From owner-acpi-jp@jp.freebsd.org  Wed Mar  7 00:24:37 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id AAA26625;
	Wed, 7 Mar 2001 00:24:37 +0900 (JST)
	(envelope-from owner-acpi-jp@jp.FreeBSD.org)
Received: from tasogare.imasy.or.jp (daemon@tasogare.imasy.or.jp [202.227.24.5])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id AAA26614;
	Wed, 7 Mar 2001 00:24:28 +0900 (JST)
	(envelope-from iwasaki@jp.FreeBSD.org)
Received: from localhost (iwasaki.imasy.or.jp [202.227.24.92])
	by tasogare.imasy.or.jp (8.11.2+3.4W/3.7W-tasogare/smtpfeed 1.10) with ESMTP id f26FONW96516;
	Wed, 7 Mar 2001 00:24:23 +0900 (JST)
	(envelope-from iwasaki@jp.FreeBSD.org)
To: acpi-jp@jp.freebsd.org, andrea@webcom.it
Cc: iwasaki@jp.freebsd.org
In-Reply-To: <20010306141642.C421@webcom.it>
References: <20010305120159.A535@webcom.it>
	<20010306214734D.iwasaki@jp.FreeBSD.org>
	<20010306141642.C421@webcom.it>
X-Mailer: Mew version 1.94.1 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20010307002422X.iwasaki@jp.FreeBSD.org>
Date: Wed, 07 Mar 2001 00:24:22 +0900
From: Mitsuru IWASAKI <iwasaki@jp.freebsd.org>
X-Dispatcher: imput version 20000228(IM140)
Lines: 128
Reply-To: acpi-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: acpi-jp 1085
Subject: [acpi-jp 1085] Re: Bug in battery support in IBM Thinkpad?
Errors-To: owner-acpi-jp@jp.freebsd.org
Sender: owner-acpi-jp@jp.freebsd.org
X-Originator: iwasaki@jp.freebsd.org

Hi,

> I'll gladly do that but I don't expect it to help a lot. By trial and error
> I was able to determine that
> 
> sc->bif_buffer.Pointer->Package
> 
> at this point is completely bogus, in particular when the PKG_GETINT macro
> is called, res->Package.Elements itself is == NULL !!
> 
> The new acpi_cmbat.c I'm currently using has
> 
> -       if ((res->Type != ACPI_TYPE_PACKAGE) && (res->Package.Count < 4))       
> +       if ((res->Type != ACPI_TYPE_PACKAGE) && (res->Package.Count < 4))       
> 
> -       if ((res->Type != ACPI_TYPE_PACKAGE) && (res->Package.Count < 13))      
> +       if ((res->Type != ACPI_TYPE_PACKAGE) && (res->Package.Count != 13))      
> which works even better, as at that point, res->Package.Count is completely
> useless, often > 100000.

Hmmm, I merged your patch and attached them to this mail.  
Please try it again.

> By the way, did you have a look at my ASL file? I'm not an expert but it
> _BIF and _BST entries look suspicious to me...

That is not so strange for me.  I wrote simple asl for the test,
executed it with acpicadb, and got a normal result.

        Name(BSTB, Package(0x4) {
            0x0,
            0xffffffff,
            0xffffffff,
            0xffffffff,
        })
		:
        Method(_BIF) {
		:
            Store("LION", Index(BIFB, 0xb, ))
            Return(BIFB)
        }

And we have a almost same ACPI data with yours, not TP570E but TP570.
http://www.jp.freebsd.org/cgi/cvsweb.cgi/ACPI/data/TP570.asl?cvsroot=freebsd-jp

Thanks

Index: acpi_cmbat.c
===================================================================
RCS file: /home/ncvs/src/sys/dev/acpica/acpi_cmbat.c,v
retrieving revision 1.4
diff -u -r1.4 acpi_cmbat.c
--- acpi_cmbat.c	2001/02/26 20:32:18	1.4
+++ acpi_cmbat.c	2001/03/06 15:09:35
@@ -67,8 +67,13 @@
 
 #define PKG_GETINT(res, tmp, idx, dest, label) do {			\
 	tmp = &res->Package.Elements[idx];				\
+	if (tmp == NULL) {						\
+		device_printf(dev, "%s: PKG_GETINT idx = %d\n.",	\
+		    __FUNCTION__, idx);					\
+		goto label;						\
+	}								\
 	if (tmp->Type != ACPI_TYPE_INTEGER)				\
-		goto label ;						\
+		goto label;						\
 	dest = tmp->Integer.Value;					\
 } while(0)
 
@@ -76,6 +81,11 @@
 	size_t	length;							\
 	length = size;							\
 	tmp = &res->Package.Elements[idx]; 				\
+	if (tmp == NULL) {						\
+		device_printf(dev, "%s: PKG_GETSTR idx = %d\n.",	\
+		    __FUNCTION__, idx);					\
+		goto label;						\
+	}								\
 	bzero(dest, sizeof(dest));					\
 	switch (tmp->Type) {						\
 	case ACPI_TYPE_STRING:						\
@@ -121,6 +131,7 @@
 		}
 	}
 
+	bzero(sc->bst_buffer.Pointer, sc->bst_buffer.Length);
 	as = AcpiEvaluateObject(h, "_BST", NULL, &sc->bst_buffer);
 
 	if (as == AE_BUFFER_OVERFLOW){
@@ -135,10 +146,12 @@
 		return;
 	}
 
-	res = sc->bst_buffer.Pointer;
+	res = (ACPI_OBJECT *)sc->bst_buffer.Pointer;
 
-	if ((res->Type != ACPI_TYPE_PACKAGE) && (res->Package.Count < 4))
-		return ;
+	if ((res->Type != ACPI_TYPE_PACKAGE) && (res->Package.Count != 4)) {
+		device_printf(dev, "Battery status corrupted\n",);
+		return;
+	}
 
 	PKG_GETINT(res, tmp, 0, sc->bst.state, end);
 	PKG_GETINT(res, tmp, 1, sc->bst.rate, end);
@@ -172,6 +185,7 @@
 		}
 	}
 
+	bzero(sc->bif_buffer.Pointer, sc->bif_buffer.Length);
 	as = AcpiEvaluateObject(h, "_BIF", NULL, &sc->bif_buffer);
 
 	if (as == AE_BUFFER_OVERFLOW){
@@ -186,9 +200,11 @@
 		return;
 	}
 
-	res = sc->bif_buffer.Pointer;
-	if ((res->Type != ACPI_TYPE_PACKAGE) && (res->Package.Count < 13))
-		return ;
+	res = (ACPI_OBJECT *)sc->bif_buffer.Pointer;
+	if ((res->Type != ACPI_TYPE_PACKAGE) && (res->Package.Count != 13)) {
+		device_printf(dev, "Battery info corrupted\n",);
+		return;
+	}
 
 	PKG_GETINT(res, tmp,  0, sc->bif.unit, end);
 	PKG_GETINT(res, tmp,  1, sc->bif.dcap, end);
