Bug 194595
Summary: | ATRM caller - Field [TBF3] at 294912 exceeds Buffer [Null] size 262144 bits - Lenovo ThinkPad e550 | ||
---|---|---|---|
Product: | ACPI | Reporter: | yousifjkadom |
Component: | BIOS | Assignee: | Lv Zheng (lv.zheng) |
Status: | CLOSED DOCUMENTED | ||
Severity: | normal | CC: | Robert.Moore, rui.zhang |
Priority: | P1 | ||
Hardware: | Intel | ||
OS: | Linux | ||
Kernel Version: | 4.9.9 | Subsystem: | |
Regression: | No | Bisected commit-id: | |
Attachments: |
error
[PATCH] Backported linux ATRM access code ASL code for ACPICA upstream to reproduce this issue |
Please upload acpidump output here. Thanks ping... Hi. What you mean by "acpidump outout" & how I get it to upload it to you? Please I'm new for Linux less than 1 year Linux usage only, so be step by step with me & learn me how to remove any generated file if it need special way to remove it. Best. you can install acpidump tool from the repo, and run "sudo acpidump > acpidump.out". and attach the acpidump.out file in this bug report. Linking to http://bugs.acpica.org/show_bug.cgi?id=1372. Still could use the acpidump for this machine, thanks. This looks very much like a duplicate of 194753, but we need the acpidump to verify. I have a Lenovo DSDT that contains the code in question: DSDT: Length=61624, Revision=1, Checksum=229, OEMID=LENOVO, OEM Table ID=TP-7U, OEM Revision=0x1200, Creator ID=MSFT, Creator Revision=0x3000000 Field (ATRP, AnyAcc, Lock, Preserve) { IDX0, 262144, IDX1, 262144 } Method (ATRM, 2, Serialized) { If (LGreaterEqual (Arg0, 0x8000)) { Return (GETB (Subtract (Arg0, 0x8000), Arg1, IDX1)) } .... } Arguments to ATRM: Arg0 = BitIndex Arg1 = BitLength Method (GETB, 3, Serialized) { Multiply (Arg0, 0x08, Local0) Multiply (Arg1, 0x08, Local1) CreateField (Arg2, Local0, Local1, TBF3) Return (TBF3) } Arguments to GETB: Arg0 = BitIndex Arg1 = BitLength Arg2 = Input buffer (length = 262144 = 0x40000 = 0x8000 bytes) Arg0 + Arg1 = 294912 = 0x48000 = 0x9000 bytes Extracting some of the code into a test case results in reproducing the problem exactly: DefinitionBlock ("", "SSDT", 2, "Intel", "_SSDT_01", 0x00000001) { OperationRegion (ATRP, SystemMemory, 0x4000, 0x00010000) Field (ATRP, AnyAcc, Lock, Preserve) { IDX0, 262144, IDX1, 262144 } Method (ATRM, 2, Serialized) { If (LGreaterEqual (Arg0, 0x8000)) { Return (GETB (Subtract (Arg0, 0x8000), Arg1, IDX1)) } } Method (GETB, 3, Serialized) { Multiply (Arg0, 0x08, Local0) Multiply (Arg1, 0x08, Local1) CreateField (Arg2, Local0, Local1, TBF3) Return (TBF3) } Method (TEST) { ATRM (0x10000, 0x1000) } } Output from acpiexec (with updated error message for the buffer overrun): ACPI Error: Field [TBF3] at bit offset/length 262144/32768 exceeds size of target Buffer (262144 bits) (20170303/dsopcode-359) [AcpiExec] Exception AE_AML_BUFFER_LIMIT during execution of method [GETB] Opcode [CreateField] @F [GETB] @0000A #5B13: CreateField (Arg2, Local0, Local1, TBF3) Initialized Local Variables for method [GETB]: Local0: 00651378 <Obj> Integer 0000000000040000 Local1: 00651498 <Obj> Integer 0000000000008000 Initialized Arguments for Method [GETB]: (0 arguments defined for method invocation) Arg0: 00651A98 <Obj> Integer 0000000000008000 Arg1: 00651738 <Obj> Integer 0000000000001000 Arg2: 00651A38 <Obj> Buffer(32768) 00 00 00 00 00 00 00 00 ACPI Error: Method parse/execution failed [\GETB] (Node 00650908), AE_AML_BUFFER_LIMIT (20170303/psparse-668) ACPI Error: Method parse/execution failed [\ATRM] (Node 006508C0), AE_AML_BUFFER_LIMIT (20170303/psparse-668) ACPI Error: Method parse/execution failed [\TEST] (Node 00650FA8), AE_AML_BUFFER_LIMIT (20170303/psparse-668) ACPI Exception: AE_AML_BUFFER_LIMIT, while executing \TEST from debugger (20170303/dbexec-318) 0x4 Outstanding allocations after evaluation of \TEST Evaluation of \TEST failed with status AE_AML_BUFFER_LIMIT It appears that ATRM is treated as an external interface and is in fact called by the OS -- by at least a couple drivers: amdgpu\amdgpu_bios.c radeon\radeon_bios.c So, this would appear to be the next place to look. The arguments to ATRM are overflowing a buffer. However, 1. According to the dmesg, 294912 (0x9000) and 262144 (0x8000) do not seem to exceed 0x10000. 