Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / acpi / acpica / exfield.c
blobdc092f5b35d6b8ed0198535a39be122280d7828e
1 /******************************************************************************
3 * Module Name: exfield - ACPI AML (p-code) execution - field manipulation
5 *****************************************************************************/
7 /*
8 * Copyright (C) 2000 - 2012, Intel Corp.
9 * All rights reserved.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions, and the following disclaimer,
16 * without modification.
17 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
18 * substantially similar to the "NO WARRANTY" disclaimer below
19 * ("Disclaimer") and any redistribution must be conditioned upon
20 * including a substantially similar Disclaimer requirement for further
21 * binary redistribution.
22 * 3. Neither the names of the above-listed copyright holders nor the names
23 * of any contributors may be used to endorse or promote products derived
24 * from this software without specific prior written permission.
26 * Alternatively, this software may be distributed under the terms of the
27 * GNU General Public License ("GPL") version 2 as published by the Free
28 * Software Foundation.
30 * NO WARRANTY
31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
33 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
34 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
35 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
37 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
40 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
41 * POSSIBILITY OF SUCH DAMAGES.
44 #include <acpi/acpi.h>
45 #include "accommon.h"
46 #include "acdispat.h"
47 #include "acinterp.h"
49 #define _COMPONENT ACPI_EXECUTER
50 ACPI_MODULE_NAME("exfield")
52 /*******************************************************************************
54 * FUNCTION: acpi_ex_read_data_from_field
56 * PARAMETERS: walk_state - Current execution state
57 * obj_desc - The named field
58 * ret_buffer_desc - Where the return data object is stored
60 * RETURN: Status
62 * DESCRIPTION: Read from a named field. Returns either an Integer or a
63 * Buffer, depending on the size of the field.
65 ******************************************************************************/
66 acpi_status
67 acpi_ex_read_data_from_field(struct acpi_walk_state *walk_state,
68 union acpi_operand_object *obj_desc,
69 union acpi_operand_object **ret_buffer_desc)
71 acpi_status status;
72 union acpi_operand_object *buffer_desc;
73 acpi_size length;
74 void *buffer;
75 u32 function;
77 ACPI_FUNCTION_TRACE_PTR(ex_read_data_from_field, obj_desc);
79 /* Parameter validation */
81 if (!obj_desc) {
82 return_ACPI_STATUS(AE_AML_NO_OPERAND);
84 if (!ret_buffer_desc) {
85 return_ACPI_STATUS(AE_BAD_PARAMETER);
88 if (obj_desc->common.type == ACPI_TYPE_BUFFER_FIELD) {
90 * If the buffer_field arguments have not been previously evaluated,
91 * evaluate them now and save the results.
93 if (!(obj_desc->common.flags & AOPOBJ_DATA_VALID)) {
94 status = acpi_ds_get_buffer_field_arguments(obj_desc);
95 if (ACPI_FAILURE(status)) {
96 return_ACPI_STATUS(status);
99 } else if ((obj_desc->common.type == ACPI_TYPE_LOCAL_REGION_FIELD) &&
100 (obj_desc->field.region_obj->region.space_id ==
101 ACPI_ADR_SPACE_SMBUS
102 || obj_desc->field.region_obj->region.space_id ==
103 ACPI_ADR_SPACE_GSBUS
104 || obj_desc->field.region_obj->region.space_id ==
105 ACPI_ADR_SPACE_IPMI)) {
107 * This is an SMBus, GSBus or IPMI read. We must create a buffer to hold
108 * the data and then directly access the region handler.
110 * Note: SMBus and GSBus protocol value is passed in upper 16-bits of Function
112 if (obj_desc->field.region_obj->region.space_id ==
113 ACPI_ADR_SPACE_SMBUS) {
114 length = ACPI_SMBUS_BUFFER_SIZE;
115 function =
116 ACPI_READ | (obj_desc->field.attribute << 16);
117 } else if (obj_desc->field.region_obj->region.space_id ==
118 ACPI_ADR_SPACE_GSBUS) {
119 length = ACPI_GSBUS_BUFFER_SIZE;
120 function =
121 ACPI_READ | (obj_desc->field.attribute << 16);
122 } else { /* IPMI */
124 length = ACPI_IPMI_BUFFER_SIZE;
125 function = ACPI_READ;
128 buffer_desc = acpi_ut_create_buffer_object(length);
129 if (!buffer_desc) {
130 return_ACPI_STATUS(AE_NO_MEMORY);
133 /* Lock entire transaction if requested */
135 acpi_ex_acquire_global_lock(obj_desc->common_field.field_flags);
137 /* Call the region handler for the read */
139 status = acpi_ex_access_region(obj_desc, 0,
140 ACPI_CAST_PTR(u64,
141 buffer_desc->
142 buffer.pointer),
143 function);
144 acpi_ex_release_global_lock(obj_desc->common_field.field_flags);
145 goto exit;
149 * Allocate a buffer for the contents of the field.
