panic: acpi_pci_link_srs_from_crs: can't put non-ISA IRQ 20 in legacy IRQ resource type)
Moore, Robert
robert.moore at intel.com
Sat Apr 20 01:44:51 UTC 2013
Disassembling the DSDT, we have this code in the _SRS execution path:
Method (SRSA, 1, Serialized)
{
CreateWordField (Arg0, 0x05, INZ6)
This code causes the main exception that was first reported:
ACPI Error: Field [INZ6] at 56 exceeds Buffer [NULL] size 48 (bits) (20130418/dsopcode-326)
[AcpiExec] Exception AE_AML_BUFFER_LIMIT during execution of method [SRSA] Opcode [CreateWordField] @4
This code should not be a WORD field, it needs to be a BYTE field. This is because the incoming buffer (Arg0) is exactly 6 bytes long -- so a WORD field at offset 5 will overrun the buffer.
It looks like the code is attempting to access the last byte of the resource descriptor, which is the second byte of the EndTag.
Here is the fixed code:
Method (SRSA, 1, Serialized)
{
CreateByteField (Arg0, 0x05, INZ6)
Recompiling the DSDT and executing resource command, there are no errors:
- resource \_SB_.PCI0.AUBA
Device: \_SB_.PCI0.AUBA
Evaluating _CRS
rscalc-0663 [04] RsGetListLength : Type 20, AmlLength 04 InternalLength 10
rslist-0217 [05] RsConvertAmlToResource: Type 20, AmlLength 04 InternalLength 10
rslist-0217 [05] RsConvertAmlToResource: Type 78, AmlLength 02 InternalLength 0C
rscalc-0663 [04] RsGetListLength : Type 20, AmlLength 04 InternalLength 10
rslist-0217 [05] RsConvertAmlToResource: Type 20, AmlLength 04 InternalLength 10
rslist-0217 [05] RsConvertAmlToResource: Type 78, AmlLength 02 InternalLength 0C
[00] IRQ Resource
Descriptor Length : 03
Triggering : Level
Polarity : ActiveLow
Sharing : Shared
Interrupt Count : 00
Interrupt List :
[01] EndTag Resource
Resource Conversion Comparison:
rscalc-0663 [04] RsGetListLength : Type 20, AmlLength 04 InternalLength 10
rslist-0217 [05] RsConvertAmlToResource: Type 20, AmlLength 04 InternalLength 10
rslist-0217 [05] RsConvertAmlToResource: Type 78, AmlLength 02 InternalLength 0C
Evaluating _SRS
Evaluating _PRS
rscalc-0663 [04] RsGetListLength : Type 89, AmlLength 15 InternalLength 28
rslist-0217 [05] RsConvertAmlToResource: Type 89, AmlLength 15 InternalLength 28
rslist-0217 [05] RsConvertAmlToResource: Type 78, AmlLength 02 InternalLength 0C
[00] Extended IRQ Resource
Type : ResourceConsumer
Triggering : Level
Polarity : ActiveLow
Sharing : Shared
Resource Source Index : 00
Resource Source : [Not Specified]
Interrupt Count : 04
Dword00 : 00000014
Dword01 : 00000015
Dword02 : 00000016
Dword03 : 00000017
[01] EndTag Resource
So, this is obviously a rather serious bug in the DSDT that will need to be addressed by the vendor. Chances are, there are a few more issues like this in the code.
As far as workarounds -- I'm sorry, but we can't allow a buffer overrun, and we can't "guess" what the code is really attempting to do. The correct execution is an abort with the exception AE_AML_BUFFER_LIMIT.
I don't see any issues with the resource lengths, but I will double-check.
Bob
> -----Original Message-----
> From: Moore, Robert
> Sent: Friday, April 19, 2013 5:52 PM
> To: 'Benjamin Lee'
> Cc: John Baldwin; freebsd-acpi at freebsd.org; Zheng, Lv; Guan, Chao
> Subject: RE: panic: acpi_pci_link_srs_from_crs: can't put non-ISA IRQ 20
> in legacy IRQ resource type)
>
> I was able to quickly reproduce the _CRS/_SRS problem with the AUBA
> device. I would imagine that this would fail on Windows also, as the basic
> model of read(_CRS)/modify/write(_SRS) is fairly standard. Unless
> something else is going on, of course.
