diff options
| author | Lin Ming <ming.m.lin@intel.com> | 2008-04-10 11:06:41 -0400 |
|---|---|---|
| committer | Len Brown <len.brown@intel.com> | 2008-04-22 14:29:28 -0400 |
| commit | 1cb2ef6606e0abd8565f66b5f95267de1b390694 (patch) | |
| tree | 54ef1226c245a93a35f013b35ec58b3eb38b82ed /drivers/acpi/executer/exresolv.c | |
| parent | e5bcc811f78f294e7be8a0721b3fb513028c5af4 (diff) | |
ACPICA: Fixed a problem with CopyObject used in conjunction with the Index operator
The reference was incorrectly dereferenced before the copy. The
reference is now correctly copied.
http://bugzilla.kernel.org/show_bug.cgi?id=5391
Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: Len Brown <len.brown@intel.com>
Diffstat (limited to 'drivers/acpi/executer/exresolv.c')
| -rw-r--r-- | drivers/acpi/executer/exresolv.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/drivers/acpi/executer/exresolv.c b/drivers/acpi/executer/exresolv.c index 795ec8c7363c..9c3cdf61dc34 100644 --- a/drivers/acpi/executer/exresolv.c +++ b/drivers/acpi/executer/exresolv.c | |||
| @@ -189,21 +189,25 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr, | |||
| 189 | switch (stack_desc->reference.target_type) { | 189 | switch (stack_desc->reference.target_type) { |
| 190 | case ACPI_TYPE_BUFFER_FIELD: | 190 | case ACPI_TYPE_BUFFER_FIELD: |
| 191 | 191 | ||
| 192 | /* Just return - leave the Reference on the stack */ | 192 | /* Just return - do not dereference */ |
| 193 | break; | 193 | break; |
| 194 | 194 | ||
| 195 | case ACPI_TYPE_PACKAGE: | 195 | case ACPI_TYPE_PACKAGE: |
| 196 | 196 | ||
| 197 | /* If method call - leave the Reference on the stack */ | 197 | /* If method call or copy_object - do not dereference */ |
| 198 | 198 | ||
| 199 | if (walk_state->opcode == AML_INT_METHODCALL_OP) { | 199 | if ((walk_state->opcode == |
| 200 | AML_INT_METHODCALL_OP) | ||
| 201 | || (walk_state->opcode == AML_COPY_OP)) { | ||
| 200 | break; | 202 | break; |
| 201 | } | 203 | } |
| 202 | 204 | ||
| 205 | /* Otherwise, dereference the package_index to a package element */ | ||
| 206 | |||
| 203 | obj_desc = *stack_desc->reference.where; | 207 | obj_desc = *stack_desc->reference.where; |
| 204 | if (obj_desc) { | 208 | if (obj_desc) { |
| 205 | /* | 209 | /* |
| 206 | * Valid obj descriptor, copy pointer to return value | 210 | * Valid object descriptor, copy pointer to return value |
| 207 | * (i.e., dereference the package index) | 211 | * (i.e., dereference the package index) |
| 208 | * Delete the ref object, increment the returned object | 212 | * Delete the ref object, increment the returned object |
| 209 | */ | 213 | */ |
| @@ -212,7 +216,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr, | |||
| 212 | *stack_ptr = obj_desc; | 216 | *stack_ptr = obj_desc; |
| 213 | } else { | 217 | } else { |
| 214 | /* | 218 | /* |
| 215 | * A NULL object descriptor means an unitialized element of | 219 | * A NULL object descriptor means an uninitialized element of |
| 216 | * the package, can't dereference it | 220 | * the package, can't dereference it |
| 217 | */ | 221 | */ |
| 218 | ACPI_ERROR((AE_INFO, | 222 | ACPI_ERROR((AE_INFO, |
| @@ -239,7 +243,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr, | |||
| 239 | case AML_DEBUG_OP: | 243 | case AML_DEBUG_OP: |
| 240 | case AML_LOAD_OP: | 244 | case AML_LOAD_OP: |
| 241 | 245 | ||
| 242 | /* Just leave the object as-is */ | 246 | /* Just leave the object as-is, do not dereference */ |
| 243 | 247 | ||
| 244 | break; | 248 | break; |
| 245 | 249 | ||