- The width parameter in AcpiOsReadPciConfiguration and AcpiOsWritePciConfiguration was in bits but we were treating it as a width in bytes
- This caused overreads, memory corruption, and crashes when these functions were called (VMWare was particularly picky about bad accesses to the PCI configuration space)
- A hack was (unknowingly) added which prevented some crashes but had a side-effect of causing the partial disruption of ACPI's PCI configuration space accesses while the others that went through wrote bad data to the PCI config space or corrupted kernel memory

svn path=/trunk/; revision=53880
This commit is contained in:
Cameron Gutman 2011-09-28 04:05:34 +00:00
parent b60019815f
commit 885910a88e

View file

@ -456,26 +456,28 @@ AcpiOsReadPciConfiguration (
NTSTATUS Status; NTSTATUS Status;
PCI_SLOT_NUMBER slot; PCI_SLOT_NUMBER slot;
if (Register == 0 || PciId->Device == 0 ||
Register + Width > PCI_COMMON_HDR_LENGTH)
return AE_ERROR;
slot.u.AsULONG = 0; slot.u.AsULONG = 0;
slot.u.bits.DeviceNumber = PciId->Device; slot.u.bits.DeviceNumber = PciId->Device;
slot.u.bits.FunctionNumber = PciId->Function; slot.u.bits.FunctionNumber = PciId->Function;
DPRINT("AcpiOsReadPciConfiguration, slot=0x%X, func=0x%X\n", slot.u.AsULONG, Register); DPRINT("AcpiOsReadPciConfiguration, slot=0x%X, func=0x%X\n", slot.u.AsULONG, Register);
Status = HalGetBusDataByOffset(PCIConfiguration, Status = HalGetBusDataByOffset(PCIConfiguration,
PciId->Bus, PciId->Bus,
slot.u.AsULONG, slot.u.AsULONG,
Value, Value,
Register, Register,
Width); (Width / 8));
if (NT_SUCCESS(Status)) if (Status == 0 || Status == 2)
return AE_OK; {
DPRINT1("HalGetBusDataByOffset failed (Status = %d)\n", Status);
return AE_NOT_FOUND;
}
else else
return AE_ERROR; {
return AE_OK;
}
} }
ACPI_STATUS ACPI_STATUS
@ -489,26 +491,26 @@ AcpiOsWritePciConfiguration (
ULONG buf = Value; ULONG buf = Value;
PCI_SLOT_NUMBER slot; PCI_SLOT_NUMBER slot;
if (Register == 0 || PciId->Device == 0 ||
Register + Width > PCI_COMMON_HDR_LENGTH)
return AE_ERROR;
slot.u.AsULONG = 0; slot.u.AsULONG = 0;
slot.u.bits.DeviceNumber = PciId->Device; slot.u.bits.DeviceNumber = PciId->Device;
slot.u.bits.FunctionNumber = PciId->Function; slot.u.bits.FunctionNumber = PciId->Function;
DPRINT("AcpiOsWritePciConfiguration, slot=0x%x\n", slot.u.AsULONG); DPRINT("AcpiOsWritePciConfiguration, slot=0x%x\n", slot.u.AsULONG);
Status = HalSetBusDataByOffset(PCIConfiguration, Status = HalSetBusDataByOffset(PCIConfiguration,
PciId->Bus, PciId->Bus,
slot.u.AsULONG, slot.u.AsULONG,
&buf, &buf,
Register, Register,
Width); (Width / 8));
if (NT_SUCCESS(Status)) if (Status == 0 || Status == 2)
return AE_OK; {
DPRINT1("HalSetBusDataByOffset failed (Status = %d)\n", Status);
return AE_NOT_FOUND;
}
else else
return AE_ERROR; return AE_OK;
} }
ACPI_STATUS ACPI_STATUS