On Fri, Sep 02, 2016 at 03:46:31PM +0800, Lv Zheng wrote: > In order to support full ECDT (driving the ECDT EC after probing the > namespace EC), we need to change our EC device alloc/free algorithm, ensure > not to free old boot EC before qualifying new boot EC. > This patch achieves this by cleaning up first_ec/boot_ec logic: > 1. first_ec: used to perform transactions, so it is assigned in new > acpi_ec_setup() function. > 2. boot_ec: used to track early EC device, so it is assigned in new > acpi_config_boot_ec() function which explictly tells the driver to save > the EC device as early EC device. > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=115021 > Reported-and-tested-by: Luya Tshimbalanga <luya@xxxxxxxxxxxxxxxxx> > Suggested-by: Peter Wu <peter@xxxxxxxxxxxxx> > Cc: Peter Wu <peter@xxxxxxxxxxxxx> > Cc: Luya Tshimbalanga <luya@xxxxxxxxxxxxxxxxx> > Signed-off-by: Lv Zheng <lv.zheng@xxxxxxxxx> Good idea, the previous acpi_ec_alloc function contained an implicit assumption which was slightly harder to follow. See below for one concern. > --- > drivers/acpi/ec.c | 96 +++++++++++++++++++++++++++++++++++------------------ > 1 file changed, 63 insertions(+), 33 deletions(-) > > diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c > index e7bd57c..4a5f3ab 100644 > --- a/drivers/acpi/ec.c > +++ b/drivers/acpi/ec.c > @@ -179,6 +179,7 @@ static void acpi_ec_event_processor(struct work_struct *work); > > struct acpi_ec *boot_ec, *first_ec; > EXPORT_SYMBOL(first_ec); > +static bool boot_ec_is_ecdt = false; > static struct workqueue_struct *ec_query_wq; > > static int EC_FLAGS_CLEAR_ON_RESUME; /* Needs acpi_ec_clear() on boot/resume */ > @@ -1228,7 +1229,16 @@ acpi_ec_space_handler(u32 function, acpi_physical_address address, > static acpi_status > ec_parse_io_ports(struct acpi_resource *resource, void *context); > > -static struct acpi_ec *make_acpi_ec(void) > +static void acpi_ec_free(struct acpi_ec *ec) > +{ > + if (first_ec == ec) > + first_ec = NULL; > + if (boot_ec == ec) > + boot_ec = NULL; > + kfree(ec); > +} > + > +static struct acpi_ec *acpi_ec_alloc(void) > { > struct acpi_ec *ec = kzalloc(sizeof(struct acpi_ec), GFP_KERNEL); > > @@ -1290,6 +1300,11 @@ ec_parse_device(acpi_handle handle, u32 Level, void *context, void **retval) > return AE_CTRL_TERMINATE; > } > > +/* > + * Note: This function returns an error code only when the address space > + * handler is not installed, which means "not able to handle > + * transactions". > + */ > static int ec_install_handlers(struct acpi_ec *ec) > { > acpi_status status; > @@ -1365,21 +1380,49 @@ static void ec_remove_handlers(struct acpi_ec *ec) > } > } > > -static struct acpi_ec *acpi_ec_alloc(void) > +static int acpi_ec_setup(struct acpi_ec *ec) > { > - struct acpi_ec *ec; > + int ret; > > - /* Check for boot EC */ > - if (boot_ec) { > - ec = boot_ec; > - boot_ec = NULL; > - ec_remove_handlers(ec); > - if (first_ec == ec) > - first_ec = NULL; > - } else { > - ec = make_acpi_ec(); > + ret = ec_install_handlers(ec); > + if (ret) > + return ret; > + > + /* First EC capable of handling transactions */ > + if (!first_ec) { > + first_ec = ec; > + acpi_handle_info(first_ec->handle, "Used as first EC\n"); > } > - return ec; > + > + acpi_handle_info(ec->handle, > + "GPE=0x%lx, EC_CMD/EC_SC=0x%lx, EC_DATA=0x%lx\n", > + ec->gpe, ec->command_addr, ec->data_addr); > + return ret; > +} > + > +static int acpi_config_boot_ec(struct acpi_ec *ec, bool is_ecdt) > +{ > + int ret; > + > + if (boot_ec) > + ec_remove_handlers(boot_ec); > + > + /* Unset old boot EC */ > + if (boot_ec != ec) > + acpi_ec_free(boot_ec); > + > + ret = acpi_ec_setup(ec); > + if (ret) > + return ret; > + > + /* Set new boot EC */ > + if (!boot_ec) { > + boot_ec = ec; > + boot_ec_is_ecdt = is_ecdt; > + acpi_handle_info(boot_ec->handle, "Used as boot %s EC\n", > + is_ecdt ? "ECDT" : "DSDT"); > + } > + return ret; > } > > static int acpi_ec_add(struct acpi_device *device) > @@ -1395,7 +1438,7 @@ static int acpi_ec_add(struct acpi_device *device) > return -ENOMEM; > if (ec_parse_device(device->handle, 0, ec, NULL) != > AE_CTRL_TERMINATE) { > - kfree(ec); > + acpi_ec_free(ec); > return -EINVAL; > } > > @@ -1403,8 +1446,6 @@ static int acpi_ec_add(struct acpi_device *device) > acpi_walk_namespace(ACPI_TYPE_METHOD, ec->handle, 1, > acpi_ec_register_query_methods, NULL, ec, NULL); > > - if (!first_ec) > - first_ec = ec; > device->driver_data = ec; > > ret = !!request_region(ec->data_addr, 1, "EC data"); > @@ -1412,10 +1453,7 @@ static int acpi_ec_add(struct acpi_device *device) > ret = !!request_region(ec->command_addr, 1, "EC cmd"); > WARN(!ret, "Could not request EC cmd io port 0x%lx", ec->command_addr); > > - pr_info("GPE = 0x%lx, I/O: command/status = 0x%lx, data = 0x%lx\n", > - ec->gpe, ec->command_addr, ec->data_addr); > - > - ret = ec_install_handlers(ec); > + ret = acpi_config_boot_ec(ec, false); > > /* Reprobe devices depending on the EC */ > acpi_walk_dep_device_list(ec->handle); > @@ -1442,9 +1480,7 @@ static int acpi_ec_remove(struct acpi_device *device) > release_region(ec->data_addr, 1); > release_region(ec->command_addr, 1); > device->driver_data = NULL; > - if (ec == first_ec) > - first_ec = NULL; > - kfree(ec); > + acpi_ec_free(ec); > return 0; > } > > @@ -1496,13 +1532,10 @@ int __init acpi_ec_dsdt_probe(void) > ret = -ENODEV; > goto error; > } > - ret = ec_install_handlers(ec); > - > + ret = acpi_config_boot_ec(ec, false); > error: > if (ret) > - kfree(ec); > - else > - first_ec = boot_ec = ec; > + acpi_ec_free(ec); > return ret; > } > > @@ -1600,7 +1633,6 @@ int __init acpi_ec_ecdt_probe(void) > goto error; > } > > - pr_info("EC description table is found, configuring boot EC\n"); > if (EC_FLAGS_CORRECT_ECDT) { > ec->command_addr = ecdt_ptr->data.address; > ec->data_addr = ecdt_ptr->control.address; > @@ -1610,12 +1642,10 @@ int __init acpi_ec_ecdt_probe(void) > } > ec->gpe = ecdt_ptr->gpe; > ec->handle = ACPI_ROOT_OBJECT; > - ret = ec_install_handlers(ec); > + ret = acpi_config_boot_ec(ec, true); acpi_ec_ecdt_probe is called very early, so boot_ec, etc. are NULL and it will invoke acpi_ec_setup. This calls acpi_ec_start, but since no GPE handler is yet registered, it will have no effect. Next it will try to register an address space handler, given the root handle. Does this work? There is no \_REG method, so I would have expected "Fail in evaluating the _REG object of EC device. Broken bios is suspected", but this message was not shown (perhaps it returned AE_BAD_PARAMETER or something?). Assuming that the handler registration failed (AE_BAD_PARAMETER), then acpi_config_boot_ec will have no effect. If it actually did register a handler, I would expect messages like "\: Used as boot ECDT to handle transactions" which is a bit strange. Other than that it looks good to me. (Aside, I think there is also an implicit assumption that acpi_ec_submit_query never submits work during enumeration, I suspect a possible use-after-free of ec->work is possible otherwise when acpi_ec_free is called.) Peter > error: > if (ret) > - kfree(ec); > - else > - first_ec = boot_ec = ec; > + acpi_ec_free(ec); > return ret; > } > > -- > 1.7.10 > -- To unsubscribe from this list: send the line "unsubscribe linux-acpi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html