Erik Schmauss c5781ffbbd ACPICA: Namespace: remove address node from global list after method termination
ACPICA commit b233720031a480abd438f2e9c643080929d144c3

ASL operation_regions declare a range of addresses that it uses. In a
perfect world, the range of addresses should be used exclusively by
the AML interpreter. The OS can use this information to decide which
drivers to load so that the AML interpreter and device drivers use
different regions of memory.

During table load, the address information is added to a global
address range list. Each node in this list contains an address range
as well as a namespace node of the operation_region. This list is
deleted at ACPI shutdown.

Unfortunately, ASL operation_regions can be declared inside of control
methods. Although this is not recommended, modern firmware contains
such code. New module level code changes unintentionally removed the
functionality of adding and removing nodes to the global address
range list.

A few months ago, support for adding addresses has been re-
implemented. However, the removal of the address range list was
missed and resulted in some systems to crash due to the address list
containing bogus namespace nodes from operation_regions declared in
control methods. In order to fix the crash, this change removes
dynamic operation_regions after control method termination.

Link: https://github.com/acpica/acpica/commit/b2337200
Link: https://bugzilla.kernel.org/show_bug.cgi?id=202475
Fixes: 4abb951b73ff ("ACPICA: AML interpreter: add region addresses in global list during initialization")
Reported-by: Michael J Gruber <mjg@fedoraproject.org>
Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Cc: 4.20+ <stable@vger.kernel.org> # 4.20+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2019-04-09 10:05:11 +02:00

