ACPI!GetPciAddressWorker函数对_BBN的处理又异步调用ACPI!ACPIGet产生了_CTXT0x89903000到hal!HalSetBusDataByOffset

ACPI!GetPciAddressWorker函数对_BBN的处理又异步调用ACPI!ACPIGet产生了_CTXT0x89903000到hal!HalSetBusDataByOffset

第一部分：

if (!(state->Flags & PCISUPP_GOT_SLOT_INFO)) {

        //
        // Build a PCI_SLOT_NUMBER out of the integer returned
        // from the interpretter.
        //
        state->Slot->u.bits.FunctionNumber = (state->Address) & 0x7;
        state->Slot->u.bits.DeviceNumber = ( (state->Address) >> 16) & 0x1f;
        state->Flags |= PCISUPP_GOT_SLOT_INFO;

    }

#define PCISUPP_GOT_SLOT_INFO             0x100
ACPI!GetPciAddressWorker函数对_BBN的处理到hal!HalSetBusDataByOffset

1: kd> dt GET_ADDRESS_CONTEXT 0x899bf408
ACPI!GET_ADDRESS_CONTEXT
   +0x000 PciObject        : 0x899affac _NSObj
   +0x004 Bus              : 0x899873b0  ""
   +0x008 Slot             : 0x899873ac _PCI_SLOT_NUMBER
   +0x00c ParentBus        : 0 ''
   +0x010 ParentSlot       : _PCI_SLOT_NUMBER
   +0x014 Flags            : 0x108                8–>108
   +0x018 Address          : 0
   +0x01c BaseBusNumber    : 0
   +0x020 RunCompletion    : 0n1            0–>1
   +0x024 CompletionRoutine : 0xf740d62c     void  ACPI!PciConfigSpaceHandlerWorker+0
   +0x028 CompletionContext : 0x89987378 Void

    //
    // Next, get the bus number, if possible.
    //
    *state->Bus = 0;   // default value, in case we have to guess

    //
    // Check first to see if this bus has a _HID.
    //  (It might be a root PCI bridge.)
    //
    bus = state->PciObject;
    tempObj = ACPIAmliGetNamedChild(bus, PACKED_HID);
    if (!tempObj) {

        //
        // This device had no _HID.  So look up
        // to the parent and see if it is a
        // root PCI bridge.
        //
        bus = state->PciObject->pnsParent;
        tempObj = ACPIAmliGetNamedChild(bus, PACKED_HID);

    }
1: kd> p
eax=899b0024 ebx=899affac ecx=4449485f edx=00000000 esi=899bf408 edi=00000103
eip=f740cfb3 esp=f791ac60 ebp=f791acb0 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
ACPI!GetPciAddressWorker+0xc9:
f740cfb3 85c0            test    eax,eax
1: kd> dt nsobj 899b0024
ACPI!NSOBJ
   +0x000 list             : _List
   +0x008 pnsParent        : 0x899affac _NSObj
   +0x00c pnsFirstChild    : (null)
   +0x010 dwNameSeg        : 0x4449485f
   +0x014 hOwner           : 0x899af330 Void
   +0x018 pnsOwnedNext     : 0x899affac _NSObj
   +0x01c ObjData          : _ObjData
   +0x030 Context          : (null)
   +0x034 dwRefCount       : 0
1: kd> db 899b0024
899b0024  64 a0 91 89 68 00 9b 89-ac ff 9a 89 00 00 00 00  d…h………..
899b0034  5f 48 49 44 30 f3 9a 89-ac ff 9a 89 00 00 01 00  _HID0………..
899b0044  00 00 00 00 41 d0 0a 03-00 00 00 00 00 00 00 00  ….A………..
899b0054  00 00 00 00 00 00 00 00-48 4e 53 4f 44 00 00 00  ……..HNSOD…
899b0064  00 f0 9a 89 24 00 9b 89-ac 00 9b 89 ac ff 9a 89  ….$………..
899b0074  00 00 00 00 5f 43 49 44-30 f3 9a 89 24 00 9b 89  …._CID0…$…
899b0084  00 00 01 00 00 00 00 00-41 d0 0a 08 00 00 00 00  ……..A…….
899b0094  00 00 00 00 00 00 00 00-00 00 00 00 48 4e 53 4f  …………HNSO
1: kd> dx -id 0,0,899a2278 -r1 (*((ACPI!_ObjData *)0x899b0040))
(*((ACPI!_ObjData *)0x899b0040))                 [Type: _ObjData]
    [+0x000] dwfData          : 0x0 [Type: unsigned short]
    [+0x002] dwDataType       : 0x1 [Type: unsigned short]
    [+0x004] dwRefCount       : 0x0 [Type: unsigned long]
    [+0x004] pdataBase        : 0x0 [Type: _ObjData *]
    [+0x008] dwDataValue      : 0x30ad041 [Type: unsigned long]
    [+0x008] uipDataValue     : 0x30ad041 [Type: unsigned long]
    [+0x008] pnsAlias         : 0x30ad041 [Type: _NSObj *]
    [+0x008] pdataAlias       : 0x30ad041 [Type: _ObjData *]
    [+0x008] powner           : 0x30ad041 [Type: void *]
    [+0x00c] dwDataLen        : 0x0 [Type: unsigned long]
    [+0x010] pbDataBuff       : 0x0 [Type: unsigned char *]