>
> Our debugger has a command to do this:
>
>
> - resource \_SB_.PCI0.AUBA
>
> Device: \_SB_.PCI0.AUBA
> Evaluating _CRS
> rscalc-0663 [04] RsGetListLength : Type 20, AmlLength 04
> InternalLength 10
> rslist-0217 [05] RsConvertAmlToResource: Type 20, AmlLength 04
> InternalLength 10
> rslist-0217 [05] RsConvertAmlToResource: Type 78, AmlLength 02
> InternalLength 0C
> rscalc-0663 [04] RsGetListLength : Type 20, AmlLength 04
> InternalLength 10
> rslist-0217 [05] RsConvertAmlToResource: Type 20, AmlLength 04
> InternalLength 10
> rslist-0217 [05] RsConvertAmlToResource: Type 78, AmlLength 02
> InternalLength 0C
>
> [00] IRQ Resource
> Descriptor Length : 03
> Triggering : Level
> Polarity : ActiveLow
> Sharing : Shared
> Interrupt Count : 00
> Interrupt List :
>
> [01] EndTag Resource
> Resource Conversion Comparison:
> rscalc-0663 [04] RsGetListLength : Type 20, AmlLength 04
> InternalLength 10
> rslist-0217 [05] RsConvertAmlToResource: Type 20, AmlLength 04
> InternalLength 10
> rslist-0217 [05] RsConvertAmlToResource: Type 78, AmlLength 02
> InternalLength 0C Evaluating _SRS ACPI Error: Field [INZ6] at 56 exceeds
> Buffer [NULL] size 48 (bits) (20130418/dsopcode-326) [AcpiExec] Exception
> AE_AML_BUFFER_LIMIT during execution of method [SRSA] Opcode
> [CreateWordField] @4
>
> **** Exception AE_AML_BUFFER_LIMIT during execution of method
> [\_SB_.PCI0.SRSA] (Node 004B7B50)
>
> Method Execution Stack:
> Method [SRSA] executing: [SRSA] @00000 #008B: CreateWordField (Arg0,
> 0x05, INZ6)
> Method [_SRS] executing: Call to method [\_SB_.PCI0.SRSA] (Node
> 004B7B50)
>
> Local Variables for method [SRSA]:
> Local0: 00000000 <Null Object>
> Local1: 00000000 <Null Object>
> Local2: 00000000 <Null Object>
> Local3: 00000000 <Null Object>
> Local4: 00000000 <Null Object>
> Local5: 00000000 <Null Object>
> Local6: 00000000 <Null Object>
> Local7: 00000000 <Null Object>
>
> Arguments for Method [SRSA]: (1 arguments defined, max concurrency = 0)
> Arg0: 004F4840 <Obj> Buffer(6) 23 00 00 18 79 00
> Arg1: 00000000 <Null Object>
> Arg2: 00000000 <Null Object>
> Arg3: 00000000 <Null Object>
> Arg4: 00000000 <Null Object>
> Arg5: 00000000 <Null Object>
> Arg6: 00000000 <Null Object>
>
> ACPI Error: Method parse/execution failed [\_SB_.PCI0.SRSA] (Node
> 004B7B50), AE_AML_BUFFER_LIMIT (20130418/psparse-632) ACPI Error: Method
> parse/execution failed [\_SB_.PCI0.AUBA._SRS] (Node 004BEB50),
> AE_AML_BUFFER_LIMIT (20130418/psparse-632) AcpiSetCurrentResources failed:
> AE_AML_BUFFER_LIMIT Evaluating _PRS
> rscalc-0663 [04] RsGetListLength : Type 89, AmlLength 15
> InternalLength 28
> rslist-0217 [05] RsConvertAmlToResource: Type 89, AmlLength 15
> InternalLength 28
> rslist-0217 [05] RsConvertAmlToResource: Type 78, AmlLength 02
> InternalLength 0C
>
> [00] Extended IRQ Resource
> Type : ResourceConsumer
> Triggering : Level
> Polarity : ActiveLow
> Sharing : Shared
> Resource Source Index : 00
> Resource Source : [Not Specified]
> Interrupt Count : 04
> Dword00 : 00000014
> Dword01 : 00000015
> Dword02 : 00000016
> Dword03 : 00000017
>
> [01] EndTag Resource
> -
>
>
>
> > -----Original Message-----
> > From: Benjamin Lee [mailto:ben at b1c1l1.com]
> > Sent: Friday, April 19, 2013 5:22 PM
> > To: Moore, Robert
> > Cc: John Baldwin; freebsd-acpi at freebsd.org
> > Subject: Re: panic: acpi_pci_link_srs_from_crs: can't put non-ISA IRQ
> > 20 in legacy IRQ resource type)
> >
> > On Sat, 20 Apr 2013 00:09:55 +0000, "Moore, Robert"
> > <robert.moore at intel.com> wrote:
> > > Can you send the actual binary DSDT or the ASCII acpidump (not
> > > disassembled)
> >
> > I missed this earlier, but I just noticed _OS and _OSI checks for
> Windows.
