we have to protect the temporary buffer allocated by rwfield()
as rwreg() calls amlmapio() which might cause further aml code
execution causing gc() which frees it under us (as it is not
referenced from the interpreter state).
this fixes a panic on boot of a
Lenovo Thinkpad P17 Gen1 Professional Mobile Workstation
IndexField is supposed to increment the index value when an
access is done with a bigger size than the data field.
The index value is always a byte offset.
Now that we always calculate the offset for each field unit
access for IndexField, rename the indexv to bank (the bank
value), as it is only used for that. Also, do not compare
it with nil, as it is a integer constant which can be
encoded as nil to mean zero.
For BankField, the banking field was written using store(),
which does nothing when the destination is a Field*.
Use rwfield() to fix it in the new rwfieldunit().
Resolve all the Name*'s when IndexField, BankField and
Field are created. Now, Field.reg points to eigther
Buffer object, Region or Field (data Field of an IndexField).
PS: initial bug report by Michael Forney follows below:
In /dev/kmesg on my T14, I saw a message
amlmapio: [0xffffff18-0x100000018] overlaps usable memory
amlmapio: mapping \_SB.FRTP failed
Here is the relevant snippet from my DSDT:
Scope (_SB)
{
...
OperationRegion (ECMC, SystemIO, 0x72, 0x02)
Field (ECMC, AnyAcc, NoLock, Preserve)
{
ECMI, 8,
ECMD, 8
}
IndexField (ECMI, ECMD, ByteAcc, NoLock, Preserve)
{
Offset (0x08),
FRTB, 32
}
OperationRegion (FRTP, SystemMemory, FRTB, 0x0100)
Field (FRTP, AnyAcc, NoLock, Preserve)
{
...
}
}
With some debugging output:
amlmapio(\_SB.ECMC): Io 72 - 74
rwreg(\_SB.ECMC): Io [72+0]/1 <- 8
rwreg(\_SB.ECMC): Io [72+1]/1 -> 18
amlmapio(\_SB.FRTP): Mem ffffff18 - 100000018
amlmapio: [0xffffff18-0x100000018) overlaps usable memory
amlmapio: mapping \_SB.FRTP failed
It seems that libaml does not handle IndexField correctly and just did
a single read from ECMD after setting ECMI to 8, causing the FRTP
region to be evaluated as 0xffffff18-0x100000018. Instead, it should
be reading 4 bytes [18 c0 22 cc], evaluating it as
0xcc22c018-0xcc22118:
amlmapio(\_SB.ECMC): Io 72 - 74
rwreg(\_SB.ECMC): Io [72+0]/1 <- 8
rwreg(\_SB.ECMC): Io [72+1]/1 -> 18
rwreg(\_SB.ECMC): Io [72+0]/1 <- 9
rwreg(\_SB.ECMC): Io [72+1]/1 -> c0
rwreg(\_SB.ECMC): Io [72+0]/1 <- a
rwreg(\_SB.ECMC): Io [72+1]/1 -> 22
rwreg(\_SB.ECMC): Io [72+0]/1 <- b
rwreg(\_SB.ECMC): Io [72+1]/1 -> cc
amlmapio(\_SB.FRTP): Mem cc22c018 - cc22c118
I wrote a patch (attached) to fix this, and it seems to work. Though,
it's not clear to me when things should be dereferenced. Previously,
the data field was dereferenced at evalfield, but the region and index
field were not until rwfield. After the patch, the index field is
also dereferenced in evalfield.
For BankField, the index *is* dereferenced in evalfield. I'm pretty
sure that this means that BankField does not work currently, since
store() just returns nil for 'f' objects. The bank selector will
never get set.
Anyway, I don't know if this solves any real problems; it's just
something I noticed and thought I'd try to fix.
- make frame base pointer variable
- in rwreg(), save/restore the interpreter state and allocate a Frame* on the stack
- add overflow checks for frame base pointer to xec() and amleval()
- gc() scans the whole stack from FP to the *real* bottom F0
new io interface was added. user defines amlmapio() and amlunmapio() functions
that will fill out Amlio structure with function pointers to read/write
routines for a particular region.
amlnew() function added allowing the creation of aml objects like buffers
or packages. these can be passed to amleval() with b, p or * format.
amltake()/amldrop() exclude an aml object from garbage collection.
on load, names are not always resolvable until the whole table is loaded.
for this, we create n objects that are just name strings. after load, we
recursively traverse the namespace and resolve them (see fixnames()).
the FindSetLeftBit and FindSetRightBit opcodes got implemened.
if LocalX or ArgX is a package, the store into
a element should *not* type convert. so when taking
the index reference, we have to carry over the type.
- fix bogus execution of Else{} blocks
- always allocate Env in amleval()
- add Sleep() and Stall() instructions
- keep package size for packages with empty body
cinap_lenrek
Sigrid
cinap_lenrek