        Mutex (OEML, 0x0F)
        Device (PCI0)
        {
            Name (_HID, EisaId ("PNP0A03"))  // _HID: Hardware ID
            Name (_CID, EisaId ("PNP0A08"))  // _CID: Compatible ID
            Name (_BBN, 0x00)  // _BBN: BIOS Bus Number
            Name (_ADR, 0x00)  // _ADR: Address

    if (!tempObj) {                不符合条件

        //
        // This PCI device is on a PCI bus that
        // is created by a PCI-PCI bridge.
        //
        if (!(state->Flags & PCISUPP_CHECKED_PARENT)) {

    //
    // Is there a _BBN to run?
    //
    tempObj = ACPIAmliGetNamedChild(bus, PACKED_BBN);
1: kd> p
eax=899b00ac ebx=899affac ecx=4e42425f edx=00000000 esi=899bf408 edi=00000103
eip=f740d041 esp=f791ac60 ebp=f791acb0 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
ACPI!GetPciAddressWorker+0x157:
f740d041 85c0            test    eax,eax
1: kd> db 899b00ac
899b00ac  68 00 9b 89 f0 00 9b 89-ac ff 9a 89 00 00 00 00  h……………
899b00bc  5f 42 42 4e 30 f3 9a 89-68 00 9b 89 00 00 01 00  _BBN0…h…….

    if (tempObj) {

        //
        // This device must be the child of a root PCI bus.
        //
        if (!(state->Flags & PCISUPP_CHECKED_BBN)) {

            state->Flags |= PCISUPP_CHECKED_BBN;
            status = ACPIGetNSIntegerAsync(
                        bus,
                        PACKED_BBN,
                        GetPciAddressWorker,
                        (PVOID)state,
                        &(state->BaseBusNumber),    0x899bf408+0x01c=0x899bf424
                        NULL
                        );

又是一个异步

#define PCISUPP_CHECKED_BBN               0x2000
1: kd> dt GET_ADDRESS_CONTEXT 0x899bf408
ACPI!GET_ADDRESS_CONTEXT
   +0x000 PciObject        : 0x899affac _NSObj
   +0x004 Bus              : 0x899873b0  ""
   +0x008 Slot             : 0x899873ac _PCI_SLOT_NUMBER
   +0x00c ParentBus        : 0 ''
   +0x010 ParentSlot       : _PCI_SLOT_NUMBER
   +0x014 Flags            : 0x2108        108–>2108
   +0x018 Address          : 0
   +0x01c BaseBusNumber    : 0
   +0x020 RunCompletion    : 0n1
   +0x024 CompletionRoutine : 0xf740d62c     void  ACPI!PciConfigSpaceHandlerWorker+0
   +0x028 CompletionContext : 0x89987378 Void

又会产生一个_CTXT
CTXT8997c000阻塞了需要先运行CTXT0x89901000
CTXT0x8997c000    CTXT0x89901000
0x899bf408+0x01c=0x899bf424

第二部分：

1: kd> kc
 #
00 ACPI!ACPIGet
01 ACPI!GetPciAddressWorker
02 ACPI!ACPIGetWorkerForInteger
03 ACPI!AsyncCallBack
04 ACPI!RunContext
05 ACPI!DispatchCtxtQueue
06 ACPI!StartTimeSlicePassive
07 ACPI!ACPIWorker
08 nt!PspSystemThreadStartup
09 nt!KiThreadStartup
1: kd> dv
            Target = 0x899affac
          ObjectID = 0x4e42425f
             Flags = 0x48040002
    SimpleArgument = 0x00000000
SimpleArgumentSize = 0
   CallBackRoutine = 0xf740ceea
   CallBackContext = 0x899bf408
            Buffer = 0x899bf424
        BufferSize = 0x00000000

    #define GET_REQUEST_INTEGER             0x00040000

    //
    // We need to allocate the request to hold the context information
    // We have no choice but to allocate this from NonPagedPool — the
    // interpreter will be calling us at DPC level
    //
    request = ExAllocatePoolWithTag(
        NonPagedPool,
        sizeof(ACPI_GET_REQUEST),
        ACPI_MISC_POOLTAG
        );
1: kd> p
eax=89985138 ebx=00000000 ecx=00000006 edx=00000009 esi=89985138 edi=00000000
eip=f7407833 esp=f791abf8 ebp=f791ac34 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
ACPI!ACPIGet+0x17b:
f7407833 3bf7            cmp     esi,edi

1: kd> dt ACPI_GET_REQUEST 89985138
   +0x000 Flags            : 0x48040002
   +0x000 UFlags           : __unnamed
   +0x004 ObjectID         : 0x4e42425f
   +0x008 ListEntry        : _LIST_ENTRY [ 0xf743b940 – 0x899050a8 ]
   +0x010 DeviceExtension  : (null)
   +0x014 AcpiObject       : 0x899affac _NSObj
   +0x018 CallBackRoutine  : 0xf740ceea     void  ACPI!GetPciAddressWorker+0
   +0x01c CallBackContext  : 0x899bf408 Void
   +0x020 Buffer           : 0x899bf424  -> (null)
   +0x024 BufferSize       : (null)
   +0x028 Status           : 0n0
   +0x02c ResultData       : _ObjData

