aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/acpi/executer
diff options
context:
space:
mode:
authorLin Ming <ming.m.lin@intel.com>2008-04-10 11:06:41 -0400
committerLen Brown <len.brown@intel.com>2008-04-22 14:29:28 -0400
commit1cb2ef6606e0abd8565f66b5f95267de1b390694 (patch)
tree54ef1226c245a93a35f013b35ec58b3eb38b82ed /drivers/acpi/executer
parente5bcc811f78f294e7be8a0721b3fb513028c5af4 (diff)
ACPICA: Fixed a problem with CopyObject used in conjunction with the Index operator
The reference was incorrectly dereferenced before the copy. The reference is now correctly copied. http://bugzilla.kernel.org/show_bug.cgi?id=5391 Signed-off-by: Lin Ming <ming.m.lin@intel.com> Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de> Signed-off-by: Len Brown <len.brown@intel.com>
Diffstat (limited to 'drivers/acpi/executer')
-rw-r--r--drivers/acpi/executer/exresnte.c7
-rw-r--r--drivers/acpi/executer/exresolv.c16
2 files changed, 13 insertions, 10 deletions
diff --git a/drivers/acpi/executer/exresnte.c b/drivers/acpi/executer/exresnte.c
index 79a0d281f96b..42c8a0f8894c 100644
--- a/drivers/acpi/executer/exresnte.c
+++ b/drivers/acpi/executer/exresnte.c
@@ -239,13 +239,12 @@ acpi_ex_resolve_node_to_value(struct acpi_namespace_node **object_ptr,
239 case ACPI_TYPE_LOCAL_REFERENCE: 239 case ACPI_TYPE_LOCAL_REFERENCE:
240 240
241 switch (source_desc->reference.opcode) { 241 switch (source_desc->reference.opcode) {
242 case AML_LOAD_OP: 242 case AML_LOAD_OP: /* This is a ddb_handle */
243 case AML_REF_OF_OP:
244 case AML_INDEX_OP:
243 245
244 /* This is a ddb_handle */
245 /* Return an additional reference to the object */ 246 /* Return an additional reference to the object */
246 247
247 case AML_REF_OF_OP:
248
249 obj_desc = source_desc; 248 obj_desc = source_desc;
250 acpi_ut_add_reference(obj_desc); 249 acpi_ut_add_reference(obj_desc);
251 break; 250 break;
diff --git a/drivers/acpi/executer/exresolv.c b/drivers/acpi/executer/exresolv.c
index 795ec8c7363c..9c3cdf61dc34 100644
--- a/drivers/acpi/executer/exresolv.c
+++ b/drivers/acpi/executer/exresolv.c
@@ -189,21 +189,25 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
189 switch (stack_desc->reference.target_type) { 189 switch (stack_desc->reference.target_type) {
190 case ACPI_TYPE_BUFFER_FIELD: 190 case ACPI_TYPE_BUFFER_FIELD:
191 191
192 /* Just return - leave the Reference on the stack */ 192 /* Just return - do not dereference */
193 break; 193 break;
194 194
195 case ACPI_TYPE_PACKAGE: 195 case ACPI_TYPE_PACKAGE:
196 196
197 /* If method call - leave the Reference on the stack */ 197 /* If method call or copy_object - do not dereference */
198 198
199 if (walk_state->opcode == AML_INT_METHODCALL_OP) { 199 if ((walk_state->opcode ==
200 AML_INT_METHODCALL_OP)
201 || (walk_state->opcode == AML_COPY_OP)) {
200 break; 202 break;
201 } 203 }
202 204
205 /* Otherwise, dereference the package_index to a package element */
206
203 obj_desc = *stack_desc->reference.where; 207 obj_desc = *stack_desc->reference.where;
204 if (obj_desc) { 208 if (obj_desc) {
205 /* 209 /*
206 * Valid obj descriptor, copy pointer to return value 210 * Valid object descriptor, copy pointer to return value
207 * (i.e., dereference the package index) 211 * (i.e., dereference the package index)
208 * Delete the ref object, increment the returned object 212 * Delete the ref object, increment the returned object
209 */ 213 */
@@ -212,7 +216,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
212 *stack_ptr = obj_desc; 216 *stack_ptr = obj_desc;
213 } else { 217 } else {
214 /* 218 /*
215 * A NULL object descriptor means an unitialized element of 219 * A NULL object descriptor means an uninitialized element of
216 * the package, can't dereference it 220 * the package, can't dereference it
217 */ 221 */
218 ACPI_ERROR((AE_INFO, 222 ACPI_ERROR((AE_INFO,
@@ -239,7 +243,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
239 case AML_DEBUG_OP: 243 case AML_DEBUG_OP:
240 case AML_LOAD_OP: 244 case AML_LOAD_OP:
241 245
242 /* Just leave the object as-is */ 246 /* Just leave the object as-is, do not dereference */
243 247
244 break; 248 break;
245 249