> > I'll need to do some testing with hw.acpi.osname.
> >
> > Here is the binary DSDT:
> >
> > http://www.b1c1l1.com/media/debug/20130419-nvidia.dsdt
> >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Benjamin Lee [mailto:ben at b1c1l1.com]
> > > > Sent: Friday, April 19, 2013 4:35 PM
> > > > To: Moore, Robert
> > > > Cc: John Baldwin; freebsd-acpi at freebsd.org
> > > > Subject: Re: panic: acpi_pci_link_srs_from_crs: can't put non-ISA
> > > > IRQ 20 in legacy IRQ resource type)
> > > >
> > > > On Fri, 19 Apr 2013 23:00:07 +0000, "Moore, Robert"
> > > > <robert.moore at intel.com> wrote:
> > > > > No, the length must be set in all descriptors, end tag included.
> > > >
> > > > Do you have any pointers on how I can fix my ASL? Where do I find
> > > > the end tags and what should I set the lengths to?
> > > >
> > > > Here is the output from acpidump -dt:
> > > > http://www.b1c1l1.com/media/debug/20130418-nvidia.asl.gz
> > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: owner-freebsd-acpi at freebsd.org [mailto:owner-freebsd-
> > > > > > acpi at freebsd.org] On Behalf Of Benjamin Lee
> > > > > > Sent: Friday, April 19, 2013 3:51 PM
> > > > > > To: John Baldwin
> > > > > > Cc: freebsd-acpi at freebsd.org
> > > > > > Subject: Re: panic: acpi_pci_link_srs_from_crs: can't put
> > > > > > non-ISA IRQ 20 in legacy IRQ resource type)
> > > > > >
> > > > > > On Fri, 19 Apr 2013 15:21:10 -0700, Benjamin Lee
> > > > > > <ben at b1c1l1.com>
> > > > wrote:
> > > > > > > On Fri, 19 Apr 2013 17:26:31 -0400, John Baldwin
> > > > > > > <jhb at freebsd.org>
> > > > > > wrote:
> > > > > > > > On Friday, April 19, 2013 4:18:49 pm Benjamin Lee wrote:
> > > > > > > > > On Fri, 19 Apr 2013 11:31:49 -0400, John Baldwin
> > > > > > > > > <jhb at freebsd.org>
> > > > > > wrote:
> > > > > > > > > > On Thursday, April 18, 2013 3:49:40 pm Benjamin Lee
> wrote:
> > > > > > > > > > > I have a system that panics on boot with 10-CURRENT
> > > > > > > > > > > and boots with many ACPI error messages and
> > > > > > > > > > > non-functional devices with
> > > > > > 9.1-RELEASE.
> > > > > > > > > > >
> > > > > > > > > > > Motherboard is Foxconn C51XEM2AA (NVIDIA nForce 590)
> > > > > > > > > > > desktop
> > > > > > board.
> > > > > > > > > [...]
> > > > > > > > > > > Even though 9.1-RELEASE boots successfully, devices
> > > > > > > > > > > such as the ehci USB controller and SATA controller
> > > > > > > > > > > do
> > not work.
> > > > > > > > > >
> > > > > > > > > > Ugh, your BIOS does unexpected things. It uses a _CRS
> > > > > > > > > > for these pci link devices that uses a "short" IRQ
> > > > > > > > > > resource, but uses an extended IRQ
> > > > > > > > resource in
> > > > > > > > > > _PRS (and expects an extended one in _SRS). We use
> > > > > > > > > > _CRS as a template for
> > > > > > > > the
> > > > > > > > > > resource to build.
> > > > > > > > > >
> > > > > > > > > > Try this patch. It's a bit hackish, but it forces us
> > > > > > > > > > to not use _CRS as a template if _CRS uses a "short"
> > > > > > > > > > IRQ resource, but the link supports non-
> > > > > > > > ISA
> > > > > > > > > > IRQs.
> > > > > > > > > [...]