    //
    // Make sure that we queue the request onto the list that we use to
    // keep track of the requests
    //
    KeAcquireSpinLock( &AcpiGetLock, &oldIrql );
    InsertTailList(
        &(AcpiGetListEntry),
        &(request->ListEntry)
        );
    KeReleaseSpinLock( &AcpiGetLock, oldIrql );

1: kd> x acpi!AcpiGetListEntry
f743b940          ACPI!AcpiGetListEntry = struct _LIST_ENTRY [ 0x899c6328 – 0x89985140 ]
1: kd> dx -r1 (*((ACPI!_LIST_ENTRY *)0xf743b940))
(*((ACPI!_LIST_ENTRY *)0xf743b940))                 [Type: _LIST_ENTRY]
    [+0x000] Flink            : 0x899c6328 [Type: _LIST_ENTRY *]
    [+0x004] Blink            : 0x89985140 [Type: _LIST_ENTRY *]
1: kd> dx -r1 ((ACPI!_LIST_ENTRY *)0x899c6328)
((ACPI!_LIST_ENTRY *)0x899c6328)                 : 0x899c6328 [Type: _LIST_ENTRY *]
    [+0x000] Flink            : 0x899050a8 [Type: _LIST_ENTRY *]
    [+0x004] Blink            : 0xf743b940 [Type: _LIST_ENTRY *]
1: kd> dx -r1 ((ACPI!_LIST_ENTRY *)0x899050a8)
((ACPI!_LIST_ENTRY *)0x899050a8)                 : 0x899050a8 [Type: _LIST_ENTRY *]
    [+0x000] Flink            : 0x89985140 [Type: _LIST_ENTRY *]
    [+0x004] Blink            : 0x899c6328 [Type: _LIST_ENTRY *]
1: kd> dx -r1 ((ACPI!_LIST_ENTRY *)0x89985140)
((ACPI!_LIST_ENTRY *)0x89985140)                 : 0x89985140 [Type: _LIST_ENTRY *]
    [+0x000] Flink            : 0xf743b940 [Type: _LIST_ENTRY *]
    [+0x004] Blink            : 0x899050a8 [Type: _LIST_ENTRY *]

3个ACPI_GET_REQUEST了。

第一个ACPI_GET_REQUEST–>CTXT0x8997c000    
第2个ACPI_GET_REQUEST–>CTXT0x89901000
第3个ACPI_GET_REQUEST–>CTXT0x

    //
    // Go out and see if the requested object is present
    //
    acpiObject = ACPIAmliGetNamedChild(
        acpiObject,
        ObjectID
        );
    if (!acpiObject) {

        status = STATUS_OBJECT_NAME_NOT_FOUND;
        goto ACPIGetExit;

    }

1: kd> gu
Breakpoint 33 hit
eax=899b00ac ebx=f743b938 ecx=89985164 edx=00000000 esi=89985138 edi=89985140
eip=f7415242 esp=f791abdc ebp=f791ac34 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000202
ACPI!AMLIAsyncEvalObject:
f7415242 55              push    ebp

1: kd> dt nsobj 899b00ac
ACPI!NSOBJ
   +0x000 list             : _List
   +0x008 pnsParent        : 0x899affac _NSObj
   +0x00c pnsFirstChild    : (null)
   +0x010 dwNameSeg        : 0x4e42425f
   +0x014 hOwner           : 0x899af330 Void
   +0x018 pnsOwnedNext     : 0x899b0068 _NSObj
   +0x01c ObjData          : _ObjData
   +0x030 Context          : (null)
   +0x034 dwRefCount       : 0
1: kd> db 899b00ac
899b00ac  68 00 9b 89 f0 00 9b 89-ac ff 9a 89 00 00 00 00  h……………
899b00bc  5f 42 42 4e 30 f3 9a 89-68 00 9b 89 00 00 01 00  _BBN0…h…….

1: kd> db 0x899affac
899affac  4c ff 9a 89 ac 40 9b 89-f0 f0 9a 89 24 00 9b 89  L….@……$…
899affbc  50 43 49 30 30 f3 9a 89-4c ff 9a 89 00 00 06 00  PCI00…L…….

第三部分：

1: kd> kc
 #
00 ACPI!AMLIAsyncEvalObject
01 ACPI!ACPIGet
02 ACPI!GetPciAddressWorker
03 ACPI!ACPIGetWorkerForInteger
04 ACPI!AsyncCallBack
05 ACPI!RunContext
06 ACPI!DispatchCtxtQueue
07 ACPI!StartTimeSlicePassive
08 ACPI!ACPIWorker
09 nt!PspSystemThreadStartup
0a nt!KiThreadStartup
1: kd> dv
             pns = 0x899b00ac
     pdataResult = 0x89985164
          icArgs = 0n0
       pdataArgs = 0x00000000
pfnAsyncCallBack = 0xf7407364
       pvContext = 0x89985138
          pHData = 0x89985164

1: kd> kc
 #
00 ACPI!AsyncEvalObject
01 ACPI!AMLIAsyncEvalObject
02 ACPI!ACPIGet
03 ACPI!GetPciAddressWorker
04 ACPI!ACPIGetWorkerForInteger
05 ACPI!AsyncCallBack
06 ACPI!RunContext
07 ACPI!DispatchCtxtQueue
08 ACPI!StartTimeSlicePassive
09 ACPI!ACPIWorker
0a nt!PspSystemThreadStartup
0b nt!KiThreadStartup
1: kd> dv
             pns = 0x899b00ac
     pdataResult = 0x89985164
          icArgs = 0n0
       pdataArgs = 0x00000000
pfnAsyncCallBack = 0xf7407364
       pvContext = 0x89985138
          fAsync = 0x01 ''

