On 11/23/19 12:29 AM, Schmauss, Erik wrote:
Bob and I started debugging this and we found the issue:
Let's say that we have this code:
Name (BUF1, Buffer (0x10) {})
Method (M001)
{
CreateField (BUF1, 1, 72, FLD0)
local0 = FLD0 // BUG: store operator (aka =) converts FLD0 into an integer
return (ObjectType (local0)) // Integer is returned
}
Although FLD0's value is small enough to fit in an integer, the bit length of FLD0 exceeds 64 bits so local0 should actually be a Buffer type.
This is likely an issue in the implicit object conversion rules implemented in the store operator. I'll take a look at this next week or the week after...
This looks like a separate problem to me. On the SB2 there is this piece
of code, simplified:
Name(RQBF, Buffer (0xFF) {})
CreateByteField (RQBF, 0x03, ALEN)
// ...
// GenericSerialBus/AttribRawProcessBytes access to fill RQBF
// ...
If (/* success and everything is valid */)
{
Local3 = (ALEN * 0x08)
CreateField (RQBF, 0x20, Local3, ARB)
Local4 = ARB /* \_SB_._SAN.RQSX.ARB_ */
}
Else
{
Local4 = 0x01 // or some other error code as integer
}
// ...
// some more stuff
// ...
If ((ObjectType (Local4) == One /* Integer */))
{
// notify that an error has occurred
}
Else
{
// success and actually use data from Local4
}
The code in question basically unpacks a payload from some other
management stuff sent over the OperationRegion.
Here, ALEN is the length of a dynamically sized payload in bytes, which
is obtained from the data returned by the OperationRegion access. This
can for example be 4, making the field length 32 bit. So this is not an
issue of the field length being larger than intmax bits, it actually is
sometimes only 32 bits, or 8 bits, depending on the response of the
driver connected to the OperationRegion. Also the DSDT depends on that,
see the example below.
Just to reiterate, the code works fine for payloads with ALEN > 8 (so
more than 8 bytes), but fails for anything less.
Also note that this is not something that can be fixed by just telling
the GenericSerialBus/OperationRegion driver to just return 9 bytes
instead: There are length-checks on Local4 further down the line to
validate it actually contains what was requested.
An example of how this piece of code is actually used, if that helps
(again simplified):
Method (RQST, 1)
{
// pretty much the code above
Return (Local4) // either payload or integer error code
}
Scope (_SB.BAT1)
{
Method (_STA, 0)
{
Local0 = RQST(0x01) // request battery status
If ((ObjectType (Local0) == 0x03)) // is buffer type
{
If ((SizeOf (Local0) == 0x04)) // has length 4
{
CreateDWordField (Local0, 0, BAST)
Return (BAST)
}
}
Return (0x00) // return default value
}
}
Regards,
Maximilian
