diff options
author | Lin Ming <ming.m.lin@intel.com> | 2008-04-10 19:06:41 +0400 |
---|---|---|
committer | Len Brown <len.brown@intel.com> | 2008-04-22 14:29:28 -0400 |
commit | 1cb2ef6606e0abd8565f66b5f95267de1b390694 (patch) | |
tree | 54ef1226c245a93a35f013b35ec58b3eb38b82ed /drivers/acpi | |
parent | e5bcc811f78f294e7be8a0721b3fb513028c5af4 (diff) |
ACPICA: Fixed a problem with CopyObject used in conjunction with the Index operator
The reference was incorrectly dereferenced before the copy. The
reference is now correctly copied.
http://bugzilla.kernel.org/show_bug.cgi?id=5391
Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: Len Brown <len.brown@intel.com>
Diffstat (limited to 'drivers/acpi')
-rw-r--r-- | drivers/acpi/executer/exresnte.c | 7 | ||||
-rw-r--r-- | drivers/acpi/executer/exresolv.c | 16 |
2 files changed, 13 insertions, 10 deletions
diff --git a/drivers/acpi/executer/exresnte.c b/drivers/acpi/executer/exresnte.c index 79a0d281f96b..42c8a0f8894c 100644 --- a/drivers/acpi/executer/exresnte.c +++ b/drivers/acpi/executer/exresnte.c @@ -239,13 +239,12 @@ acpi_ex_resolve_node_to_value(struct acpi_namespace_node **object_ptr, case ACPI_TYPE_LOCAL_REFERENCE: switch (source_desc->reference.opcode) { - case AML_LOAD_OP: + case AML_LOAD_OP: /* This is a ddb_handle */ + case AML_REF_OF_OP: + case AML_INDEX_OP: - /* This is a ddb_handle */ /* Return an additional reference to the object */ - case AML_REF_OF_OP: - obj_desc = source_desc; acpi_ut_add_reference(obj_desc); break; diff --git a/drivers/acpi/executer/exresolv.c b/drivers/acpi/executer/exresolv.c index 795ec8c7363c..9c3cdf61dc34 100644 --- a/drivers/acpi/executer/exresolv.c +++ b/drivers/acpi/executer/exresolv.c @@ -189,21 +189,25 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr, switch (stack_desc->reference.target_type) { case ACPI_TYPE_BUFFER_FIELD: - /* Just return - leave the Reference on the stack */ + /* Just return - do not dereference */ break; case ACPI_TYPE_PACKAGE: - /* If method call - leave the Reference on the stack */ + /* If method call or copy_object - do not dereference */ - if (walk_state->opcode == AML_INT_METHODCALL_OP) { + if ((walk_state->opcode == + AML_INT_METHODCALL_OP) + || (walk_state->opcode == AML_COPY_OP)) { break; } + /* Otherwise, dereference the package_index to a package element */ + obj_desc = *stack_desc->reference.where; if (obj_desc) { /* - * Valid obj descriptor, copy pointer to return value + * Valid object descriptor, copy pointer to return value * (i.e., dereference the package index) * Delete the ref object, increment the returned object */ @@ -212,7 +216,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr, *stack_ptr = obj_desc; } else { /* - * A NULL object descriptor means an unitialized element of + * A NULL object descriptor means an uninitialized element of * the package, can't dereference it */ ACPI_ERROR((AE_INFO, @@ -239,7 +243,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr, case AML_DEBUG_OP: case AML_LOAD_OP: - /* Just leave the object as-is */ + /* Just leave the object as-is, do not dereference */ break; |