Date: Wed, 5 May 2004 18:12:28 -0700 (PDT) From: Brian Eng <brian@midstream.com> To: freebsd-gnats-submit@FreeBSD.org Subject: i386/66306: pnpbios_identify() queries for more devices than the system has Message-ID: <200405060112.i461CSbU042800@www.freebsd.org> Resent-Message-ID: <200405060120.i461KMt7032721@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 66306 >Category: i386 >Synopsis: pnpbios_identify() queries for more devices than the system has >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-i386 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed May 05 18:20:22 PDT 2004 >Closed-Date: >Last-Modified: >Originator: Brian Eng >Release: 5.1-RELEASE >Organization: MidStream Technologies >Environment: >Description: On some CPU cards, the kernel crashes while processing PNP devices during bootup. Booting verbose and stepping through pnpbios_identify() reveals that it continues to iterate after processing the last device, and consequently crashes on the BIOS call. >How-To-Repeat: I've seen it most recently on a Trenton CP16 CPCI CPU card, but there have been other boards in which PNP has given me trouble. >Fix: pnpbios_identify() in sys/i386/i386/bios.c basically asks the BIOS how many PNP devices there are and does a simple 'for' loop to query the BIOS the right number of times. The counter is int left, but searching on 'left' reveals that it is changed inside the loop (!). I don't understand the use inside the code, but it looks to me like the original author (msmith in rev 1.16) reused the variable when he should have created a different one. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405060112.i461CSbU042800>