iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ACPICA: Fixed a problem with CopyObject used in conjunction with the Index operator

Browse Source 
The reference was incorrectly dereferenced before the copy. The
reference is now correctly copied.

http://bugzilla.kernel.org/show_bug.cgi?id=5391

Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: Len Brown <len.brown@intel.com>
This commit is contained in:
Lin Ming 2008-04-10 19:06:41 +04:00 committed by Len Brown
parent e5bcc811f7
commit 1cb2ef6606
2 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
drivers/acpi/executer/exresnte.c
View File

@ -239,12 +239,11 @@ acpi_ex_resolve_node_to_value(struct acpi_namespace_node **object_ptr,
case ACPI_TYPE_LOCAL_REFERENCE: case ACPI_TYPE_LOCAL_REFERENCE:
switch (source_desc->reference.opcode) { switch (source_desc->reference.opcode) {
case AML_LOAD_OP: case AML_LOAD_OP: /* This is a ddb_handle */
/* This is a ddb_handle */
/* Return an additional reference to the object */
case AML_REF_OF_OP: case AML_REF_OF_OP:
case AML_INDEX_OP:
/* Return an additional reference to the object */
obj_desc = source_desc; obj_desc = source_desc;
acpi_ut_add_reference(obj_desc); acpi_ut_add_reference(obj_desc);

16
drivers/acpi/executer/exresolv.c
View File

@ -189,21 +189,25 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
switch (stack_desc->reference.target_type) { switch (stack_desc->reference.target_type) {
case ACPI_TYPE_BUFFER_FIELD: case ACPI_TYPE_BUFFER_FIELD:
/* Just return - leave the Reference on the stack */ /* Just return - do not dereference */
break; break;
case ACPI_TYPE_PACKAGE: case ACPI_TYPE_PACKAGE:
/* If method call - leave the Reference on the stack */ /* If method call or copy_object - do not dereference */
if (walk_state->opcode == AML_INT_METHODCALL_OP) { if ((walk_state->opcode ==
AML_INT_METHODCALL_OP)
|| (walk_state->opcode == AML_COPY_OP)) {
break; break;
} }
/* Otherwise, dereference the package_index to a package element */
obj_desc = *stack_desc->reference.where; obj_desc = *stack_desc->reference.where;
if (obj_desc) { if (obj_desc) {
/* /*
* Valid obj descriptor, copy pointer to return value * Valid object descriptor, copy pointer to return value
* (i.e., dereference the package index) * (i.e., dereference the package index)
* Delete the ref object, increment the returned object * Delete the ref object, increment the returned object
*/ */
@ -212,7 +216,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
*stack_ptr = obj_desc; *stack_ptr = obj_desc;
} else { } else {
/* /*
* A NULL object descriptor means an unitialized element of * A NULL object descriptor means an uninitialized element of
* the package, can't dereference it * the package, can't dereference it
*/ */
ACPI_ERROR((AE_INFO, ACPI_ERROR((AE_INFO,
@ -239,7 +243,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
case AML_DEBUG_OP: case AML_DEBUG_OP:
case AML_LOAD_OP: case AML_LOAD_OP:
/* Just leave the object as-is */ /* Just leave the object as-is, do not dereference */
break; break;