[cgutman] 53880: [ACPI] - The width parameter in AcpiOsReadPciConfiguration and AcpiOsWritePciConfiguration was in bits but we were treating it as a width in bytes - This caused overreads, memory c... - Ros-diffs

28 Sep 2011

Author: cgutman
Date: Wed Sep 28 04:05:34 2011
New Revision: 53880

URL: http://svn.reactos.org/svn/reactos?rev=53880&view=rev
Log:
[ACPI]
- The width parameter in AcpiOsReadPciConfiguration and AcpiOsWritePciConfiguration was in
bits but we were treating it as a width in bytes
- This caused overreads, memory corruption, and crashes when these functions were called
(VMWare was particularly picky about bad accesses to the PCI configuration space)
- A hack was (unknowingly) added which prevented some crashes but had a side-effect of
causing the partial disruption of ACPI's PCI configuration space accesses while the
others that went through wrote bad data to the PCI config space or corrupted kernel
memory

Modified:
    trunk/reactos/drivers/bus/acpi/osl.c

Modified: trunk/reactos/drivers/bus/acpi/osl.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/bus/acpi/osl.c?rev…
==============================================================================

--- trunk/reactos/drivers/bus/acpi/osl.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/bus/acpi/osl.c [iso-8859-1] Wed Sep 28 04:05:34 2011
@@ -456,26 +456,28 @@
     NTSTATUS Status;
     PCI_SLOT_NUMBER slot;
 
-    if (Register == 0 || PciId->Device == 0 ||
-        Register + Width > PCI_COMMON_HDR_LENGTH)
-        return AE_ERROR;
-
     slot.u.AsULONG = 0;
     slot.u.bits.DeviceNumber = PciId->Device;
     slot.u.bits.FunctionNumber = PciId->Function;
 
     DPRINT("AcpiOsReadPciConfiguration, slot=0x%X, func=0x%X\n",
slot.u.AsULONG, Register);
+
     Status = HalGetBusDataByOffset(PCIConfiguration,
         PciId->Bus,
         slot.u.AsULONG,
         Value,
         Register,
-        Width);
-
-    if (NT_SUCCESS(Status))
+        (Width / 8));
+
+    if (Status == 0 || Status == 2)
+    {
+        DPRINT1("HalGetBusDataByOffset failed (Status = %d)\n", Status);
+        return AE_NOT_FOUND;
+    }
+    else
+    {
         return AE_OK;
-    else
-        return AE_ERROR;
+    }
 }
 
 ACPI_STATUS
@@ -489,26 +491,26 @@
     ULONG buf = Value;
     PCI_SLOT_NUMBER slot;
 
-    if (Register == 0 || PciId->Device == 0 ||
-        Register + Width > PCI_COMMON_HDR_LENGTH)
-        return AE_ERROR;
-
     slot.u.AsULONG = 0;
     slot.u.bits.DeviceNumber = PciId->Device;
     slot.u.bits.FunctionNumber = PciId->Function;
 
     DPRINT("AcpiOsWritePciConfiguration, slot=0x%x\n", slot.u.AsULONG);
+
     Status = HalSetBusDataByOffset(PCIConfiguration,
         PciId->Bus,
         slot.u.AsULONG,
         &buf,
         Register,
-        Width);
-
-    if (NT_SUCCESS(Status))
+        (Width / 8));
+
+    if (Status == 0 || Status == 2)
+    {
+        DPRINT1("HalSetBusDataByOffset failed (Status = %d)\n", Status);
+        return AE_NOT_FOUND;
+    }
+    else
         return AE_OK;
-    else
-        return AE_ERROR;
 }
 
 ACPI_STATUS



    