summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLin Ming <ming.m.lin@intel.com>2008-04-10 19:06:41 +0400
committerLen Brown <len.brown@intel.com>2008-04-22 14:29:28 -0400
commit1cb2ef6606e0abd8565f66b5f95267de1b390694 (patch)
tree54ef1226c245a93a35f013b35ec58b3eb38b82ed
parente5bcc811f78f294e7be8a0721b3fb513028c5af4 (diff)
downloadlinux-1cb2ef6606e0abd8565f66b5f95267de1b390694.tar.gz
linux-1cb2ef6606e0abd8565f66b5f95267de1b390694.tar.bz2
linux-1cb2ef6606e0abd8565f66b5f95267de1b390694.zip
ACPICA: Fixed a problem with CopyObject used in conjunction with the Index operator
The reference was incorrectly dereferenced before the copy. The reference is now correctly copied. http://bugzilla.kernel.org/show_bug.cgi?id=5391 Signed-off-by: Lin Ming <ming.m.lin@intel.com> Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de> Signed-off-by: Len Brown <len.brown@intel.com>
-rw-r--r--drivers/acpi/executer/exresnte.c7
-rw-r--r--drivers/acpi/executer/exresolv.c16
2 files changed, 13 insertions, 10 deletions
diff --git a/drivers/acpi/executer/exresnte.c b/drivers/acpi/executer/exresnte.c
index 79a0d281f96b..42c8a0f8894c 100644
--- a/drivers/acpi/executer/exresnte.c
+++ b/drivers/acpi/executer/exresnte.c
@@ -239,13 +239,12 @@ acpi_ex_resolve_node_to_value(struct acpi_namespace_node **object_ptr,
case ACPI_TYPE_LOCAL_REFERENCE:
switch (source_desc->reference.opcode) {
- case AML_LOAD_OP:
+ case AML_LOAD_OP: /* This is a ddb_handle */
+ case AML_REF_OF_OP:
+ case AML_INDEX_OP:
- /* This is a ddb_handle */
/* Return an additional reference to the object */
- case AML_REF_OF_OP:
-
obj_desc = source_desc;
acpi_ut_add_reference(obj_desc);
break;
diff --git a/drivers/acpi/executer/exresolv.c b/drivers/acpi/executer/exresolv.c
index 795ec8c7363c..9c3cdf61dc34 100644
--- a/drivers/acpi/executer/exresolv.c
+++ b/drivers/acpi/executer/exresolv.c
@@ -189,21 +189,25 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
switch (stack_desc->reference.target_type) {
case ACPI_TYPE_BUFFER_FIELD:
- /* Just return - leave the Reference on the stack */
+ /* Just return - do not dereference */
break;
case ACPI_TYPE_PACKAGE:
- /* If method call - leave the Reference on the stack */
+ /* If method call or copy_object - do not dereference */
- if (walk_state->opcode == AML_INT_METHODCALL_OP) {
+ if ((walk_state->opcode ==
+ AML_INT_METHODCALL_OP)
+ || (walk_state->opcode == AML_COPY_OP)) {
break;
}
+ /* Otherwise, dereference the package_index to a package element */
+
obj_desc = *stack_desc->reference.where;
if (obj_desc) {
/*
- * Valid obj descriptor, copy pointer to return value
+ * Valid object descriptor, copy pointer to return value
* (i.e., dereference the package index)
* Delete the ref object, increment the returned object
*/
@@ -212,7 +216,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
*stack_ptr = obj_desc;
} else {
/*
- * A NULL object descriptor means an unitialized element of
+ * A NULL object descriptor means an uninitialized element of
* the package, can't dereference it
*/
ACPI_ERROR((AE_INFO,
@@ -239,7 +243,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
case AML_DEBUG_OP:
case AML_LOAD_OP:
- /* Just leave the object as-is */
+ /* Just leave the object as-is, do not dereference */
break;