Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / acpi / acpica / exoparg2.c
blob879e8a277b9485ccb7e8deb0cba6742357744db9
1 /******************************************************************************
3 * Module Name: exoparg2 - AML execution - opcodes with 2 arguments
5 *****************************************************************************/
7 /*
8 * Copyright (C) 2000 - 2012, Intel Corp.
9 * All rights reserved.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions, and the following disclaimer,
16 * without modification.
17 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
18 * substantially similar to the "NO WARRANTY" disclaimer below
19 * ("Disclaimer") and any redistribution must be conditioned upon
20 * including a substantially similar Disclaimer requirement for further
21 * binary redistribution.
22 * 3. Neither the names of the above-listed copyright holders nor the names
23 * of any contributors may be used to endorse or promote products derived
24 * from this software without specific prior written permission.
26 * Alternatively, this software may be distributed under the terms of the
27 * GNU General Public License ("GPL") version 2 as published by the Free
28 * Software Foundation.
30 * NO WARRANTY
31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
33 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
34 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
35 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
37 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
40 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
41 * POSSIBILITY OF SUCH DAMAGES.
44 #include <acpi/acpi.h>
45 #include "accommon.h"
46 #include "acparser.h"
47 #include "acinterp.h"
48 #include "acevents.h"
49 #include "amlcode.h"
51 #define _COMPONENT ACPI_EXECUTER
52 ACPI_MODULE_NAME("exoparg2")
54 /*!
55 * Naming convention for AML interpreter execution routines.
57 * The routines that begin execution of AML opcodes are named with a common
58 * convention based upon the number of arguments, the number of target operands,
59 * and whether or not a value is returned:
61 * AcpiExOpcode_xA_yT_zR
63 * Where:
65 * xA - ARGUMENTS: The number of arguments (input operands) that are
66 * required for this opcode type (1 through 6 args).
67 * yT - TARGETS: The number of targets (output operands) that are required
68 * for this opcode type (0, 1, or 2 targets).
69 * zR - RETURN VALUE: Indicates whether this opcode type returns a value
70 * as the function return (0 or 1).
72 * The AcpiExOpcode* functions are called via the Dispatcher component with
73 * fully resolved operands.
74 !*/
75 /*******************************************************************************
77 * FUNCTION: acpi_ex_opcode_2A_0T_0R
79 * PARAMETERS: walk_state - Current walk state
81 * RETURN: Status
83 * DESCRIPTION: Execute opcode with two arguments, no target, and no return
84 * value.
86 * ALLOCATION: Deletes both operands
88 ******************************************************************************/
89 acpi_status acpi_ex_opcode_2A_0T_0R(struct acpi_walk_state *walk_state)
91 union acpi_operand_object **operand = &walk_state->operands[0];
92 struct acpi_namespace_node *node;
93 u32 value;
94 acpi_status status = AE_OK;
96 ACPI_FUNCTION_TRACE_STR(ex_opcode_2A_0T_0R,
97 acpi_ps_get_opcode_name(walk_state->opcode));
99 /* Examine the opcode */
101 switch (walk_state->opcode) {
102 case AML_NOTIFY_OP: /* Notify (notify_object, notify_value) */
104 /* The first operand is a namespace node */
106 node = (struct acpi_namespace_node *)operand[0];
108 /* Second value is the notify value */
110 value = (u32) operand[1]->integer.value;
112 /* Are notifies allowed on this object? */
114 if (!acpi_ev_is_notify_object(node)) {
115 ACPI_ERROR((AE_INFO,
116 "Unexpected notify object type [%s]",
117 acpi_ut_get_type_name(node->type)));
119 status = AE_AML_OPERAND_TYPE;
120 break;
124 * Dispatch the notify to the appropriate handler
125 * NOTE: the request is queued for execution after this method
126 * completes. The notify handlers are NOT invoked synchronously
127 * from this thread -- because handlers may in turn run other
128 * control methods.
