On Wed, Nov 28, 2012 at 9:27 AM, Zdenek Kabelac <zkabelac@xxxxxxxxxx> wrote: > > I've attached bigger disasfun script output to BZ 51071. > https://bugzilla.kernel.org/show_bug.cgi?id=51071#c1 > > > if (ACPI_GET_DESCRIPTOR_TYPE(prefix_node) != > 00000000000000a1 <acpi_ns_lookup+0xa1> cmpb $0xf,0x8(%rbx) > 00000000000000a5 <acpi_ns_lookup+0xa5> je 0da <acpi_ns_lookup+0xda> > > seems to be going out of bounds. The whole "prefix_node" pointer is bogus. It seems to have the value 0x1000. I wonder how that happened. It's loaded from 'scope_info->scope.node', and it *should* be a valid pointer. Can you add a print-out of scope_info->common.descriptor_type and check that it is ACPI_DESC_TYPE_STATE_WSCOPE (== 8). If it is not, return early. Or just something like the attatched, which just uses the root node (and warns once) if it's not a valid WSCOPE thing. Linus
Attachment:
patch.diff
Description: Binary data
