ACPICA: Fixed a problem with CopyObject used in conjunction with the Index operator

The reference was incorrectly dereferenced before the copy. The reference is now correctly copied. http://bugzilla.kernel.org/show_bug.cgi?id=5391Signed-off-by: Lin Ming <ming.m.lin@intel.com> Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de> Signed-off-by: Len Brown <len.brown@intel.com>

ACPICA: Fixed a problem with CopyObject used in conjunction with the Index operator
The reference was incorrectly dereferenced before the copy. The reference is now correctly copied. http://bugzilla.kernel.org/show_bug.cgi?id=5391Signed-off-by: Lin Ming <ming.m.lin@intel.com> Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de> Signed-off-by: Len Brown <len.brown@intel.com>
1cb2ef66 · Lin Ming · Len Brown · e5bcc811 · 1cb2ef66 · 1cb2ef66
Commit 1cb2ef66 authored Apr 10, 2008 by Lin Ming Committed by Len Brown Apr 22, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 10 deletions

drivers/acpi/executer/exresnte.c drivers/acpi/executer/exresnte.c +3 -4

drivers/acpi/executer/exresolv.c drivers/acpi/executer/exresolv.c +10 -6

No files found.
--- a/drivers/acpi/executer/exresnte.c
+++ b/drivers/acpi/executer/exresnte.c
@@ -239,13 +239,12 @@ acpi_ex_resolve_node_to_value(struct acpi_namespace_node **object_ptr,
 	case ACPI_TYPE_LOCAL_REFERENCE:

 		switch (source_desc->reference.opcode) {
-		case AML_LOAD_OP:
+		case AML_LOAD_OP:	/* This is a ddb_handle */
+		case AML_REF_OF_OP:
+		case AML_INDEX_OP:

-			/* This is a ddb_handle */
 			/* Return an additional reference to the object */

-		case AML_REF_OF_OP:
-
 			obj_desc = source_desc;
 			acpi_ut_add_reference(obj_desc);
 			break;

--- a/drivers/acpi/executer/exresolv.c
+++ b/drivers/acpi/executer/exresolv.c
@@ -189,21 +189,25 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
 			switch (stack_desc->reference.target_type) {
 			case ACPI_TYPE_BUFFER_FIELD:

-				/* Just return - leave the Reference on the stack */
+				/* Just return - do not dereference */
 				break;

 			case ACPI_TYPE_PACKAGE:

-				/* If method call - leave the Reference on the stack */
+				/* If method call or copy_object - do not dereference */

-				if (walk_state->opcode == AML_INT_METHODCALL_OP) {
+				if ((walk_state->opcode ==
+				     AML_INT_METHODCALL_OP)
+				    || (walk_state->opcode == AML_COPY_OP)) {
 					break;
 				}

+				/* Otherwise, dereference the package_index to a package element */
+
 				obj_desc = *stack_desc->reference.where;
 				if (obj_desc) {
 					/*
-					 * Valid obj descriptor, copy pointer to return value
+					 * Valid object descriptor, copy pointer to return value
 					 * (i.e., dereference the package index)
 					 * Delete the ref object, increment the returned object
 					 */
@@ -212,7 +216,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
 					*stack_ptr = obj_desc;
 				} else {
 					/*
-					 * A NULL object descriptor means an unitialized element of
+					 * A NULL object descriptor means an uninitialized element of
 					 * the package, can't dereference it
 					 */
 					ACPI_ERROR((AE_INFO,
@@ -239,7 +243,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
 		case AML_DEBUG_OP:
 		case AML_LOAD_OP:

-			/* Just leave the object as-is */
+			/* Just leave the object as-is, do not dereference */

 			break;