From owner-freebsd-current@FreeBSD.ORG  Mon Feb 14 18:30:32 2011
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@FreeBSD.org
Received: from [127.0.0.1] (freefall.freebsd.org [IPv6:2001:4f8:fff6::28])
	by hub.freebsd.org (Postfix) with ESMTP id 905461065714;
	Mon, 14 Feb 2011 18:30:32 +0000 (UTC)
	(envelope-from jkim@FreeBSD.org)
From: Jung-uk Kim <jkim@FreeBSD.org>
To: freebsd-current@FreeBSD.org
Date: Mon, 14 Feb 2011 13:30:18 -0500
User-Agent: KMail/1.6.2
References: <AANLkTi=C31iGJMonj7E3DGLWhx0cSKQR=b7ZHTv9CdmA@mail.gmail.com>
	<201102140924.36531.jhb@freebsd.org>
	<AANLkTimKJnyFQgTgtLTOFvmcY4fbK5gdT6mwt9zB=+RY@mail.gmail.com>
In-Reply-To: <AANLkTimKJnyFQgTgtLTOFvmcY4fbK5gdT6mwt9zB=+RY@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: Multipart/Mixed;
  boundary="Boundary-00=_8SXWNp38FJupdFL"
Message-Id: <201102141330.20330.jkim@FreeBSD.org>
Cc: Matthew Fleming <mdf356@gmail.com>
Subject: Re: acpi_resource bug?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Feb 2011 18:30:32 -0000


--Boundary-00=_8SXWNp38FJupdFL
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Monday 14 February 2011 10:29 am, Matthew Fleming wrote:
> On Mon, Feb 14, 2011 at 6:24 AM, John Baldwin <jhb@freebsd.org> 
wrote:
> > On Sunday, February 13, 2011 2:46:07 pm Matthew Fleming wrote:
> >> I'm not very familiar with the acpi code, but we have seen an
> >> intermittent issue on boot:
> >>
> >> 1) should the length of the bcopy() be changed to either respect
> >> res->Length or the actual length of the ACPI_RESOURCE_DATA for
> >> the type?
> >
> > It should just use res->Length:
>
> Is there a guarantee that res->Length is <= sizeof(ACPI_RESOURCE) ?

No.  Please try the attached patch (after your r218685).

Jung-uk Kim

--Boundary-00=_8SXWNp38FJupdFL
Content-Type: text/plain;
  charset="utf-8";
  name="acpi_resource.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="acpi_resource.diff"

Index: sys/dev/acpica/acpi_resource.c
===================================================================
--- sys/dev/acpica/acpi_resource.c	(revision 218686)
+++ sys/dev/acpica/acpi_resource.c	(working copy)
@@ -65,31 +65,30 @@ acpi_lookup_irq_handler(ACPI_RESOURCE *res, void *
 
     switch (res->Type) {
     case ACPI_RESOURCE_TYPE_IRQ:
+	irqnum = res->Data.Irq.InterruptCount;
+	irq = res->Data.Irq.Interrupts[0];
+	len = ACPI_RS_SIZE(ACPI_RESOURCE_IRQ);
+	break;
     case ACPI_RESOURCE_TYPE_EXTENDED_IRQ:
-	if (res->Type == ACPI_RESOURCE_TYPE_IRQ) {
-	    irqnum = res->Data.Irq.InterruptCount;
-	    irq = res->Data.Irq.Interrupts[0];
-	} else {
-	    irqnum = res->Data.ExtendedIrq.InterruptCount;
-	    irq = res->Data.ExtendedIrq.Interrupts[0];
-	}
-	if (irqnum != 1)
-	    break;
-	req = (struct lookup_irq_request *)context;
-	if (req->counter != req->rid) {
-	    req->counter++;
-	    break;
-	}
-	req->found = 1;
-	KASSERT(irq == rman_get_start(req->res),
-	    ("IRQ resources do not match"));
-	len = res->Length;
-	if (len > sizeof(ACPI_RESOURCE))
-		len = sizeof(ACPI_RESOURCE);
-	bcopy(res, req->acpi_res, len);
-	return (AE_CTRL_TERMINATE);
+	irqnum = res->Data.ExtendedIrq.InterruptCount;
+	irq = res->Data.ExtendedIrq.Interrupts[0];
+	len = ACPI_RS_SIZE(ACPI_RESOURCE_EXTENDED_IRQ);
+	break;
+    default:
+	return (AE_OK);
     }
-    return (AE_OK);
+    if (irqnum != 1)
+	return (AE_OK);
+    req = (struct lookup_irq_request *)context;
+    if (req->counter != req->rid) {
+	req->counter++;
+	return (AE_OK);
+    }
+    req->found = 1;
+    KASSERT(irq == rman_get_start(req->res),
+	("IRQ resources do not match"));
+    bcopy(res, req->acpi_res, len);
+    return (AE_CTRL_TERMINATE);
 }
 
 ACPI_STATUS

--Boundary-00=_8SXWNp38FJupdFL--