1: kd> kc
 #
00 ACPI!RestartContext
01 ACPI!AsyncEvalObject
02 ACPI!AMLIAsyncEvalObject
03 ACPI!ACPIGet
04 ACPI!GetPciAddressWorker
05 ACPI!ACPIGetWorkerForInteger
06 ACPI!AsyncCallBack
07 ACPI!RunContext
08 ACPI!DispatchCtxtQueue
09 ACPI!StartTimeSlicePassive
0a ACPI!ACPIWorker
0b nt!PspSystemThreadStartup
0c nt!KiThreadStartup
1: kd> dv
          pctxt = 0x89903000
  fDelayExecute = 0x00 ''

第一个ACPI_GET_REQUEST–>CTXT0x8997c000    
第2个ACPI_GET_REQUEST–>CTXT0x89901000
第3个ACPI_GET_REQUEST–>CTXT0x89903000

1: kd> g
Breakpoint 36 hit
eax=00008004 ebx=899b00c8 ecx=00000000 edx=00002700 esi=f7438ca8 edi=00000000
eip=f741fb55 esp=f791ab88 ebp=f791aba4 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
ACPI!AsyncEvalObject+0x28c:
f741fb55 59              pop     ecx
1: kd> x ACPI!gReadyQueue
f743a928          ACPI!gReadyQueue = struct _ctxtq
1: kd> dx -r1 (*((ACPI!_ctxtq *)0xf743a928))
(*((ACPI!_ctxtq *)0xf743a928))                 [Type: _ctxtq]
    [+0x000] dwfCtxtQ         : 0x0 [Type: unsigned long]
    [+0x004] pkthCurrent      : 0x89981ca0 [Type: _KTHREAD *]
    [+0x008] pctxtCurrent     : 0x89901000 [Type: _ctxt *]
    [+0x00c] plistCtxtQ       : 0x89903010 [Type: _List *]
    [+0x010] dwmsTimeSliceLength : 0x64 [Type: unsigned long]
    [+0x014] dwmsTimeSliceInterval : 0x64 [Type: unsigned long]
    [+0x018] pfnPauseCallback : 0x0 [Type: void (__cdecl*)(void *)]
    [+0x01c] PauseCBContext   : 0x0 [Type: void *]
    [+0x020] mutCtxtQ         [Type: _mutex]
    [+0x028] Timer            [Type: _KTIMER]
    [+0x050] DpcStartTimeSlice [Type: _KDPC]
    [+0x070] DpcExpireTimeSlice [Type: _KDPC]
    [+0x090] WorkItem         [Type: _WORK_QUEUE_ITEM]

第四部分：

1: kd> g
Breakpoint 39 hit
eax=89903010 ebx=89903000 ecx=00008004 edx=00002707 esi=f743a928 edi=f743a934
eip=f741d710 esp=f791ad38 ebp=f791ad4c iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000206
ACPI!RunContext:
f741d710 55              push    ebp
1: kd> kc
 #
00 ACPI!RunContext
01 ACPI!DispatchCtxtQueue
02 ACPI!StartTimeSlicePassive
03 ACPI!ACPIWorker
04 nt!PspSystemThreadStartup
05 nt!KiThreadStartup
1: kd> dv
          pctxt = 0x89903000
      pctxtSave = 0xf741d711
       pkthSave = 0x00000008
             rc = 0n-1987039232

1: kd> x ACPI!gReadyQueue
f743a928          ACPI!gReadyQueue = struct _ctxtq
1: kd> dx -r1 (*((ACPI!_ctxtq *)0xf743a928))
(*((ACPI!_ctxtq *)0xf743a928))                 [Type: _ctxtq]
    [+0x000] dwfCtxtQ         : 0x0 [Type: unsigned long]
    [+0x004] pkthCurrent      : 0x0 [Type: _KTHREAD *]
    [+0x008] pctxtCurrent     : 0x0 [Type: _ctxt *]
    [+0x00c] plistCtxtQ       : 0x0 [Type: _List *]
    [+0x010] dwmsTimeSliceLength : 0x64 [Type: unsigned long]
    [+0x014] dwmsTimeSliceInterval : 0x64 [Type: unsigned long]
    [+0x018] pfnPauseCallback : 0x0 [Type: void (__cdecl*)(void *)]
    [+0x01c] PauseCBContext   : 0x0 [Type: void *]
    [+0x020] mutCtxtQ         [Type: _mutex]
    [+0x028] Timer            [Type: _KTIMER]
    [+0x050] DpcStartTimeSlice [Type: _KDPC]
    [+0x070] DpcExpireTimeSlice [Type: _KDPC]
    [+0x090] WorkItem         [Type: _WORK_QUEUE_ITEM]