> > > > > > > > >
> > > > > > > > > Thanks, that fixed the panic and the system boots. Now
> > > > > > > > > it is complaining about AE_AML_BAD_RESOURCE_LENGTH and
> > > > > > > > > still unable to route IRQs, but it definitely looks
> > > > > > > > > better than the ACPI parsing
> > > > > > errors in 9:
> > > > > > > > >
> > > > > > > > > pcib0: allocated type 3 (0xdffff000-0xdfffffff) for rid
> > > > > > > > > 10 of
> > > > > > > > > pci0:0:10:0
> > > > > > > > > pcib0: matched entry for 0.10.INTA (src
> > > > > > > > > \_SB_.PCI0.AUBA:0)
> > > > > > > > > pci_link26: Picked IRQ 20 with weight 0
> > > > > > > > > pci_link26: Unable to route IRQs:
> > > > > > > > > AE_AML_BAD_RESOURCE_LENGTH
> > > > > > > > >
> > > > > > > > > Full boot -v output:
> > > > > > > > > http://www.b1c1l1.com/media/debug/20130419-10-patched-
> > > > > > > > boot.txt.gz
> > > > > > > >
> > > > > > > > Can you add some printfs to the places that return the
> > > > > > > > AE_AML_BAD_RESOURCE_LENGTH to see which one is being
> > triggered?
> > > > > > > > (Just look for that constant in sys/contrib/dev/acpica to
> > > > > > > > find the possible places.)
> > > > > > >
> > > > > > > Is there a macro for dumping information about Resource or
> > > > > > > Resource->Data? Here's what I have for now at
> > > > > > > sys/contrib/dev/acpica/resources/rscalc.c line 237:
> > > > > > >
> > > > > > > pcib0: matched entry for 0.10.INTA (src \_SB_.PCI0.AUBA:0)
> > > > > > > pci_link26: Picked IRQ 20 with weight 0
> > > > > > > rscalc.c:237
> > > > > > > Resource->Type: 7
> > > > > > > Resource->Length: 0
> > > > > > > pci_link26: Unable to route IRQs: AE_AML_BAD_RESOURCE_LENGTH
> > > > > > >
> > > > > > > All of the errors are from there and look identical (Type 7,
> > > > > > > Length
> > > > 0).
> > > > > > > Type 7 appears to be ACPI_RESOURCE_TYPE_END_TAG.
> > > > > >
> > > > > > This hack fixes everything (now the SATA controller works).
> > > > > > It seems that the Resource->Length check might not be
> > > > > > necessary for ACPI_RESOURCE_TYPE_END_TAG.
> > > > > >
> > > > > > blee at genesis /usr/src/sys/contrib/dev/acpica $ svn diff
> > > > > > Index: components/resources/rscalc.c
> > > > > >
> > ===================================================================
> > > > > > --- components/resources/rscalc.c (revision 249624)
> > > > > > +++ components/resources/rscalc.c (working copy)
> > > > > > @@ -234,6 +234,15 @@
> > > > > >
> > > > > > if (!Resource->Length)
> > > > > > {
> > > > > > + if (Resource->Type == ACPI_RESOURCE_TYPE_END_TAG) {
> > > > > > + TotalSize = AcpiGbl_AmlResourceSizes
> > > > > > + [Resource-
> > > > >Type];
> > > > > > + printf("TotalSize: %u\n", TotalSize);
> > > > > > + if (TotalSize != 0) {
> > > > > > + printf("ACPI_RESOURCE_TYPE_END_TAG
> hack\n");
> > > > > > + *SizeNeeded = AmlSizeNeeded + TotalSize;
> > > > > > + return_ACPI_STATUS (AE_OK);
> > > > > > + }
> > > > > > + }
> > > > > > return_ACPI_STATUS (AE_AML_BAD_RESOURCE_LENGTH);
> > > > > > }
> > > > > >
> > > > > > Index: components/resources/rslist.c
> > > > > >
> > ===================================================================
> > > > > > --- components/resources/rslist.c (revision 249624)
> > > > > > +++ components/resources/rslist.c (working copy)
> > > > > > @@ -203,6 +203,11 @@
> > > > > >
> > > > > > if (!Resource->Length)
> > > > > > {
> > > > > > + if (Resource->Type == ACPI_RESOURCE_TYPE_END_TAG) {
> > > > > > + printf("ACPI_RESOURCE_TYPE_END_TAG hack 2\n");
> > > > > > + return_ACPI_STATUS (AE_OK);
> > > > > > + }
> > > > > > +
> > > > > > ACPI_ERROR ((AE_INFO,
> > > > > > "Invalid zero length descriptor in resource
> > > > list\n"));
> > > > > > return_ACPI_STATUS (AE_AML_BAD_RESOURCE_LENGTH);
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Benjamin Lee
> > > > > > http://www.b1c1l1.com/
> > > >
> > > >
> > > >
> > > > --
> > > > Benjamin Lee
> > > > http://www.b1c1l1.com/
> >
> >
> >
> > --
> > Benjamin Lee
> > http://www.b1c1l1.com/
More information about the freebsd-acpi
mailing list