Off-by-8 error in findPciRange?

Warren Block wblock at wonkity.com
Sun Oct 7 13:58:37 PDT 2007


Hello.  I've been trying to track down the problem with reading the 
video BIOS on a Matrox card on FreeBSD 6.2-STABLE.

handlePciBIOS (hw/xfree86/os-support/bus/Pci.c) wants an empty range 
into which it can map the video BIOS ROM.  It's looking for a maximum 
length of 128K (0x20000).

handlePciBIOS calls getEmptyPciRange (hw/xfree86/common/xf86pciBus.c), 
which in turn calls findPciRange (also in xf86PciBus.c) with a size 
parameter of pvp->size[base_reg].  On my system, that's 25.

findPciRange uses 1<<size for the size it needs:

range = xf86GetBlock(RANGE_TYPE(ResExcMemBlock, xf86GetPciDomain(tag)),
                              PCI_SIZE(ResMem, tag, 1 << size),
                              m->block_begin, m->block_end,
                              PCI_SIZE(ResMem, tag, alignment),
                              avoid);

But 1 << 25 is 32 meg (!), or 8 shifts too many, so it fails to find a 
usable range.

Brazenly subtracting 8 from size makes it work:

range = xf86GetBlock(RANGE_TYPE(ResExcMemBlock, xf86GetPciDomain(tag)),
                              PCI_SIZE(ResMem, tag, 1 << (size-8)),
                              m->block_begin, m->block_end,
                              PCI_SIZE(ResMem, tag, alignment),
                              avoid);

I can't tell whether this is actually a problem with findPciRange, 
getEmptyPciRange, or maybe an i386 architecture thing.  Certainly it's 
been a problem on FreeBSD and Linux, at least with Matrox cards.

Other cards I tried (ATI Radeon 7000, ancient S3) did not cause a call 
to findPciRange.

Pointers to related bug reports:

https://bugs.freedesktop.org/show_bug.cgi?id=6751       (maybe)
https://bugs.freedesktop.org/show_bug.cgi?id=12631
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/116851

-Warren Block * Rapid City, South Dakota USA



More information about the xorg mailing list