130 status = acpi_ev_queue_notify_request(node, value);
131 break;
133 default:
135 ACPI_ERROR((AE_INFO, "Unknown AML opcode 0x%X",
136 walk_state->opcode));
137 status = AE_AML_BAD_OPCODE;
140 return_ACPI_STATUS(status);
143 /*******************************************************************************
145 * FUNCTION: acpi_ex_opcode_2A_2T_1R
147 * PARAMETERS: walk_state - Current walk state
149 * RETURN: Status
151 * DESCRIPTION: Execute a dyadic operator (2 operands) with 2 output targets
152 * and one implicit return value.
154 ******************************************************************************/
156 acpi_status acpi_ex_opcode_2A_2T_1R(struct acpi_walk_state *walk_state)
158 union acpi_operand_object **operand = &walk_state->operands[0];
159 union acpi_operand_object *return_desc1 = NULL;
160 union acpi_operand_object *return_desc2 = NULL;
161 acpi_status status;
163 ACPI_FUNCTION_TRACE_STR(ex_opcode_2A_2T_1R,
164 acpi_ps_get_opcode_name(walk_state->opcode));
166 /* Execute the opcode */
168 switch (walk_state->opcode) {
169 case AML_DIVIDE_OP:
171 /* Divide (Dividend, Divisor, remainder_result quotient_result) */
173 return_desc1 =
174 acpi_ut_create_internal_object(ACPI_TYPE_INTEGER);
175 if (!return_desc1) {
176 status = AE_NO_MEMORY;
177 goto cleanup;
180 return_desc2 =
181 acpi_ut_create_internal_object(ACPI_TYPE_INTEGER);
182 if (!return_desc2) {
183 status = AE_NO_MEMORY;
184 goto cleanup;
187 /* Quotient to return_desc1, remainder to return_desc2 */
189 status = acpi_ut_divide(operand[0]->integer.value,
190 operand[1]->integer.value,
191 &return_desc1->integer.value,
192 &return_desc2->integer.value);
193 if (ACPI_FAILURE(status)) {
194 goto cleanup;
196 break;
198 default:
200 ACPI_ERROR((AE_INFO, "Unknown AML opcode 0x%X",
201 walk_state->opcode));
202 status = AE_AML_BAD_OPCODE;
203 goto cleanup;
206 /* Store the results to the target reference operands */
208 status = acpi_ex_store(return_desc2, operand[2], walk_state);
209 if (ACPI_FAILURE(status)) {
210 goto cleanup;
213 status = acpi_ex_store(return_desc1, operand[3], walk_state);
214 if (ACPI_FAILURE(status)) {
215 goto cleanup;
218 cleanup:
220 * Since the remainder is not returned indirectly, remove a reference to
221 * it. Only the quotient is returned indirectly.
223 acpi_ut_remove_reference(return_desc2);
225 if (ACPI_FAILURE(status)) {
227 /* Delete the return object */
229 acpi_ut_remove_reference(return_desc1);
232 /* Save return object (the remainder) on success */
234 else {
235 walk_state->result_obj = return_desc1;
238 return_ACPI_STATUS(status);
241 /*******************************************************************************
243 * FUNCTION: acpi_ex_opcode_2A_1T_1R
245 * PARAMETERS: walk_state - Current walk state
247 * RETURN: Status
249 * DESCRIPTION: Execute opcode with two arguments, one target, and a return
250 * value.
252 ******************************************************************************/
254 acpi_status acpi_ex_opcode_2A_1T_1R(struct acpi_walk_state *walk_state)
256 union acpi_operand_object **operand = &walk_state->operands[0];
257 union acpi_operand_object *return_desc = NULL;
258 u64 index;
259 acpi_status status = AE_OK;
260 acpi_size length;
262 ACPI_FUNCTION_TRACE_STR(ex_opcode_2A_1T_1R,
263 acpi_ps_get_opcode_name(walk_state->opcode));
265 /* Execute the opcode */
267 if (walk_state->op_info->flags & AML_MATH) {
269 /* All simple math opcodes (add, etc.) */
271 return_desc = acpi_ut_create_internal_object(ACPI_TYPE_INTEGER);
272 if (!return_desc) {
273 status = AE_NO_MEMORY;
274 goto cleanup;
277 return_desc->integer.value =
278 acpi_ex_do_math_op(walk_state->opcode,
279 operand[0]->integer.value,
280 operand[1]->integer.value);
281 goto store_result_to_target;
284 switch (walk_state->opcode) {
285 case AML_MOD_OP: /* Mod (Dividend, Divisor, remainder_result (ACPI 2.0) */
287 return_desc = acpi_ut_create_internal_object(ACPI_TYPE_INTEGER);
288 if (!return_desc) {
289 status = AE_NO_MEMORY;
290 goto cleanup;
293 /* return_desc will contain the remainder */
295 status = acpi_ut_divide(operand[0]->integer.value,
296 operand[1]->integer.value,
297 NULL, &return_desc->integer.value);
298 break;
300 case AML_CONCAT_OP: /* Concatenate (Data1, Data2, Result) */
302 status = acpi_ex_do_concatenate(operand[0], operand[1],
303 &return_desc, walk_state);
304 break;
306 case AML_TO_STRING_OP: /* to_string (Buffer, Length, Result) (ACPI 2.0) */
309 * Input object is guaranteed to be a buffer at this point (it may have
310 * been converted.) Copy the raw buffer data to a new object of
311 * type String.
