ACPICA: Fixed a problem with CopyObject used in conjunction with the Index operator
authorLin Ming <ming.m.lin@intel.com>
Thu, 10 Apr 2008 15:06:41 +0000 (19:06 +0400)
committerLen Brown <len.brown@intel.com>
Tue, 22 Apr 2008 18:29:28 +0000 (14:29 -0400)
The reference was incorrectly dereferenced before the copy. The
reference is now correctly copied.

http://bugzilla.kernel.org/show_bug.cgi?id=5391

Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: Len Brown <len.brown@intel.com>
drivers/acpi/executer/exresnte.c
drivers/acpi/executer/exresolv.c

index 79a0d281f96b5f787115d19ea76d8aa769124cfb..42c8a0f8894caddfe0bae51e1239d55b6e51e255 100644 (file)
@@ -239,13 +239,12 @@ acpi_ex_resolve_node_to_value(struct acpi_namespace_node **object_ptr,
        case ACPI_TYPE_LOCAL_REFERENCE:
 
                switch (source_desc->reference.opcode) {
-               case AML_LOAD_OP:
+               case AML_LOAD_OP:       /* This is a ddb_handle */
+               case AML_REF_OF_OP:
+               case AML_INDEX_OP:
 
-                       /* This is a ddb_handle */
                        /* Return an additional reference to the object */
 
-               case AML_REF_OF_OP:
-
                        obj_desc = source_desc;
                        acpi_ut_add_reference(obj_desc);
                        break;
index 795ec8c7363c90d0a9bec63b85c8e4055d88d3e6..9c3cdf61dc3468fe3c6d4eac47557343f37eb658 100644 (file)
@@ -189,21 +189,25 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
                        switch (stack_desc->reference.target_type) {
                        case ACPI_TYPE_BUFFER_FIELD:
 
-                               /* Just return - leave the Reference on the stack */
+                               /* Just return - do not dereference */
                                break;
 
                        case ACPI_TYPE_PACKAGE:
 
-                               /* If method call - leave the Reference on the stack */
+                               /* If method call or copy_object - do not dereference */
 
-                               if (walk_state->opcode == AML_INT_METHODCALL_OP) {
+                               if ((walk_state->opcode ==
+                                    AML_INT_METHODCALL_OP)
+                                   || (walk_state->opcode == AML_COPY_OP)) {
                                        break;
                                }
 
+                               /* Otherwise, dereference the package_index to a package element */
+
                                obj_desc = *stack_desc->reference.where;
                                if (obj_desc) {
                                        /*
-                                        * Valid obj descriptor, copy pointer to return value
+                                        * Valid object descriptor, copy pointer to return value
                                         * (i.e., dereference the package index)
                                         * Delete the ref object, increment the returned object
                                         */
@@ -212,7 +216,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
                                        *stack_ptr = obj_desc;
                                } else {
                                        /*
-                                        * A NULL object descriptor means an unitialized element of
+                                        * A NULL object descriptor means an uninitialized element of
                                         * the package, can't dereference it
                                         */
                                        ACPI_ERROR((AE_INFO,
@@ -239,7 +243,7 @@ acpi_ex_resolve_object_to_value(union acpi_operand_object **stack_ptr,
                case AML_DEBUG_OP:
                case AML_LOAD_OP:
 
-                       /* Just leave the object as-is */
+                       /* Just leave the object as-is, do not dereference */
 
                        break;