1: kd> dt ACPI!_ctxt  0x89903000
   +0x000 dwSig            : 0x54585443
   +0x004 pbCtxtEnd        : 0x89905000  ""
   +0x008 listCtxt         : _List
   +0x010 listQueue        : _List
   +0x018 pplistCtxtQueue  : (null)
   +0x01c plistResources   : (null)
   +0x020 dwfCtxt          : 0x128
   +0x024 pnsObj           : 0x899b00ac _NSObj
   +0x028 pnsScope         : 0x899b00ac _NSObj
   +0x02c powner           : (null)
   +0x030 pcall            : (null)
   +0x034 pnctxt           : (null)
   +0x038 dwSyncLevel      : 0
   +0x03c pbOp             : (null)
   +0x040 Result           : _ObjData
   +0x054 pfnAsyncCallBack : 0xf7407364     void  ACPI!ACPIGetWorkerForInteger+0
   +0x058 pdataCallBack    : 0x89985164 _ObjData
   +0x05c pvContext        : 0x89985138 Void
   +0x060 Timer            : _KTIMER
   +0x088 Dpc              : _KDPC
   +0x0a8 pheapCurrent     : 0x899030bc _heap
   +0x0ac CtxtData         : _ctxtdata
   +0x0bc LocalHeap        : _heap
1: kd> u f7407364
ACPI!ACPIGetWorkerForInteger [d:\\srv03rtm\\base\\busdrv\\acpi\\driver\\nt\\get.c @ 4707]:
f7407364 55              push    ebp
f7407365 8bec            mov     ebp,esp
f7407367 51              push    ecx
f7407368 53              push    ebx
f7407369 8b5d0c          mov     ebx,dword ptr [ebp+0Ch]
f740736c 85db            test    ebx,ebx
f740736e 56              push    esi
f740736f 57              push    edi
windbg> .open -a fffffffff7407364
1: kd> dt ACPI_GET_REQUEST 0x89985138
   +0x000 Flags            : 0x48040002
   +0x000 UFlags           : __unnamed
   +0x004 ObjectID         : 0x4e42425f
   +0x008 ListEntry        : _LIST_ENTRY [ 0xf743b940 – 0x899c6328 ]
   +0x010 DeviceExtension  : (null)
   +0x014 AcpiObject       : 0x899affac _NSObj
   +0x018 CallBackRoutine  : 0xf740ceea     void  ACPI!GetPciAddressWorker+0
   +0x01c CallBackContext  : 0x899bf408 Void
   +0x020 Buffer           : 0x899bf424  -> (null)
   +0x024 BufferSize       : (null)
   +0x028 Status           : 0n0
   +0x02c ResultData       : _ObjData
1: kd> u f740ceea
ACPI!GetPciAddressWorker [d:\\srv03rtm\\base\\busdrv\\acpi\\driver\\nt\\pciopregion.c @ 986]:
f740ceea 55              push    ebp
f740ceeb 8bec            mov     ebp,esp
f740ceed 83ec44          sub     esp,44h
f740cef0 a1a88c43f7      mov     eax,dword ptr [ACPI!__security_cookie (f7438ca8)]
f740cef5 53              push    ebx
f740cef6 56              push    esi
f740cef7 8b7514          mov     esi,dword ptr [ebp+14h]
f740cefa 85f6            test    esi,esi
windbg> .open -a fffffffff740ceea
1: kd> dt GET_ADDRESS_CONTEXT 0x899bf408
ACPI!GET_ADDRESS_CONTEXT
   +0x000 PciObject        : 0x899affac _NSObj
   +0x004 Bus              : 0x899873b0  ""
   +0x008 Slot             : 0x899873ac _PCI_SLOT_NUMBER
   +0x00c ParentBus        : 0 ''
   +0x010 ParentSlot       : _PCI_SLOT_NUMBER
   +0x014 Flags            : 0x2108
   +0x018 Address          : 0
   +0x01c BaseBusNumber    : 0
   +0x020 RunCompletion    : 0n1
   +0x024 CompletionRoutine : 0xf740d62c     void  ACPI!PciConfigSpaceHandlerWorker+0
   +0x028 CompletionContext : 0x89987378 Void
1: kd> u f740d62c
ACPI!PciConfigSpaceHandlerWorker [d:\\srv03rtm\\base\\busdrv\\acpi\\driver\\nt\\pciopregion.c @ 544]:
f740d62c 55              push    ebp
f740d62d 8bec            mov     ebp,esp
f740d62f 83ec44          sub     esp,44h
f740d632 a1a88c43f7      mov     eax,dword ptr [ACPI!__security_cookie (f7438ca8)]
f740d637 53              push    ebx
f740d638 8b5d14          mov     ebx,dword ptr [ebp+14h]
f740d63b 56              push    esi
f740d63c 57              push    edi
windbg> .open -a fffffffff740d62c
1: kd> dt PCI_CONFIG_STATE 0x89987378
ACPI!PCI_CONFIG_STATE
   +0x000 AccessType       : 1
   +0x004 OpRegion         : 0x899b0b50 _NSObj
   +0x008 Address          : 0xd8
   +0x00c Size             : 4
   +0x010 Data             : 0x8997dc28  -> 0x40e98102
   +0x014 Context          : 0
   +0x018 CompletionHandler : 0xf7420914 Void
   +0x01c CompletionContext : 0x8997c0ac Void
   +0x020 PciObj           : 0x899affac _NSObj
   +0x024 ParentObj        : (null)
   +0x028 CompletionHandlerType : 0
   +0x02c Flags            : 0x100
   +0x030 RunCompletion    : 0n0
   +0x034 Slot             : _PCI_SLOT_NUMBER
   +0x038 Bus              : 0 ''
   +0x039 IsPciDeviceResult : 0 ''