151 * If the field is larger than the current integer width, create
152 * a BUFFER to hold it. Otherwise, use an INTEGER. This allows
153 * the use of arithmetic operators on the returned value if the
154 * field size is equal or smaller than an Integer.
156 * Note: Field.length is in bits.
158 length =
159 (acpi_size) ACPI_ROUND_BITS_UP_TO_BYTES(obj_desc->field.bit_length);
160 if (length > acpi_gbl_integer_byte_width) {
162 /* Field is too large for an Integer, create a Buffer instead */
164 buffer_desc = acpi_ut_create_buffer_object(length);
165 if (!buffer_desc) {
166 return_ACPI_STATUS(AE_NO_MEMORY);
168 buffer = buffer_desc->buffer.pointer;
169 } else {
170 /* Field will fit within an Integer (normal case) */
172 buffer_desc = acpi_ut_create_integer_object((u64) 0);
173 if (!buffer_desc) {
174 return_ACPI_STATUS(AE_NO_MEMORY);
177 length = acpi_gbl_integer_byte_width;
178 buffer = &buffer_desc->integer.value;
181 ACPI_DEBUG_PRINT((ACPI_DB_BFIELD,
182 "FieldRead [TO]: Obj %p, Type %X, Buf %p, ByteLen %X\n",
183 obj_desc, obj_desc->common.type, buffer,
184 (u32) length));
185 ACPI_DEBUG_PRINT((ACPI_DB_BFIELD,
186 "FieldRead [FROM]: BitLen %X, BitOff %X, ByteOff %X\n",
187 obj_desc->common_field.bit_length,
188 obj_desc->common_field.start_field_bit_offset,
189 obj_desc->common_field.base_byte_offset));
191 /* Lock entire transaction if requested */
193 acpi_ex_acquire_global_lock(obj_desc->common_field.field_flags);
195 /* Read from the field */
197 status = acpi_ex_extract_from_field(obj_desc, buffer, (u32) length);
198 acpi_ex_release_global_lock(obj_desc->common_field.field_flags);
200 exit:
201 if (ACPI_FAILURE(status)) {
202 acpi_ut_remove_reference(buffer_desc);
203 } else {
204 *ret_buffer_desc = buffer_desc;
207 return_ACPI_STATUS(status);
210 /*******************************************************************************
212 * FUNCTION: acpi_ex_write_data_to_field
214 * PARAMETERS: source_desc - Contains data to write
215 * obj_desc - The named field
216 * result_desc - Where the return value is returned, if any
218 * RETURN: Status
220 * DESCRIPTION: Write to a named field
222 ******************************************************************************/
224 acpi_status
225 acpi_ex_write_data_to_field(union acpi_operand_object *source_desc,
226 union acpi_operand_object *obj_desc,
227 union acpi_operand_object **result_desc)
229 acpi_status status;
230 u32 length;
231 void *buffer;
232 union acpi_operand_object *buffer_desc;
233 u32 function;
235 ACPI_FUNCTION_TRACE_PTR(ex_write_data_to_field, obj_desc);
237 /* Parameter validation */
239 if (!source_desc || !obj_desc) {
240 return_ACPI_STATUS(AE_AML_NO_OPERAND);
243 if (obj_desc->common.type == ACPI_TYPE_BUFFER_FIELD) {
245 * If the buffer_field arguments have not been previously evaluated,
246 * evaluate them now and save the results.
248 if (!(obj_desc->common.flags & AOPOBJ_DATA_VALID)) {
249 status = acpi_ds_get_buffer_field_arguments(obj_desc);
250 if (ACPI_FAILURE(status)) {
251 return_ACPI_STATUS(status);
254 } else if ((obj_desc->common.type == ACPI_TYPE_LOCAL_REGION_FIELD) &&
255 (obj_desc->field.region_obj->region.space_id ==
256 ACPI_ADR_SPACE_SMBUS
257 || obj_desc->field.region_obj->region.space_id ==
258 ACPI_ADR_SPACE_GSBUS
259 || obj_desc->field.region_obj->region.space_id ==
260 ACPI_ADR_SPACE_IPMI)) {
262 * This is an SMBus, GSBus or IPMI write. We will bypass the entire field
263 * mechanism and handoff the buffer directly to the handler. For
264 * these address spaces, the buffer is bi-directional; on a write,
265 * return data is returned in the same buffer.
