Merge in r55173 as per Amine's request. Also apply Cameron's patch that attempts...
authorZiliang Guo <drakekaizer666@gmail.com>
Fri, 3 Feb 2012 03:51:58 +0000 (03:51 +0000)
committerZiliang Guo <drakekaizer666@gmail.com>
Fri, 3 Feb 2012 03:51:58 +0000 (03:51 +0000)
svn path=/branches/ros-branch-0_3_14/; revision=55388

boot/freeldr/freeldr/arch/i386/hardware.c
ntoskrnl/include/internal/i386/ke.h

index 25a77b3..58298cf 100644 (file)
@@ -250,7 +250,8 @@ DetectPnpBios(PCONFIGURATION_COMPONENT_DATA SystemKey, ULONG *BusNumber)
   TRACE("Estimated buffer size %u\n", NodeSize * NodeCount);
 
     /* Set 'Configuration Data' value */
-  Size = sizeof(CM_PARTIAL_RESOURCE_LIST) + (NodeSize * NodeCount);
+  Size = sizeof(CM_PARTIAL_RESOURCE_LIST)
+        + sizeof(CM_PNP_BIOS_INSTALLATION_CHECK) + (NodeSize * NodeCount);
   PartialResourceList = MmHeapAlloc(Size);
   if (PartialResourceList == NULL)
     {
@@ -268,8 +269,8 @@ DetectPnpBios(PCONFIGURATION_COMPONENT_DATA SystemKey, ULONG *BusNumber)
   PartialResourceList->PartialDescriptors[0].ShareDisposition =
     CmResourceShareUndetermined;
 
-  Ptr = (char *)(((ULONG_PTR)&PartialResourceList->PartialDescriptors[0]) +
-                sizeof(CM_PARTIAL_RESOURCE_DESCRIPTOR));
+  /* The buffer starts after PartialResourceList->PartialDescriptors[0] */
+  Ptr = (char *)(PartialResourceList + 1);
 
   /* Set instalation check data */
   memcpy (Ptr, InstData, sizeof(CM_PNP_BIOS_INSTALLATION_CHECK));
@@ -292,6 +293,12 @@ DetectPnpBios(PCONFIGURATION_COMPONENT_DATA SystemKey, ULONG *BusNumber)
                    DeviceNode->Size,
                    DeviceNode->Size);
 
+      if (PnpBufferSize + DeviceNode->Size > Size)
+      {
+          ERR("Buffer too small!\n");
+          break;
+      }
+
          memcpy (Ptr,
                  DeviceNode,
                  DeviceNode->Size);
index bbcab28..107e099 100644 (file)
@@ -243,8 +243,8 @@ FORCEINLINE
 VOID
 KeInvalidateTlbEntry(IN PVOID Address)
 {
-    /* Invalidate the TLB entry for this address */
-    __invlpg(Address);
+    /* HACK: Flush the entire TLB */
+    __writecr3(__readcr3());
 }
 
 FORCEINLINE