Distribution: RH+ 2.6.0-test8 Software Environment: 2.6.0-test8 Problem Description: Below case could cause index out of buffer OperationRegion (C048, PCI_Config, 0x91, 0x06) Field (C048, AnyAcc, NoLock, Preserve) { C049, 48 } Alias (C049, \_SB.C049) ... Store (C049, Local7) Store (DerefOf (Index (Local7, 6)), Local1)
Created attachment 1406 [details] a patch for fixing this issue
*** Bug 1524 has been marked as a duplicate of this bug. ***
Created attachment 1410 [details] a patch for fixing this issue 1 fix for error usage of buffer_desc->buffer.length of previous patch.
Trying to rebuild the kernel now, but I'm running into some problems with the Fedora kernel-sources package. Will give you feedback when I've resolved those and tested the patch.
Tested this tonight but I still see these warnings: ACPI: Interpreter enabled ACPI: Using PIC for interrupt routing ACPI-1120: *** Error: Method execution failed [\_SB_.C03E.C04C] (Node 035a26ac), AE_AML_BUFFER_LIMIT ACPI-1120: *** Error: Method execution failed [\_SB_.C03E.C050] (Node 035a2680), AE_AML_BUFFER_LIMIT ACPI-1120: *** Error: Method execution failed [\_SB_.C03E._CRS] (Node 035a2654), AE_AML_BUFFER_LIMIT ACPI-0098: *** Error: Method execution failed [\_SB_.C03E._CRS] (Node 035a2654), AE_AML_BUFFER_LIMIT ACPI: PCI Root Bridge [C03E] (00:00)
Please use latest patch at http://bugzilla.kernel.org/show_bug.cgi?id=1444
For more information, see 16.2.3.4.2.18.2 Index With Buffers Use CreateBitField instead.
1) Index (xxx, 6) references the 6th byte, not the 6th bit. 2) If the table is 32 bits, the buffer has no 6th byte. 3) If the table is 64 bits, the buffer is converted to an integer during the store to local7. It is illegal to take an index on an integer.