433 lines
11 KiB
C

// SPDX-License-Identifier: BSD-3-Clause OR GPL-2.0
/*******************************************************************************
*
* Module Name: nsobject - Utilities for objects attached to namespace
* table entries
*
******************************************************************************/
#include <acpi/acpi.h>
#include "accommon.h"
#include "acnamesp.h"
#define _COMPONENT ACPI_NAMESPACE
ACPI_MODULE_NAME("nsobject")
/*******************************************************************************
*
* FUNCTION: acpi_ns_attach_object
*
* PARAMETERS: node - Parent Node
* object - Object to be attached
* type - Type of object, or ACPI_TYPE_ANY if not
* known
*
* RETURN: Status
*
* DESCRIPTION: Record the given object as the value associated with the
* name whose acpi_handle is passed. If Object is NULL
* and Type is ACPI_TYPE_ANY, set the name as having no value.
* Note: Future may require that the Node->Flags field be passed
* as a parameter.
*
* MUTEX: Assumes namespace is locked
*
******************************************************************************/
acpi_status
acpi_ns_attach_object(struct acpi_namespace_node *node,
union acpi_operand_object *object, acpi_object_type type)
{
union acpi_operand_object *obj_desc;
union acpi_operand_object *last_obj_desc;
acpi_object_type object_type = ACPI_TYPE_ANY;
ACPI_FUNCTION_TRACE(ns_attach_object);
/*
* Parameter validation
*/
if (!node) {
/* Invalid handle */
ACPI_ERROR((AE_INFO, "Null NamedObj handle"));
return_ACPI_STATUS(AE_BAD_PARAMETER);
}
if (!object && (ACPI_TYPE_ANY != type)) {
/* Null object */
ACPI_ERROR((AE_INFO,
"Null object, but type not ACPI_TYPE_ANY"));
return_ACPI_STATUS(AE_BAD_PARAMETER);
}
if (ACPI_GET_DESCRIPTOR_TYPE(node) != ACPI_DESC_TYPE_NAMED) {
/* Not a name handle */
ACPI_ERROR((AE_INFO, "Invalid handle %p [%s]",
node, acpi_ut_get_descriptor_name(node)));
return_ACPI_STATUS(AE_BAD_PARAMETER);
}
/* Check if this object is already attached */
if (node->object == object) {
ACPI_DEBUG_PRINT((ACPI_DB_EXEC,
"Obj %p already installed in NameObj %p\n",
object, node));
return_ACPI_STATUS(AE_OK);
}
/* If null object, we will just install it */
if (!object) {
obj_desc = NULL;
object_type = ACPI_TYPE_ANY;
}
/*
* If the source object is a namespace Node with an attached object,
* we will use that (attached) object
*/
else if ((ACPI_GET_DESCRIPTOR_TYPE(object) == ACPI_DESC_TYPE_NAMED) &&
((struct acpi_namespace_node *)object)->object) {
/*
* Value passed is a name handle and that name has a
* non-null value. Use that name's value and type.
*/
obj_desc = ((struct acpi_namespace_node *)object)->object;
object_type = ((struct acpi_namespace_node *)object)->type;
}
/*
* Otherwise, we will use the parameter object, but we must type
* it first
*/
else {
obj_desc = (union acpi_operand_object *)object;
/* Use the given type */
object_type = type;
}
ACPI_DEBUG_PRINT((ACPI_DB_EXEC, "Installing %p into Node %p [%4.4s]\n",
obj_desc, node, acpi_ut_get_node_name(node)));
/* Detach an existing attached object if present */
if (node->object) {
acpi_ns_detach_object(node);
}
if (obj_desc) {
/*
* Must increment the new value's reference count
* (if it is an internal object)
*/
acpi_ut_add_reference(obj_desc);
/*
* Handle objects with multiple descriptors - walk
* to the end of the descriptor list
*/
last_obj_desc = obj_desc;
while (last_obj_desc->common.next_object) {
last_obj_desc = last_obj_desc->common.next_object;
}
/* Install the object at the front of the object list */
last_obj_desc->common.next_object = node->object;
}
node->type = (u8) object_type;
node->object = obj_desc;
return_ACPI_STATUS(AE_OK);
}
/*******************************************************************************
*
* FUNCTION: acpi_ns_detach_object
*
* PARAMETERS: node - A Namespace node whose object will be detached
*
* RETURN: None.
*
* DESCRIPTION: Detach/delete an object associated with a namespace node.
* if the object is an allocated object, it is freed.
* Otherwise, the field is simply cleared.
*
******************************************************************************/
void acpi_ns_detach_object(struct acpi_namespace_node *node)
{
union acpi_operand_object *obj_desc;
ACPI_FUNCTION_TRACE(ns_detach_object);
obj_desc = node->object;
if (!obj_desc || (obj_desc->common.type == ACPI_TYPE_LOCAL_DATA)) {
return_VOID;
}
if (node->flags & ANOBJ_ALLOCATED_BUFFER) {
/* Free the dynamic aml buffer */
if (obj_desc->common.type == ACPI_TYPE_METHOD) {
ACPI_FREE(obj_desc->method.aml_start);
}
}
if (obj_desc->common.type == ACPI_TYPE_REGION) {
acpi_ut_remove_address_range(obj_desc->region.space_id, node);
}
/* Clear the Node entry in all cases */
node->object = NULL;
if (ACPI_GET_DESCRIPTOR_TYPE(obj_desc) == ACPI_DESC_TYPE_OPERAND) {
/* Unlink object from front of possible object list */
node->object = obj_desc->common.next_object;
/* Handle possible 2-descriptor object */
if (node->object &&
(node->object->common.type != ACPI_TYPE_LOCAL_DATA)) {
node->object = node->object->common.next_object;
}
/*
* Detach the object from any data objects (which are still held by
* the namespace node)
*/
if (obj_desc->common.next_object &&
((obj_desc->common.next_object)->common.type ==
ACPI_TYPE_LOCAL_DATA)) {