第五部分：

        while (!IsStackEmpty(pctxt))
        {
            CHKDEBUGGERREQ();
            pfh = (PFRAMEHDR)pctxt->LocalHeap.pbHeapEnd;
            ASSERT(pfh->pfnParse != NULL);

            rc = pfh->pfnParse(pctxt, pfh, rc);
            if ((rc == AMLISTA_PENDING) || (rc == AMLISTA_DONE))
            {
                break;
            }
        }

1: kd> g
Breakpoint 45 hit
eax=00000000 ebx=f743a948 ecx=f743a948 edx=00002700 esi=89903000 edi=89904fe4
eip=f741d82f esp=f791ad14 ebp=f791ad34 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000286
ACPI!RunContext+0x11f:
f741d82f ff570c          call    dword ptr [edi+0Ch]  ds:0023:89904ff0={ACPI!ProcessEvalObj (f741ef2b)}

第六部分：

1: kd> kc
 #
00 ACPI!PciConfigSpaceHandlerWorker
01 ACPI!GetPciAddressWorker
02 ACPI!ACPIGetWorkerForInteger
03 ACPI!AsyncCallBack
04 ACPI!RunContext
05 ACPI!DispatchCtxtQueue
06 ACPI!StartTimeSlicePassive
07 ACPI!ACPIWorker
08 nt!PspSystemThreadStartup
09 nt!KiThreadStartup
1: kd> dv
               AcpiObject = 0x899b00ac
         CompletionStatus = 0n0
                   Result = 0x00000000
                  Context = 0x89987378
             bytesWritten = 0

NTSTATUS
EXPORT
GetPciAddressWorker(
    IN PNSOBJ               AcpiObject,
    IN NTSTATUS             Status,
    IN POBJDATA             Result,
    IN PVOID                Context
    )
{

    //
    // Is there a _BBN to run?
    //
    tempObj = ACPIAmliGetNamedChild(bus, PACKED_BBN);
    if (tempObj) {

        //
        // This device must be the child of a root PCI bus.
        //
        if (!(state->Flags & PCISUPP_CHECKED_BBN)) {    不符合条件，不会重入

GetPciAddressWorkerExit:

    if (state->RunCompletion) {

        state->CompletionRoutine(AcpiObject,
                                 status,
                                 NULL,
                                 state->CompletionContext);

    }

1: kd> dt PCI_CONFIG_STATE 0x89987378
ACPI!PCI_CONFIG_STATE
   +0x000 AccessType       : 1
   +0x004 OpRegion         : 0x899b0b50 _NSObj
   +0x008 Address          : 0xd8
   +0x00c Size             : 4
   +0x010 Data             : 0x8997dc28  -> 0x40e98102
   +0x014 Context          : 0
   +0x018 CompletionHandler : 0xf7420914 Void
   +0x01c CompletionContext : 0x8997c0ac Void
   +0x020 PciObj           : 0x899affac _NSObj
   +0x024 ParentObj        : (null)
   +0x028 CompletionHandlerType : 0
   +0x02c Flags            : 0x100
   +0x030 RunCompletion    : 0n0
   +0x034 Slot             : _PCI_SLOT_NUMBER
   +0x038 Bus              : 0 ''
   +0x039 IsPciDeviceResult : 0 ''
1: kd> u 0xf7420914
ACPI!RestartCtxtCallback [d:\\srv03rtm\\base\\busdrv\\acpi\\driver\\amlinew\\sched.c @ 401]:
f7420914 55              push    ebp
f7420915 8bec            mov     ebp,esp
f7420917 56              push    esi
f7420918 8b7508          mov     esi,dword ptr [ebp+8]
f742091b 57              push    edi
f742091c 6a01            push    1
f742091e bf603f43f7      mov     edi,offset ACPI!`string' (f7433f60)
f7420923 57              push    edi

ACPI!RestartCtxtCallback    会重启0x8997c0ac-ac=0x8997c000    _CTXT

D:\\>grep "RestartCtxtCallback" -nr D:\\srv03rtm\\base\\busdrv\\acpi|grep -v "inary"
D:\\srv03rtm\\base\\busdrv\\acpi/driver/amlinew/misc.c:888:                                              RestartCtxtCallback,
D:\\srv03rtm\\base\\busdrv\\acpi/driver/amlinew/object.c:915:                                        RestartCtxtCallback, &pctxt->CtxtData);
D:\\srv03rtm\\base\\busdrv\\acpi/driver/amlinew/object.c:934:                                                RestartCtxtCallback, &pctxt->CtxtData);
D:\\srv03rtm\\base\\busdrv\\acpi/driver/amlinew/object.c:1256:                                             RestartCtxtCallback,
D:\\srv03rtm\\base\\busdrv\\acpi/driver/amlinew/object.c:1377:                                               RestartCtxtCallback,
D:\\srv03rtm\\base\\busdrv\\acpi/driver/amlinew/object.c:1436:                                           RestartCtxtCallback,
D:\\srv03rtm\\base\\busdrv\\acpi/driver/amlinew/proto.h:232:VOID EXPORT RestartCtxtCallback(PCTXTDATA pctxtdata);
D:\\srv03rtm\\base\\busdrv\\acpi/driver/amlinew/sched.c:391:/***LP  RestartCtxtCallback – Callback to restart a context
D:\\srv03rtm\\base\\busdrv\\acpi/driver/amlinew/sched.c:400:VOID EXPORT RestartCtxtCallback(PCTXTDATA pctxtdata)
D:\\srv03rtm\\base\\busdrv\\acpi/driver/amlinew/sched.c:405:    ENTER(2, ("RestartCtxtCallback(pctxt=%x)\\n", pctxt));
D:\\srv03rtm\\base\\busdrv\\acpi/driver/amlinew/sched.c:412:    EXIT(2, ("RestartCtxtCallback!\\n"));
D:\\srv03rtm\\base\\busdrv\\acpi/driver/amlinew/sched.c:413:}       //RestartCtxtCallback
D:\\srv03rtm\\base\\busdrv\\acpi/driver/amlinew/type1op.c:323:                                         RestartCtxtCallback,

