- 论坛徽章:
- 0
|
|
Bug ID 6335549\r\nSynopsis prtdiag: can\'t get smbios tables on toshiba tecra s1 laptop\r\nState 10-Fix Delivered (Fix available in build)\r\nCategory:Subcategory library:libsmbios\r\nKeywords onnv_triage | opensolaris | oss-request | thumper\r\nSponsor \r\nSubmitter jk\r\nResponsible Engineer Michael Shapiro\r\nReported Against snv_23 , s10u2_02\r\nDuplicate Of \r\nIntroduced In \r\nCommit to Fix snv_32\r\nFixed In snv_32\r\nRelease Fixed solaris_nevada(snv_32) , solaris_10u2(s10u2_07) (Bug ID:2135035)\r\nRelated Bugs 6335547 , 6335559\r\nSubmit Date 11-OCT-2005\r\nLast Update Date 24-APR-2006\r\nDescription \r\n\r\nCategory\r\n kernel\r\nSub-Category\r\n ras\r\nDescription\r\n prtdiag (or smbios) does not work on a Toshiba Tecra S1 laptop.\r\n% prtdiag\r\nprtdiag: failed to open SMBIOS: System does not export an SMBIOS table\r\n/var/adm/messages:\r\nOct 8 15:03:37 max unix: [ID 672469 kern.notice] SMBIOS not loaded (SMBIOS data structure is corrupted)\r\nOpen of /dev/smbios fails with ENXIO, because in the kernel, ksmbios == NULL.\r\nThis happens in post_startup():\r\n ksmbios = smbios_open(NULL, SMB_VERSION, ksmbios_flags, NULL);\r\nRoot cause:\r\nAccording to the length of the smbios data structure, it ends four bytes\r\nafter the final 0x7f (END-OF-TABLE) record.\r\nusr/src/common/smbios/smb_open.c function smbios_bufopen() checks that\r\neach smbios structure contains valid bytes, including two extra\r\nbytes for a (empty) string table:\r\n 167 if ((const uchar_t *)hp + hp->smbh_len > q - 2)\r\n 168 return (smb_open_error(shp, errp, ESMB_CORRUPT));\r\nIt\'s the missing text string table (the two \'\\0\' bytes for an empty string\r\ntable) that is missing with Toshiba\'s SMBIOS for the end-of-table \r\nstructure.\r\nText strings for the end-of-table record are not need my the smbios driver or\r\nthe prtdiag / smbios utility, so the check could be relaxed to allow and\r\nend-of-table record without string table.\r\nFrequency\r\n Always\r\nRegression\r\n Solaris 10\r\nSteps to Reproduce\r\n Try to run prtdiag (or smbios) on a Tecra S1 laptop running snv_23.\r\nExpected Result\r\n prtdiag prints system information (from smbios tables).\r\nActual Result\r\n % prtdiag\r\nprtdiag: failed to open SMBIOS: System does not export an SMBIOS table\r\nError Message(s)\r\n prtdiag: failed to open SMBIOS: System does not export an SMBIOS table\r\nOct 8 15:03:37 max unix: [ID 672469 kern.notice] SMBIOS not loaded (SMBIOS data structure is corrupted)\r\nTest Case\r\nSubmitter wants to work on bug\r\n Yes\r\nAdditional configuration information\r\n Toshiba Tecra S1 laptop\r\nDiskless snv_22 client, bfu\'ed to snv_23\r\n\r\nWork Around \r\n\r\nSuggested fix:\r\n- check the structure\'s length without looking at the string table\r\n before the structure loop is terminated by the end-of-table entry\r\n- for table entrys != end-of-table, make sure that the string table\r\n is present\r\n- while we\'re at it: add a check for minimum structure length (must\r\n be at least 4 bytes), according to SMBIOS specification Appendix 4.\r\n \"Conformance Guidelines\", check 3.3.\r\n--- usr/src/common/smbios/smb_open.c-orig Sa Okt 8 17:01:37 2005\r\n+++ usr/src/common/smbios/smb_open.c Sa Okt 8 17:13:20 2005\r\n@@ -164,12 +164,30 @@\r\n smb_dprintf(shp, \"struct [%u] type %u len %u hdl %u at %p\\n\",\r\n i, hp->smbh_type, hp->smbh_len, hp->smbh_hdl, (void *)hp);\r\n \r\n- if ((const uchar_t *)hp + hp->smbh_len > q - 2)\r\n+ /*\r\n+ * Check the length of the formatted portion of the structure\r\n+ * first.\r\n+ *\r\n+ * A lot of SMBIOSes don\'t include the text string table for\r\n+ * the end-of-table entry in the smbios table length field\r\n+ * smbe_stlen; we allow an end-of-table entry without string\r\n+ * table, before we check for the presence of a text string\r\n+ * table.\r\n+ *\r\n+ * For all other entries, the formatted portion of the entry\r\n+ * must be followed by at least the two terminating null\r\n+ * bytes for the text string table.\r\n+ */\r\n+ if (hp->smbh_len < sizeof (smb_header_t)\r\n+ || (const uchar_t *)hp + hp->smbh_len > q)\r\n return (smb_open_error(shp, errp, ESMB_CORRUPT));\r\n \r\n if (hp->smbh_type == SMB_TYPE_EOT)\r\n break; /* ignore any entries beyond end-of-table */\r\n \r\n+ if ((const uchar_t *)hp + hp->smbh_len > q - 2)\r\n+ return (smb_open_error(shp, errp, ESMB_CORRUPT));\r\n+\r\n h = hp->smbh_hdl & (shp->sh_hashlen - 1);\r\n p = s = (const uchar_t *)hp + hp->smbh_len; |