267 * Source must be a buffer of sufficient size:
268 * ACPI_SMBUS_BUFFER_SIZE, ACPI_GSBUS_BUFFER_SIZE, or ACPI_IPMI_BUFFER_SIZE.
270 * Note: SMBus and GSBus protocol type is passed in upper 16-bits of Function
272 if (source_desc->common.type != ACPI_TYPE_BUFFER) {
273 ACPI_ERROR((AE_INFO,
274 "SMBus/IPMI/GenericSerialBus write requires Buffer, found type %s",
275 acpi_ut_get_object_type_name(source_desc)));
277 return_ACPI_STATUS(AE_AML_OPERAND_TYPE);
280 if (obj_desc->field.region_obj->region.space_id ==
281 ACPI_ADR_SPACE_SMBUS) {
282 length = ACPI_SMBUS_BUFFER_SIZE;
283 function =
284 ACPI_WRITE | (obj_desc->field.attribute << 16);
285 } else if (obj_desc->field.region_obj->region.space_id ==
286 ACPI_ADR_SPACE_GSBUS) {
287 length = ACPI_GSBUS_BUFFER_SIZE;
288 function =
289 ACPI_WRITE | (obj_desc->field.attribute << 16);
290 } else { /* IPMI */
292 length = ACPI_IPMI_BUFFER_SIZE;
293 function = ACPI_WRITE;
296 if (source_desc->buffer.length < length) {
297 ACPI_ERROR((AE_INFO,
298 "SMBus/IPMI/GenericSerialBus write requires Buffer of length %u, found length %u",
299 length, source_desc->buffer.length));
301 return_ACPI_STATUS(AE_AML_BUFFER_LIMIT);
304 /* Create the bi-directional buffer */
306 buffer_desc = acpi_ut_create_buffer_object(length);
307 if (!buffer_desc) {
308 return_ACPI_STATUS(AE_NO_MEMORY);
311 buffer = buffer_desc->buffer.pointer;
312 ACPI_MEMCPY(buffer, source_desc->buffer.pointer, length);
314 /* Lock entire transaction if requested */
316 acpi_ex_acquire_global_lock(obj_desc->common_field.field_flags);
319 * Perform the write (returns status and perhaps data in the
320 * same buffer)
322 status = acpi_ex_access_region(obj_desc, 0,
323 (u64 *) buffer, function);
324 acpi_ex_release_global_lock(obj_desc->common_field.field_flags);
326 *result_desc = buffer_desc;
327 return_ACPI_STATUS(status);
330 /* Get a pointer to the data to be written */
332 switch (source_desc->common.type) {
333 case ACPI_TYPE_INTEGER:
334 buffer = &source_desc->integer.value;
335 length = sizeof(source_desc->integer.value);
336 break;
338 case ACPI_TYPE_BUFFER:
339 buffer = source_desc->buffer.pointer;
340 length = source_desc->buffer.length;
341 break;
343 case ACPI_TYPE_STRING:
344 buffer = source_desc->string.pointer;
345 length = source_desc->string.length;
346 break;
348 default:
349 return_ACPI_STATUS(AE_AML_OPERAND_TYPE);
352 ACPI_DEBUG_PRINT((ACPI_DB_BFIELD,
353 "FieldWrite [FROM]: Obj %p (%s:%X), Buf %p, ByteLen %X\n",
354 source_desc,
355 acpi_ut_get_type_name(source_desc->common.type),
356 source_desc->common.type, buffer, length));
358 ACPI_DEBUG_PRINT((ACPI_DB_BFIELD,
359 "FieldWrite [TO]: Obj %p (%s:%X), BitLen %X, BitOff %X, ByteOff %X\n",
360 obj_desc,
361 acpi_ut_get_type_name(obj_desc->common.type),
362 obj_desc->common.type,
363 obj_desc->common_field.bit_length,
364 obj_desc->common_field.start_field_bit_offset,
365 obj_desc->common_field.base_byte_offset));
367 /* Lock entire transaction if requested */
369 acpi_ex_acquire_global_lock(obj_desc->common_field.field_flags);
371 /* Write to the field */
373 status = acpi_ex_insert_into_field(obj_desc, buffer, length);
374 acpi_ex_release_global_lock(obj_desc->common_field.field_flags);
376 return_ACPI_STATUS(status);