Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1cb2ef66 authored by Lin Ming's avatar Lin Ming Committed by Len Brown
Browse files

ACPICA: Fixed a problem with CopyObject used in conjunction with the Index operator 

The reference was incorrectly dereferenced before the copy. The
reference is now correctly copied.

http://bugzilla.kernel.org/show_bug.cgi?id=5391



Signed-off-by: default avatarLin Ming <ming.m.lin@intel.com>
Signed-off-by: default avatarBob Moore <robert.moore@intel.com>
Signed-off-by: default avatarAlexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: default avatarLen Brown <len.brown@intel.com>
parent e5bcc811

drivers/acpi/executer/exresnte.c

+3 −4
Original line number Original line Diff line number Diff line
@@ -239,13 +239,12 @@ acpi_ex_resolve_node_to_value(struct acpi_namespace_node **object_ptr, 
	case ACPI_TYPE_LOCAL_REFERENCE:

	case ACPI_TYPE_LOCAL_REFERENCE:





		switch (source_desc->reference.opcode) {

		switch (source_desc->reference.opcode) {

		case AML_LOAD_OP:

		case AML_LOAD_OP:	/* This is a ddb_handle */

		case AML_REF_OF_OP:

		case AML_INDEX_OP:





			/* This is a ddb_handle */

			/* Return an additional reference to the object */

			/* Return an additional reference to the object */





		case AML_REF_OF_OP:



			obj_desc = source_desc;

			obj_desc = source_desc;

			acpi_ut_add_reference(obj_desc);

			acpi_ut_add_reference(obj_desc);

			break;

			break;

drivers/acpi/executer/exresolv.c

+10 −6
Original line number Original line Diff line number Diff line
@@ -189,21 +189,25 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr, 
			switch (stack_desc->reference.target_type) {

			switch (stack_desc->reference.target_type) {

			case ACPI_TYPE_BUFFER_FIELD:

			case ACPI_TYPE_BUFFER_FIELD:





				/* Just return - leave the Reference on the stack */

				/* Just return - do not dereference */

				break;

				break;





			case ACPI_TYPE_PACKAGE:

			case ACPI_TYPE_PACKAGE:





				/* If method call - leave the Reference on the stack */

				/* If method call or copy_object - do not dereference */





				if (walk_state->opcode == AML_INT_METHODCALL_OP) {

				if ((walk_state->opcode ==

				     AML_INT_METHODCALL_OP)

				    || (walk_state->opcode == AML_COPY_OP)) {

					break;

					break;

				}

				}





				/* Otherwise, dereference the package_index to a package element */



				obj_desc = *stack_desc->reference.where;

				obj_desc = *stack_desc->reference.where;

				if (obj_desc) {

				if (obj_desc) {

					/*

					/*

					 * Valid obj descriptor, copy pointer to return value

					 * Valid object descriptor, copy pointer to return value

					 * (i.e., dereference the package index)

					 * (i.e., dereference the package index)

					 * Delete the ref object, increment the returned object

					 * Delete the ref object, increment the returned object

					 */

					 */
@@ -212,7 +216,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr, 
					*stack_ptr = obj_desc;

					*stack_ptr = obj_desc;

				} else {

				} else {

					/*

					/*

					 * A NULL object descriptor means an unitialized element of

					 * A NULL object descriptor means an uninitialized element of

					 * the package, can't dereference it

					 * the package, can't dereference it

					 */

					 */

					ACPI_ERROR((AE_INFO,

					ACPI_ERROR((AE_INFO,
@@ -239,7 +243,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr, 
		case AML_DEBUG_OP:

		case AML_DEBUG_OP:

		case AML_LOAD_OP:

		case AML_LOAD_OP:





			/* Just leave the object as-is */

			/* Just leave the object as-is, do not dereference */





			break;

			break;