i386/66306: pnpbios_identify() queries for more devices than the
system has
Brian Eng
brian at midstream.com
Wed May 5 18:20:23 PDT 2004
>Number: 66306
>Category: i386
>Synopsis: pnpbios_identify() queries for more devices than the system has
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-i386
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed May 05 18:20:22 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator: Brian Eng
>Release: 5.1-RELEASE
>Organization:
MidStream Technologies
>Environment:
>Description:
On some CPU cards, the kernel crashes while processing PNP devices during bootup. Booting verbose and stepping through pnpbios_identify() reveals that it continues to iterate after processing the last device, and consequently crashes on the BIOS call.
>How-To-Repeat:
I've seen it most recently on a Trenton CP16 CPCI CPU card, but there have been other boards in which PNP has given me trouble.
>Fix:
pnpbios_identify() in sys/i386/i386/bios.c basically asks the BIOS how many PNP devices there are and does a simple 'for' loop to query the BIOS the right number of times. The counter is int left, but searching on 'left' reveals that it is changed inside the loop (!). I don't understand the use inside the code, but it looks to me like the original author (msmith in rev 1.16) reused the variable when he should have created a different one.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-i386
mailing list