第一个ACPI_GET_REQUEST–>CTXT0x8997c000    
第2个ACPI_GET_REQUEST–>CTXT0x89901000        第二个不会再重启了。第三个会把所有工作完成。
第3个ACPI_GET_REQUEST–>CTXT0x89903000

    //
    // Entering this function twice with the same state
    // means that we need to run the completion routine.
    //state->RunCompletion负责是不是运行completion routine

    InterlockedIncrement(&state->RunCompletion);

    //
    // Identify the PCI device, that device's extension,
    // and the pointer to the interface within the PCI
    // driver that does PCI config space reads and writes.
    //

    state->PciObj = (PNSOBJ)state->OpRegion->Context;

1: kd> dt PCI_CONFIG_STATE 0x89987378
ACPI!PCI_CONFIG_STATE
   +0x000 AccessType       : 1
   +0x004 OpRegion         : 0x899b0b50 _NSObj
   +0x008 Address          : 0xd8
   +0x00c Size             : 4
   +0x010 Data             : 0x8997dc28  -> 0x40e98102
   +0x014 Context          : 0
   +0x018 CompletionHandler : 0xf7420914 Void
   +0x01c CompletionContext : 0x8997c0ac Void
   +0x020 PciObj           : 0x899affac _NSObj
   +0x024 ParentObj        : (null)
   +0x028 CompletionHandlerType : 0
   +0x02c Flags            : 0x100
   +0x030 RunCompletion    : 0n0
   +0x034 Slot             : _PCI_SLOT_NUMBER
   +0x038 Bus              : 0 ''
   +0x039 IsPciDeviceResult : 0 ''

1: kd> dx -id 0,0,899a2278 -r1 ((ACPI!_NSObj *)0x899b0b50)
((ACPI!_NSObj *)0x899b0b50)                 : 0x899b0b50 [Type: _NSObj *]
    [+0x000] list             [Type: _List]
    [+0x008] pnsParent        : 0x899affac [Type: _NSObj *]
    [+0x00c] pnsFirstChild    : 0x0 [Type: _NSObj *]
    [+0x010] dwNameSeg        : 0x30304552 [Type: unsigned long]
    [+0x014] hOwner           : 0x899af330 [Type: void *]
    [+0x018] pnsOwnedNext     : 0x899b0a90 [Type: _NSObj *]
    [+0x01c] ObjData          [Type: _ObjData]
    [+0x030] Context          : 0x899affac [Type: void *]
    [+0x034] dwRefCount       : 0x0 [Type: unsigned long]

    interface = pciDeviceFilter->Filter.Interface;

1: kd> p
eax=899c0d58 ebx=89987378 ecx=899873a8 edx=899b0b50 esi=00000103 edi=00000000
eip=f740d6a8 esp=f791abf8 ebp=f791ac48 iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000282
ACPI!PciConfigSpaceHandlerWorker+0x7c:
f740d6a8 33c0            xor     eax,eax

1: kd> dt nsobj 0x899affac
ACPI!NSOBJ
   +0x000 list             : _List
   +0x008 pnsParent        : 0x899af0f0 _NSObj
   +0x00c pnsFirstChild    : 0x899b0024 _NSObj
   +0x010 dwNameSeg        : 0x30494350
   +0x014 hOwner           : 0x899af330 Void
   +0x018 pnsOwnedNext     : 0x899aff4c _NSObj
   +0x01c ObjData          : _ObjData
   +0x030 Context          : 0x899c0d58 Void
   +0x034 dwRefCount       : 0
1: kd> dt acpi!_DEVICE_EXTENSION 0x899c0d58
   +0x000 Flags            : 0x00400000`00000008
   +0x000 UFlags           : __unnamed
   +0x008 Signature        : 0x5f534750
   +0x00c DebugFlags       : 0
   +0x010 DispatchTable    : (null)
   +0x014 WorkContext      : WORK_QUEUE_CONTEXT
   +0x014 Fdo              : _FDO_DEVICE_EXTENSION
   +0x014 Filter           : _FILTER_DEVICE_EXTENSION
 