2. What the Buffer [NULL] means to us? ^^^^^^ Will ATRM (0x9000, 0x1000) return similar error as reported? Buffer [NULL] is essentially a bug, the output is assuming the buffer is a named object, which is not true. For the test code in #8: ATRM (0x9000, 0x1000) - OK ATRM (0xF000, 0x1000) - OK ATRM (0xF001, 0x1000) - FAILS Error message (I changed the message, no longer returns the NULL): ACPI Error: Field [TBF3] at bit offset/length 229384/32768 exceeds size of target Buffer (262144 bits) (20170303/dsopcode-359) Looking at the following driver code: int size = 256 * 1024; If the ATRM is return in this way: OperationRegion (ATRP, SystemMemory, 0x4000, 0x00010000) Field (ATRP, AnyAcc, Lock, Preserve) { IDX0, 262144, IDX1, 262144 } Method (ATRM, 2, Serialized) { Store (Concatenate("Arg0: ", Arg0), Debug) Store (Concatenate("Arg1: ", Arg1), Debug) If (LGreaterEqual (Arg0, 0x8000)) { Return (GETB (Subtract (Arg0, 0x8000), Arg1, IDX1)) } Else { Return (GETB (Arg0, Arg1, IDX0)) } } Method (GETB, 3, Serialized) { Multiply (Arg0, 0x08, Local0) Multiply (Arg1, 0x08, Local1) Store (Concatenate("Local0: ", Local0), Debug) Store (Concatenate("Local1: ", Local0), Debug) CreateField (Arg2, Local0, Local1, TBF3) Return (TBF3) } It really exceeds the opregion boundary. According to the ASL, the size should be 32 * 2 * 1024 = 64 * 1024 < 256 * 1024. I have no idea how "size" is determined. Shall we re-assign to GPU driver writers? Thanks Lv To yousifjkadom@yahoo.com: You should file a bug to the driver maintainers of: drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c drivers/gpu/drm/radeon/radeon_bios.c It's not this community, it should be freedesktop.org: https://bugs.freedesktop.org/ You can refer this bug in your new bug report. Thanks Lv For detailed reference, the access has exceeded due to: static bool amdgpu_atrm_get_bios(struct amdgpu_device *adev) { int ret; int size = 256 * 1024; ^^^^^^^^^^^^^^^^^^^^^^ Thanks Lv Created attachment 255977 [details]
[PATCH] Backported linux ATRM access code
Code for ACPICA upstream to reproduce this.
Created attachment 255979 [details]
ASL code for ACPICA upstream to reproduce this issue
Hi. I updated my kernel on Fedora 24 & bug & error message existing !! I'm now on kernel 4.11.4 How you marked this bug as "RESOLVED" ?! It never fixed & I suffer from it since I opened this bug till now, & I see it marked as "RESOLVED" ! Please your kind attention. I think Lv has clarified the root cause of the problem in comment #14, and this is not a problem that should be covered by kernel bugzilla, instead, you should file a bug at https://bugs.freedesktop.org/ to raise the problem to the graphics people. Bug Closed. If you still have any questions/objections, please feel free to let me know. |
Created attachment 254767 [details] error Hi. I'm on Fedora 24 x64 bit Cinnamon edition. Since before kernel 4.9.9 (before 4.9.6 exactly I do not remamber at which version start, but it is 1st 4.9.x that Fedora 24 received) I started to encounter error message at booting, please look for screen shot. Please beware that last 2 lines are not included in this bug because they are related to other bug that I already opened (support for AMD R7 M265 dedicated VGA). The remaining lines from 1st to 6th (counting from above to bellow) related to this bug. I wait many upgrade in the hope that this error message disappear but it continue. Till now it is - as I feel - just cosmetic bug. My system complete boot & system started & work without apparent problem. But I post this bug since I noticed in your change log attention to correct similar messages & I read in Fedora forum one of it's members suffer from similar message but he has failure to complete it's boot. For that I post this bug to avoid further possible deterioration. I'm on Lenovo ThinkPad e550 with 8 GB RAM, 1 TB HHD, hybrid system with AMD Radeon R7 M265 dedicated VGA (not supported till now) + Intel Corporation HD Graphic 5500, Intel Core i7-5500U CPU @ 2.40 x 2 By the way, I'm not sure about component that should selected for this bug. I selected BIOS. If it is wrong