315 * Get the length of the new string. It is the smallest of:
316 * 1) Length of the input buffer
317 * 2) Max length as specified in the to_string operator
318 * 3) Length of input buffer up to a zero byte (null terminator)
320 * NOTE: A length of zero is ok, and will create a zero-length, null
321 * terminated string.
323 length = 0;
324 while ((length < operand[0]->buffer.length) &&
325 (length < operand[1]->integer.value) &&
326 (operand[0]->buffer.pointer[length])) {
327 length++;
330 /* Allocate a new string object */
332 return_desc = acpi_ut_create_string_object(length);
333 if (!return_desc) {
334 status = AE_NO_MEMORY;
335 goto cleanup;
339 * Copy the raw buffer data with no transform.
340 * (NULL terminated already)
342 ACPI_MEMCPY(return_desc->string.pointer,
343 operand[0]->buffer.pointer, length);
344 break;
346 case AML_CONCAT_RES_OP:
348 /* concatenate_res_template (Buffer, Buffer, Result) (ACPI 2.0) */
350 status = acpi_ex_concat_template(operand[0], operand[1],
351 &return_desc, walk_state);
352 break;
354 case AML_INDEX_OP: /* Index (Source Index Result) */
356 /* Create the internal return object */
358 return_desc =
359 acpi_ut_create_internal_object(ACPI_TYPE_LOCAL_REFERENCE);
360 if (!return_desc) {
361 status = AE_NO_MEMORY;
362 goto cleanup;
365 /* Initialize the Index reference object */
367 index = operand[1]->integer.value;
368 return_desc->reference.value = (u32) index;
369 return_desc->reference.class = ACPI_REFCLASS_INDEX;
372 * At this point, the Source operand is a String, Buffer, or Package.
373 * Verify that the index is within range.
375 switch ((operand[0])->common.type) {
376 case ACPI_TYPE_STRING:
378 if (index >= operand[0]->string.length) {
379 status = AE_AML_STRING_LIMIT;
382 return_desc->reference.target_type =
383 ACPI_TYPE_BUFFER_FIELD;
384 break;
386 case ACPI_TYPE_BUFFER:
388 if (index >= operand[0]->buffer.length) {
389 status = AE_AML_BUFFER_LIMIT;
392 return_desc->reference.target_type =
393 ACPI_TYPE_BUFFER_FIELD;
394 break;
396 case ACPI_TYPE_PACKAGE:
398 if (index >= operand[0]->package.count) {
399 status = AE_AML_PACKAGE_LIMIT;
402 return_desc->reference.target_type = ACPI_TYPE_PACKAGE;
403 return_desc->reference.where =
404 &operand[0]->package.elements[index];
405 break;
407 default:
409 status = AE_AML_INTERNAL;
410 goto cleanup;
413 /* Failure means that the Index was beyond the end of the object */
415 if (ACPI_FAILURE(status)) {
416 ACPI_EXCEPTION((AE_INFO, status,
417 "Index (0x%8.8X%8.8X) is beyond end of object",
418 ACPI_FORMAT_UINT64(index)));
419 goto cleanup;
423 * Save the target object and add a reference to it for the life
424 * of the index
426 return_desc->reference.object = operand[0];
427 acpi_ut_add_reference(operand[0]);
429 /* Store the reference to the Target */
431 status = acpi_ex_store(return_desc, operand[2], walk_state);
433 /* Return the reference */
435 walk_state->result_obj = return_desc;
436 goto cleanup;
438 default:
440 ACPI_ERROR((AE_INFO, "Unknown AML opcode 0x%X",
441 walk_state->opcode));
442 status = AE_AML_BAD_OPCODE;
443 break;
446 store_result_to_target:
448 if (ACPI_SUCCESS(status)) {
450 * Store the result of the operation (which is now in return_desc) into
451 * the Target descriptor.