1: kd> dx -id 0,0,899a2278 -r1 (*((ACPI!_FILTER_DEVICE_EXTENSION *)0x899c0d6c))
(*((ACPI!_FILTER_DEVICE_EXTENSION *)0x899c0d6c))                 [Type: _FILTER_DEVICE_EXTENSION]
    [+0x000] WorkContext      [Type: WORK_QUEUE_CONTEXT]
    [+0x018] Interface        : 0x0 [Type: _BUS_INTERFACE_STANDARD *]

#define PCISUPP_GOT_SLOT_INFO             0x100

1: kd> dt PCI_CONFIG_STATE 0x89987378
ACPI!PCI_CONFIG_STATE
   +0x000 AccessType       : 1
   +0x004 OpRegion         : 0x899b0b50 _NSObj
   +0x008 Address          : 0xd8
   +0x00c Size             : 4
   +0x010 Data             : 0x8997dc28  -> 0x40e98102
   +0x014 Context          : 0
   +0x018 CompletionHandler : 0xf7420914 Void
   +0x01c CompletionContext : 0x8997c0ac Void
   +0x020 PciObj           : 0x899affac _NSObj
   +0x024 ParentObj        : (null)
   +0x028 CompletionHandlerType : 0
   +0x02c Flags            : 0x100        #define PCISUPP_GOT_SLOT_INFO             0x100
   +0x030 RunCompletion    : 0n0
   +0x034 Slot             : _PCI_SLOT_NUMBER
   +0x038 Bus              : 0 ''
   +0x039 IsPciDeviceResult : 0 ''

    if (!interface) {

        if (!(state->Flags & PCISUPP_GOT_SLOT_INFO)) {        不符合条件，不会重入。

    switch (state->AccessType) {
    case RSACCESS_READ:

#define RSACCESS_READ                   0
#define RSACCESS_WRITE                  1

1: kd> dt PCI_CONFIG_STATE 0x89987378
ACPI!PCI_CONFIG_STATE
   +0x000 AccessType       : 1

第七部分：

1: kd> x acpi!PciOpRegionDisallowedRanges
f7438b80          ACPI!PciOpRegionDisallowedRanges = unsigned short [4][2]
1: kd> dx -r1 (*((ACPI!unsigned short (*)[4][2])0xf7438b80))
(*((ACPI!unsigned short (*)[4][2])0xf7438b80))                 [Type: unsigned short [4][2]]
    [0]              [Type: unsigned short [2]]
    [1]              [Type: unsigned short [2]]
    [2]              [Type: unsigned short [2]]
    [3]              [Type: unsigned short [2]]
1: kd> dx -r1 (*((ACPI!unsigned short (*)[2])0xf7438b80))
(*((ACPI!unsigned short (*)[2])0xf7438b80))                 [Type: unsigned short [2]]
    [0]              : 0x0 [Type: unsigned short]
    [1]              : 0x2b [Type: unsigned short]
1: kd> dx -r1 (*((ACPI!unsigned short (*)[2])0xf7438b84))
(*((ACPI!unsigned short (*)[2])0xf7438b84))                 [Type: unsigned short [2]]
    [0]              : 0x30 [Type: unsigned short]
    [1]              : 0x3b [Type: unsigned short]
1: kd> dx -r1 (*((ACPI!unsigned short (*)[2])0xf7438b88))
(*((ACPI!unsigned short (*)[2])0xf7438b88))                 [Type: unsigned short [2]]
    [0]              : 0x100 [Type: unsigned short]
    [1]              : 0xffff [Type: unsigned short]
1: kd> dx -r1 (*((ACPI!unsigned short (*)[2])0xf7438b8c))
(*((ACPI!unsigned short (*)[2])0xf7438b8c))                 [Type: unsigned short [2]]
    [0]              : 0x0 [Type: unsigned short]
    [1]              : 0x0 [Type: unsigned short]

                range++;
            }

range=2时    0xd8+4<0x100

1: kd> dt PCI_CONFIG_STATE 0x89987378
ACPI!PCI_CONFIG_STATE
   +0x000 AccessType       : 1
   +0x004 OpRegion         : 0x899b0b50 _NSObj
   +0x008 Address          : 0xd8
   +0x00c Size             : 4
   +0x010 Data             : 0x8997dc28  -> 0x40e98102
   +0x014 Context          : 0
   +0x018 CompletionHandler : 0xf7420914 Void
   +0x01c CompletionContext : 0x8997c0ac Void
   +0x020 PciObj           : 0x899affac _NSObj

                    } else {

                        bytes = HalSetBusDataByOffset(PCIConfiguration,
                                                      state->Bus,
                                                      state->Slot.u.AsULONG,
                                                      (PUCHAR)(state->Data + offset – state->Address),
                                                      offset,
                                                      length);
                    }

1: kd> kc
 #
00 hal!HalSetBusDataByOffset
01 ACPI!PciConfigSpaceHandlerWorker
02 ACPI!GetPciAddressWorker
03 ACPI!ACPIGetWorkerForInteger
04 ACPI!AsyncCallBack
05 ACPI!RunContext
06 ACPI!DispatchCtxtQueue
07 ACPI!StartTimeSlicePassive
08 ACPI!ACPIWorker
09 nt!PspSystemThreadStartup
0a nt!KiThreadStartup
1: kd> dv
    BusDataType = PCIConfiguration (0n4)
      BusNumber = 0
     SlotNumber = 0
         Buffer = 0x8997dc28
         Offset = 0xd8
         Length = 4