[Bug 216266] New: ACPICA: Fix operand resolution, UBSAN: array-index-out-of-bounds in /home/kernel/COD/linux/drivers/acpi/acpica/dswexec.c

Thu, 21 Jul 2022 06:28:54 -0700 

https://bugzilla.kernel.org/show_bug.cgi?id=216266

            Bug ID: 216266
           Summary: ACPICA: Fix operand resolution, UBSAN:
                    array-index-out-of-bounds in
                    /home/kernel/COD/linux/drivers/acpi/acpica/dswexec.c
           Product: ACPI
           Version: 2.5
    Kernel Version: 5.17 5.18 5.19
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: ACPICA-Core
          Assignee: [email protected]
          Reporter: [email protected]
        Regression: No

Created attachment 301472
  --> https://bugzilla.kernel.org/attachment.cgi?id=301472&action=edit
patch for ACPICA: Fix operand resolution adapted for kernel

This bug was reported upstream at https://github.com/acpica/acpica/issues/755

This is the error in dmesg:

[  710.521719] UBSAN: array-index-out-of-bounds in
/home/kernel/COD/linux/drivers/acpi/acpica/dswexec.c:401:12
[  710.521721] index -1 is out of range for type 'acpi_operand_object *[9]'
[  710.521723] CPU: 4 PID: 16237 Comm: kworker/u16:25 Tainted: P           OE  
  5.17.0-051700rc6-generic #202202272330
[  710.521726] Hardware name: Apple Inc. MacBookPro11,3/Mac-2BD1B31983FE1663,
BIOS 432.60.3.0.0 10/27/2021
[  710.521727] Workqueue: events_unbound async_run_entry_fn
[  710.521733] Call Trace:
[  710.521734]  <TASK>
[  710.521737]  show_stack+0x52/0x58
[  710.521743]  dump_stack_lvl+0x4c/0x63
[  710.521746]  dump_stack+0x10/0x12
[  710.521747]  ubsan_epilogue+0x9/0x45
[  710.521751]  __ubsan_handle_out_of_bounds.cold+0x44/0x49
[  710.521754]  acpi_ds_exec_end_op+0x1a1/0x798
[  710.521759]  acpi_ps_parse_loop+0x587/0x660
[  710.521762]  acpi_ps_parse_aml+0x1af/0x552
[  710.521764]  acpi_ps_execute_method+0x208/0x2ca
[  710.521766]  acpi_ns_evaluate+0x34e/0x4f0
[  710.521771]  acpi_evaluate_object+0x18e/0x3b4
[  710.521772]  ? acpi_ns_get_node+0xaa/0xb8
[  710.521774]  acpi_device_set_power+0x20b/0x360
[  710.521779]  acpi_pci_set_power_state+0x98/0x130
[  710.521784]  pci_power_up+0x15/0x80
[  710.521788]  pci_pm_resume_noirq+0x83/0x130
[  710.521790]  ? pci_pm_thaw_noirq+0x90/0x90
[  710.521794]  dpm_run_callback+0x69/0x160
[  710.521800]  device_resume_noirq+0x148/0x230
[  710.521802]  async_resume_noirq+0x1e/0x40
[  710.521803]  async_run_entry_fn+0x30/0x120
[  710.521805]  process_one_work+0x21c/0x3f0
[  710.521810]  worker_thread+0x50/0x3d0
[  710.521813]  ? rescuer_thread+0x390/0x390
[  710.521816]  kthread+0xeb/0x120
[  710.521819]  ? kthread_complete_and_exit+0x20/0x20
[  710.521822]  ret_from_fork+0x1f/0x30
[  710.521828]  </TASK>
[  710.521829]
================================================================================



This error goes away with the patch in
https://github.com/acpica/acpica/pull/745 
Signed-off-by: Amadeusz Sławiński [email protected]
Reviewed-by: Cezary Rojewski [email protected]

(I have attached this patch adapted for application to the kernel.)


[    0.200396] kernel: ACPI: Disabled all _OSI OS vendors
[    0.200398] kernel: ACPI: Added _OSI(Module Device)
[    0.200399] kernel: ACPI: Added _OSI(Processor Device)
[    0.200401] kernel: ACPI: Added _OSI(3.0 _SCP Extensions)
[    0.200403] kernel: ACPI: Added _OSI(Processor Aggregator Device)
[    0.200405] kernel: ACPI: Added _OSI(Linux-Dell-Video)
[    0.200406] kernel: ACPI: Added _OSI(Linux-Lenovo-NV-HDMI-Audio)
[    0.200408] kernel: ACPI: Added _OSI(Linux-HPI-Hybrid-Graphics)
[    0.200410] kernel: ACPI: Added _OSI(Darwin)
[    0.214666] kernel: ACPI: 9 ACPI AML tables successfully acquired and loaded
[    0.215310] kernel: ACPI: EC: EC started
[    0.215312] kernel: ACPI: EC: interrupt blocked
[    0.216900] kernel: ACPI: EC: EC_CMD/EC_SC=0x66, EC_DATA=0x62
[    0.216903] kernel: ACPI: EC: Boot ECDT EC used to handle transactions
[    0.217064] kernel: ACPI: BIOS _OSI(Darwin) query honored via DMI
[    0.217601] kernel: ACPI: [Firmware Bug]: BIOS _OSI(Linux) query ignored
[    0.217690] kernel: ACPI Error: Needed type [Reference], found [Integer]
00000000cae04c1b (20220331/exresop-66)
[    0.217699] kernel: ACPI Error: AE_AML_OPERAND_TYPE, While resolving
operands for [Store] (20220331/dswexec-433)
[    0.217706] kernel:
[    0.217708] kernel: No Local Variables are initialized for Method [_PDC]
[    0.217710] kernel:
[    0.217711] kernel: Initialized Arguments for Method [_PDC]:  (1 arguments
defined for method invocation)
[    0.217713] kernel:   Arg0:   000000006489d999 <Obj>           Buffer(12) 01
00 00 00 01 00 00 00
[    0.217721] kernel:
[    0.217723] kernel: ACPI Error: Aborting method \_PR.CPU0._PDC due to
previous error (AE_AML_OPERAND_TYPE) (20220331/psparse-529)
[    0.217976] kernel: ACPI: Dynamic OEM Table Load:
[    0.217984] kernel: ACPI: SSDT 0xFFFF95E9814DD800 00067C (v01 PmRef  ApIst  
 00003000 INTL 20100915)
[    0.218944] kernel: ACPI: Dynamic OEM Table Load:
[    0.218950] kernel: ACPI: SSDT 0xFFFF95E981225C00 000119 (v01 PmRef  ApCst  
 00003000 INTL 20100915)
[    0.220860] kernel: ACPI: Interpreter enabled
[    0.220877] kernel: ACPI: PM: (supports S0 S3 S4 S5)
[    0.220879] kernel: ACPI: Using IOAPIC for interrupt routing

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

_______________________________________________
acpi-bugzilla mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acpi-bugzilla

Reply via email to