obj_desc->common.next_object = NULL;
}
}
/* Reset the node type to untyped */
node->type = ACPI_TYPE_ANY;
ACPI_DEBUG_PRINT((ACPI_DB_NAMES, "Node %p [%4.4s] Object %p\n",
node, acpi_ut_get_node_name(node), obj_desc));
/* Remove one reference on the object (and all subobjects) */
acpi_ut_remove_reference(obj_desc);
return_VOID;
}
/*******************************************************************************
*
* FUNCTION: acpi_ns_get_attached_object
*
* PARAMETERS: node - Namespace node
*
* RETURN: Current value of the object field from the Node whose
* handle is passed
*
* DESCRIPTION: Obtain the object attached to a namespace node.
*
******************************************************************************/
union acpi_operand_object *acpi_ns_get_attached_object(struct
acpi_namespace_node
*node)
{
ACPI_FUNCTION_TRACE_PTR(ns_get_attached_object, node);
if (!node) {
ACPI_WARNING((AE_INFO, "Null Node ptr"));
return_PTR(NULL);
}
if (!node->object ||
((ACPI_GET_DESCRIPTOR_TYPE(node->object) != ACPI_DESC_TYPE_OPERAND)
&& (ACPI_GET_DESCRIPTOR_TYPE(node->object) !=
ACPI_DESC_TYPE_NAMED))
|| ((node->object)->common.type == ACPI_TYPE_LOCAL_DATA)) {
return_PTR(NULL);
}
return_PTR(node->object);
}
/*******************************************************************************
*
* FUNCTION: acpi_ns_get_secondary_object
*
* PARAMETERS: node - Namespace node
*
* RETURN: Current value of the object field from the Node whose
* handle is passed.
*
* DESCRIPTION: Obtain a secondary object associated with a namespace node.
*
******************************************************************************/
union acpi_operand_object *acpi_ns_get_secondary_object(union
acpi_operand_object
*obj_desc)
{
ACPI_FUNCTION_TRACE_PTR(ns_get_secondary_object, obj_desc);
if ((!obj_desc) ||
(obj_desc->common.type == ACPI_TYPE_LOCAL_DATA) ||
(!obj_desc->common.next_object) ||
((obj_desc->common.next_object)->common.type ==
ACPI_TYPE_LOCAL_DATA)) {
return_PTR(NULL);
}
return_PTR(obj_desc->common.next_object);
}
/*******************************************************************************
*
* FUNCTION: acpi_ns_attach_data
*
* PARAMETERS: node - Namespace node
* handler - Handler to be associated with the data
* data - Data to be attached
*
* RETURN: Status
*
* DESCRIPTION: Low-level attach data. Create and attach a Data object.
*
******************************************************************************/
acpi_status
acpi_ns_attach_data(struct acpi_namespace_node *node,
acpi_object_handler handler, void *data)
{
union acpi_operand_object *prev_obj_desc;
union acpi_operand_object *obj_desc;
union acpi_operand_object *data_desc;
/* We only allow one attachment per handler */
prev_obj_desc = NULL;
obj_desc = node->object;
while (obj_desc) {
if ((obj_desc->common.type == ACPI_TYPE_LOCAL_DATA) &&
(obj_desc->data.handler == handler)) {
return (AE_ALREADY_EXISTS);
}
prev_obj_desc = obj_desc;
obj_desc = obj_desc->common.next_object;
}
/* Create an internal object for the data */
data_desc = acpi_ut_create_internal_object(ACPI_TYPE_LOCAL_DATA);
if (!data_desc) {
return (AE_NO_MEMORY);
}
data_desc->data.handler = handler;
data_desc->data.pointer = data;
/* Install the data object */
if (prev_obj_desc) {
prev_obj_desc->common.next_object = data_desc;
} else {
node->object = data_desc;
}
return (AE_OK);
}
/*******************************************************************************
*
* FUNCTION: acpi_ns_detach_data
*
* PARAMETERS: node - Namespace node
* handler - Handler associated with the data
*
* RETURN: Status
*
* DESCRIPTION: Low-level detach data. Delete the data node, but the caller
* is responsible for the actual data.
*
******************************************************************************/
acpi_status
acpi_ns_detach_data(struct acpi_namespace_node *node,
acpi_object_handler handler)
{
union acpi_operand_object *obj_desc;
union acpi_operand_object *prev_obj_desc;
prev_obj_desc = NULL;
obj_desc = node->object;
while (obj_desc) {
if ((obj_desc->common.type == ACPI_TYPE_LOCAL_DATA) &&
(obj_desc->data.handler == handler)) {
if (prev_obj_desc) {
prev_obj_desc->common.next_object =
obj_desc->common.next_object;
} else {
node->object = obj_desc->common.next_object;
}
acpi_ut_remove_reference(obj_desc);
return (AE_OK);
}
prev_obj_desc = obj_desc;
obj_desc = obj_desc->common.next_object;
}
return (AE_NOT_FOUND);
}
/*******************************************************************************
*
* FUNCTION: acpi_ns_get_attached_data
*
* PARAMETERS: node - Namespace node
* handler - Handler associated with the data
* data - Where the data is returned
*
* RETURN: Status
*
* DESCRIPTION: Low level interface to obtain data previously associated with
* a namespace node.
*
******************************************************************************/
acpi_status
acpi_ns_get_attached_data(struct acpi_namespace_node *node,
acpi_object_handler handler, void **data)
{
union acpi_operand_object *obj_desc;
obj_desc = node->object;
while (obj_desc) {
if ((obj_desc->common.type == ACPI_TYPE_LOCAL_DATA) &&
(obj_desc->data.handler == handler)) {
*data = obj_desc->data.pointer;
return (AE_OK);
}
obj_desc = obj_desc->common.next_object;
}
return (AE_NOT_FOUND);
}