166e4f67 ACPICA: Debugger: reduce old external path format
ACPICA commit 75c0da9e796bdf9bdd46d75f028a3e1779903214

In the error logs and debugger outputs, use new external path format that
does not contain a trailing underscore.

This patch takes care of acpi_ns_get_external_pathname() invocations, chaning
them into acpi_ns_get_normalized_pathname(TRUE) where possible. Along with some
error log fixes, the following debugger commands are fixed: resources,
handlers, paths. Lv Zheng.

Link: https://github.com/acpica/acpica/commit/75c0da9e
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2016-01-01 03:26:45 +01:00
Bob Moore 25823e784a ACPICA: Add additional debug info/statements
ACPICA commit 74094ca9f51e2652a9b5f01722d8640a653cc75a

For _REG methods and module-level code blocks.
For acpiexec, add deletion of module-level blocks in case
of an early abort.

Link: https://github.com/acpica/acpica/commit/74094ca9
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2015-08-25 23:11:32 +02:00
Bob Moore 4712f71b60 ACPICA: Correctly cleanup after a ACPI table load failure
ACPICA commit ed7769e832de6c7ba90615480d916c85fd100422

If a table load fails, delete all namespace objects created by the
table, otherwise these objects will be uninitialized, causing
problems later. This appears to be a very rare problem.
Also handle the unitialized node problem to prevent possible
faults. ACPICA BZ 1185.

Link: https://github.com/acpica/acpica/commit/ed7769e8
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2015-08-25 23:11:30 +02:00
gongzg 3d2967b5b5 ACPICA: Comment update, no functional change
ACPICA commit 1a8ec7b83d55c7b957247d685bd1c73f6a012f1e

Remove redundant comment in nseval.c

Link: https://github.com/acpica/acpica/commit/1a8ec7b8
Signed-off-by: gongzg <gongzhaogang@inspur.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2015-07-01 23:17:56 +02:00
Bob Moore 4fa4616e27 ACPICA: De-macroize calls to standard C library functions
ACPICA commit 3b1026e0bdd3c32eb6d5d313f3ba0b1fee7597b4
ACPICA commit 00f0dc83f5cfca53b27a3213ae0d7719b88c2d6b
ACPICA commit 47d22a738d0e19fd241ffe4e3e9d4e198e4afc69

Across all of ACPICA. Replace C library macros such as ACPI_STRLEN with the
standard names such as strlen. The original purpose for these macros is
long since obsolete.
Also cast various invocations as necessary. Bob Moore, Jung-uk Kim, Lv Zheng.

Link: https://github.com/acpica/acpica/commit/3b1026e0
Link: https://github.com/acpica/acpica/commit/00f0dc83
Link: https://github.com/acpica/acpica/commit/47d22a73
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Jung-uk Kim <jkim@FreeBSD.org>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2015-07-01 23:17:55 +02:00
David E. Box 82a8094194 ACPICA: Update Copyright headers to 2015
ACPICA commit 8990e73ab2aa15d6a0068b860ab54feff25bee36

Link: https://github.com/acpica/acpica/commit/8990e73a
Signed-off-by: David E. Box <david.e.box@linux.intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2015-02-05 15:31:43 +01:00
Bob Moore fbb7a2dc2b ACPICA: Update ACPICA copyrights to 2014.
Update ACPICA copyrights to 2014. Includes all source headers and
signons for the various tools.

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2014-02-11 00:30:25 +01:00
Lv Zheng 10622bf8ce ACPICA: Linuxize: Change indentation of C labels.
It is reported by kernel build test systems that all ACPICA source
files in the kernel tree have incorrect label indentation.  This
patch changes default indent option used in the release process to
fix this bug.  Lv Zheng.

Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2013-10-31 14:35:36 +01:00
Bob Moore 29a241cc02 ACPICA: Add argument typechecking for all predefined ACPI names
Fully implements typechecking on all incoming arguments for all
predefined names. This ensures that ACPI-related drivers are
passing the correct number of arguments, each of the correct
object type.