|
免费注册
发表于 2008-03-31 16:48
uplicate (Closed)\r\nCategory:Subcategory library:libsmbios\r\nKeywords onnv_triage | opensolaris | oss-request\r\nSponsor \r\nSubmitter jk\r\nResponsible Engineer Michael Shapiro\r\nReported Against snv_23\r\nDuplicate Of 6335522\r\nIntroduced In \r\nCommit to Fix \r\nFixed In \r\nRelease Fixed \r\nRelated Bugs 6335522 , 6335549 , 6335559\r\nSubmit Date 11-OCT-2005\r\nLast Update Date 16-OCT-2005\r\nDescription \r\n\r\nCategory\r\n kernel\r\nSub-Category\r\n ras\r\nDescription\r\n Due to a bug in smbios_bufopen(), the kernel refuses to use valid smbios tables.\r\nprtdiag fails:\r\n% prtdiag\r\nprtdiag: failed to open SMBIOS: System does not export an SMBIOS table\r\n/var/adm/messages:\r\nOct 8 20:05:17 moritz unix: [ID 672469 kern.info] SMBIOS not loaded (SMBIOS header checksum mismatch)\r\n------------------------------------------------------------------------\r\nopen /dev/smbios fails with ENXIO, because in the kernel, ksmbios == NULL.\r\nThis happens in post_startup():\r\n ksmbios = smbios_open(NULL, SMB_VERSION, ksmbios_flags, NULL);\r\nRoot cause:\r\nusr/src/common/smbios/smb_open.c function smbios_bufopen() computes an \r\n\'isum\' checksum like this:\r\n 76 smbios_hdl_t *\r\n 77 smbios_bufopen(const smbios_entry_t *ep, const void *buf, size_t len,\r\n 78 int version, int flags, int *errp)\r\n 79 {\r\n ...\r\n 132 for (p = (uchar_t *)ep->smbe_ianchor; p < q + sizeof (*ep); p++)\r\n 133 isum += *p;\r\nThe computed \'isum\' checksum has a value != 0.\r\nProblem is that the smbios entry structure has an odd length of 31 bytes, \r\nbut the smbios_entry_t type definition is not \'packed\' so that the compiler\r\nworks with an extra filler byte at the end and a sizeof(*ep) of 32 bytes.\r\nOne extra byte is included in the comupted checksum, the computed checksum\r\nis bogus.\r\nThe smbios bios reference specification defines the intermediate checksum\r\nas the sum of the values starting at offset 10h for 0Fh bytes (Solaris\r\nsums 10h bytes).\r\nFrequency\r\n Always\r\nRegression\r\n Solaris 10\r\nSteps to Reproduce\r\n Try to run prtdiag on a system running snv_23 on an ASUS A7V mainboard.\r\nExpected Result\r\n prtdiag displays system information from smbios table data.\r\nActual Result\r\n % prtdiag\r\nprtdiag: failed to open SMBIOS: System does not export an SMBIOS table\r\nError Message(s)\r\n % prtdiag\r\nprtdiag: failed to open SMBIOS: System does not export an SMBIOS table\r\n/var/adm/messages:\r\nOct 8 20:05:17 moritz unix: [ID 672469 kern.info] SMBIOS not loaded (SMBIOS header checksum mismatch)\r\nTest Case\r\n Submitter wants to work on bug\r\n Yes\r\nAdditional configuration information\r\n Asus A7V mainboard.\r\nDiskless snv_22 client, bfu\'ed to snv_23\r\n\r\nWork Around \r\n\r\nSuggested fix:\r\nUse #pragma pack(1), so that sizeof(struct smbios_entry) == 31\r\n--- usr/src/uts/common/sys/smbios.h-orig Fr Sep 30 04:15:32 2005\r\n+++ usr/src/uts/common/sys/smbios.h So Okt 9 00:37:17 2005\r\n@@ -53,6 +53,7 @@\r\n * SMBIOS Structure Table Entry Point. See DSP0134 2.1.1 for more information.\r\n * The structure table entry point is located by searching for the anchor.\r\n */\r\n+#pragma pack(1)\r\n typedef struct smbios_entry {\r\n char smbe_eanchor[4]; /* anchor tag (SMB_ENTRY_EANCHOR) */\r\n uint8_t smbe_ecksum; /* checksum of entry point structure */\r\n@@ -69,6 +70,7 @@\r\n uint16_t smbe_stnum; /* number of structure table entries */\r\n uint8_t smbe_bcdrev; /* BCD value representing DMI version */\r\n } smbios_entry_t;\r\n+#pragma pack()\r\n \r\n #define SMB_ENTRY_EANCHOR \"_SM_\" /* structure table entry point anchor */\r\n #define SMB_ENTRY_EANCHORLEN 4 /* length of entry point anchor */