453 status = acpi_ex_store(return_desc, operand[2], walk_state);
454 if (ACPI_FAILURE(status)) {
455 goto cleanup;
458 if (!walk_state->result_obj) {
459 walk_state->result_obj = return_desc;
463 cleanup:
465 /* Delete return object on error */
467 if (ACPI_FAILURE(status)) {
468 acpi_ut_remove_reference(return_desc);
469 walk_state->result_obj = NULL;
472 return_ACPI_STATUS(status);
475 /*******************************************************************************
477 * FUNCTION: acpi_ex_opcode_2A_0T_1R
479 * PARAMETERS: walk_state - Current walk state
481 * RETURN: Status
483 * DESCRIPTION: Execute opcode with 2 arguments, no target, and a return value
485 ******************************************************************************/
487 acpi_status acpi_ex_opcode_2A_0T_1R(struct acpi_walk_state *walk_state)
489 union acpi_operand_object **operand = &walk_state->operands[0];
490 union acpi_operand_object *return_desc = NULL;
491 acpi_status status = AE_OK;
492 u8 logical_result = FALSE;
494 ACPI_FUNCTION_TRACE_STR(ex_opcode_2A_0T_1R,
495 acpi_ps_get_opcode_name(walk_state->opcode));
497 /* Create the internal return object */
499 return_desc = acpi_ut_create_internal_object(ACPI_TYPE_INTEGER);
500 if (!return_desc) {
501 status = AE_NO_MEMORY;
502 goto cleanup;
505 /* Execute the Opcode */
507 if (walk_state->op_info->flags & AML_LOGICAL_NUMERIC) {
509 /* logical_op (Operand0, Operand1) */
511 status = acpi_ex_do_logical_numeric_op(walk_state->opcode,
512 operand[0]->integer.
513 value,
514 operand[1]->integer.
515 value, &logical_result);
516 goto store_logical_result;
517 } else if (walk_state->op_info->flags & AML_LOGICAL) {
519 /* logical_op (Operand0, Operand1) */
521 status = acpi_ex_do_logical_op(walk_state->opcode, operand[0],
522 operand[1], &logical_result);
523 goto store_logical_result;
526 switch (walk_state->opcode) {
527 case AML_ACQUIRE_OP: /* Acquire (mutex_object, Timeout) */
529 status =
530 acpi_ex_acquire_mutex(operand[1], operand[0], walk_state);
531 if (status == AE_TIME) {
532 logical_result = TRUE; /* TRUE = Acquire timed out */
533 status = AE_OK;
535 break;
537 case AML_WAIT_OP: /* Wait (event_object, Timeout) */
539 status = acpi_ex_system_wait_event(operand[1], operand[0]);
540 if (status == AE_TIME) {
541 logical_result = TRUE; /* TRUE, Wait timed out */
542 status = AE_OK;
544 break;
546 default:
548 ACPI_ERROR((AE_INFO, "Unknown AML opcode 0x%X",
549 walk_state->opcode));
550 status = AE_AML_BAD_OPCODE;
551 goto cleanup;
554 store_logical_result:
556 * Set return value to according to logical_result. logical TRUE (all ones)
557 * Default is FALSE (zero)
559 if (logical_result) {
560 return_desc->integer.value = ACPI_UINT64_MAX;
563 cleanup:
565 /* Delete return object on error */
567 if (ACPI_FAILURE(status)) {
568 acpi_ut_remove_reference(return_desc);
571 /* Save return object on success */
573 else {
574 walk_state->result_obj = return_desc;
577 return_ACPI_STATUS(status);