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Acked-by: Len Brown <len.brown@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2013-06-01 21:54:30 +02:00
Bob Moore c34c82bc96 ACPICA: Predefine names: Add allowed argument types to master info table
This change adds the infrastructure to enable typechecking
on incoming arguments for the predefined methods/objects. It
does not actually contain the code that will fully utilize this
information. Also condenses some duplicate code for the predefined
names into a new module, utilities/utpredef.c

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2013-04-12 13:29:46 +02:00
Bob Moore 25f044e645 ACPICA: Update ACPICA copyrights to 2013
Includes all source headers and signons for the various tools.

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2013-01-25 13:30:47 +01:00
Bob Moore ba494beeaa ACPICA: AcpiSrc: Fix some translation issues for Linux conversion
Fixes issues like this:

i_aSL -> iASL
00-7_f -> 00-7F
local_fADT -> local_FADT
execute_oSI -> execute_OSI

Also, in function headers, the parameters are now translated to
lower case (with underscores if necessary.)

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2012-07-17 00:05:51 -04:00
Bob Moore 77848130e5 ACPICA: Update all copyrights to 2012
Update all copyrights to 2012.

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2012-01-17 03:38:51 -05:00
Bob Moore b4e104eaeb ACPICA: Update all ACPICA copyrights and signons to 2011
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2011-01-18 23:48:03 -05:00
Lin Ming 2629484288 ACPICA: Fix issues/fault with automatic "serialized" method support
History: This support changes a method to "serialized" on the fly if the
method generates an AE_ALREADY_EXISTS error, indicating the possibility
that it cannot handle reentrancy.

This fix repairs a couple of issues seen in the field, especially on
machines with many cores.

1) Delete method children only upon the exit of the last thread, so
as to not delete objects out from under running threads.

2) Set the "serialized" bit for the method only upon the exit of the
last thread, so as to not cause deadlock when running threads attempt
to exit.

3) Cleanup the use of the AML "MethodFlags" and internal method flags
so that there is no longer any confustion between the two.

Reported-by: Dana Myers <dana.myers@oracle.com>
Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2011-01-18 23:48:03 -05:00
Bob Moore a8357b0c95 ACPICA: Update all ACPICA copyrights and signons to 2010
Add 2010 copyright to all module headers and signons, including
the Linux header. This affects virtually every file in the ACPICA
core subsystem, iASL compiler, and all utilities.

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2010-01-22 12:30:05 -05:00
Lin Ming e31c32cfe5 ACPICA: Module-level code: enable _REG execution in same scope
This change enables the execution of _REG methods that appear
in the same scope as the module-level code, in resonse to an
operation region declaration within the module-level code.

Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2009-12-15 17:29:37 -05:00
Lin Ming 583061c59f ACPICA: Fix possible memory leak for module-level code execution
An object can be leaked for each block of executed module-level
code if the interpreter slack mode is enabled. The change deletes
any implicitly returned object in this case.

Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2009-12-15 17:29:34 -05:00
Lin Ming 9a884ab64a ACPICA: Add additional module-level code support
This change will execute module-level code that is not at the
root of the namespace (under a Device object, etc.).
ACPICA BZ 762.

http://www.acpica.org/bugzilla/show_bug.cgi?id=762

Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2009-11-24 21:31:11 -05:00
Lin Ming 7f0c826a43 ACPICA: Add support for module-level executable AML code
Add limited support for executable AML code that exists outside
of any control method. This type of code has been illegal since
ACPI 2.0.  The code must exist in an If/Else/While block. All AML
tables are supported, including tables that are dynamically loaded.
ACPICA BZ 762.

http://acpica.org/bugzilla/show_bug.cgi?id=762

Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2009-08-28 19:40:39 -04:00
Bob Moore 7bcc06e845 ACPICA: Debug output: decrease verbosity of DB_INFO debug level
Removed some of the extraneous debug prints using the DB_INFO
level.  This should make the DB_INFO more useful.

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2009-03-26 16:38:29 -04:00
Len Brown e2f7a77728 ACPICA: hide private headers
Signed-off-by: Len Brown <len.brown@intel.com>
2009-01-09 03:31:01 -05:00
Len Brown 95b482a8d3 ACPICA: create acpica/ directory
also, delete sleep/ and delete ACPI_CFLAGS from Makefile

Signed-off-by: Len Brown <len.brown@intel.com>
2009-01-09 03:30:47 -05:00