Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / acpi / utils.c
blobb002a471c5d49d7afdb9c5db81e78ae65743c4ff
1 /*
2 * acpi_utils.c - ACPI Utility Functions ($Revision: 10 $)
4 * Copyright (C) 2001, 2002 Andy Grover <andrew.grover@intel.com>
5 * Copyright (C) 2001, 2002 Paul Diefenbaugh <paul.s.diefenbaugh@intel.com>
7 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or (at
12 * your option) any later version.
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
23 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
26 #include <linux/kernel.h>
27 #include <linux/module.h>
28 #include <linux/slab.h>
29 #include <linux/init.h>
30 #include <linux/types.h>
31 #include <acpi/acpi_bus.h>
32 #include <acpi/acpi_drivers.h>
34 #include "internal.h"
36 #define _COMPONENT ACPI_BUS_COMPONENT
37 ACPI_MODULE_NAME("utils");
39 /* --------------------------------------------------------------------------
40 Object Evaluation Helpers
41 -------------------------------------------------------------------------- */
42 static void
43 acpi_util_eval_error(acpi_handle h, acpi_string p, acpi_status s)
45 #ifdef ACPI_DEBUG_OUTPUT
46 char prefix[80] = {'\0'};
47 struct acpi_buffer buffer = {sizeof(prefix), prefix};
48 acpi_get_name(h, ACPI_FULL_PATHNAME, &buffer);
49 ACPI_DEBUG_PRINT((ACPI_DB_INFO, "Evaluate [%s.%s]: %s\n",
50 (char *) prefix, p, acpi_format_exception(s)));
51 #else
52 return;
53 #endif
56 acpi_status
57 acpi_extract_package(union acpi_object *package,
58 struct acpi_buffer *format, struct acpi_buffer *buffer)
60 u32 size_required = 0;
61 u32 tail_offset = 0;
62 char *format_string = NULL;
63 u32 format_count = 0;
64 u32 i = 0;
65 u8 *head = NULL;
66 u8 *tail = NULL;
69 if (!package || (package->type != ACPI_TYPE_PACKAGE)
70 || (package->package.count < 1)) {
71 printk(KERN_WARNING PREFIX "Invalid package argument\n");
72 return AE_BAD_PARAMETER;
75 if (!format || !format->pointer || (format->length < 1)) {
76 printk(KERN_WARNING PREFIX "Invalid format argument\n");
77 return AE_BAD_PARAMETER;
80 if (!buffer) {
81 printk(KERN_WARNING PREFIX "Invalid buffer argument\n");
82 return AE_BAD_PARAMETER;
85 format_count = (format->length / sizeof(char)) - 1;
86 if (format_count > package->package.count) {
87 printk(KERN_WARNING PREFIX "Format specifies more objects [%d]"
88 " than exist in package [%d].\n",
89 format_count, package->package.count);
90 return AE_BAD_DATA;
93 format_string = format->pointer;
96 * Calculate size_required.
98 for (i = 0; i < format_count; i++) {
100 union acpi_object *element = &(package->package.elements[i]);
102 if (!element) {
103 return AE_BAD_DATA;
106 switch (element->type) {
108 case ACPI_TYPE_INTEGER:
109 switch (format_string[i]) {
110 case 'N':
111 size_required += sizeof(u64);
112 tail_offset += sizeof(u64);
113 break;
114 case 'S':
115 size_required +=
116 sizeof(char *) + sizeof(u64) +
117 sizeof(char);
118 tail_offset += sizeof(char *);
119 break;
120 default:
121 printk(KERN_WARNING PREFIX "Invalid package element"
122 " [%d]: got number, expecing"
123 " [%c]\n",
124 i, format_string[i]);
125 return AE_BAD_DATA;
126 break;
128 break;
130 case ACPI_TYPE_STRING:
131 case ACPI_TYPE_BUFFER:
132 switch (format_string[i]) {
133 case 'S':
134 size_required +=
135 sizeof(char *) +
136 (element->string.length * sizeof(char)) +
137 sizeof(char);
138 tail_offset += sizeof(char *);
139 break;
140 case 'B':
141 size_required +=
142 sizeof(u8 *) +
143 (element->buffer.length * sizeof(u8));
144 tail_offset += sizeof(u8 *);
145 break;
146 default:
147 printk(KERN_WARNING PREFIX "Invalid package element"
148 " [%d] got string/buffer,"
149 " expecing [%c]\n",
150 i, format_string[i]);
151 return AE_BAD_DATA;
152 break;
154 break;
156 case ACPI_TYPE_PACKAGE:
157 default:
158 ACPI_DEBUG_PRINT((ACPI_DB_INFO,
159 "Found unsupported element at index=%d\n",
160 i));
161 /* TBD: handle nested packages... */
162 return AE_SUPPORT;
163 break;
168 * Validate output buffer.
170 if (buffer->length < size_required) {
171 buffer->length = size_required;
172 return AE_BUFFER_OVERFLOW;
173 } else if (buffer->length != size_required || !buffer->pointer) {
174 return AE_BAD_PARAMETER;
177 head = buffer->pointer;
178 tail = buffer->pointer + tail_offset;
181 * Extract package data.
183 for (i = 0; i < format_count; i++) {
185 u8 **pointer = NULL;
186 union acpi_object *element = &(package->package.elements[i]);
188 if (!element) {
189 return AE_BAD_DATA;
192 switch (element->type) {
194 case ACPI_TYPE_INTEGER:
195 switch (format_string[i]) {
196 case 'N':
197 *((u64 *) head) =
198 element->integer.value;
199 head += sizeof(u64);
200 break;
201 case 'S':
202 pointer = (u8 **) head;
203 *pointer = tail;
204 *((u64 *) tail) =
205 element->integer.value;
206 head += sizeof(u64 *);
207 tail += sizeof(u64);
208 /* NULL terminate string */
209 *tail = (char)0;
210 tail += sizeof(char);
211 break;
212 default:
213 /* Should never get here */
214 break;
216 break;
218 case ACPI_TYPE_STRING:
219 case ACPI_TYPE_BUFFER:
220 switch (format_string[i]) {
221 case 'S':
222 pointer = (u8 **) head;
223 *pointer = tail;
224 memcpy(tail, element->string.pointer,
225 element->string.length);
226 head += sizeof(char *);
227 tail += element->string.length * sizeof(char);
228 /* NULL terminate string */
229 *tail = (char)0;
230 tail += sizeof(char);
231 break;
232 case 'B':
233 pointer = (u8 **) head;
234 *pointer = tail;
235 memcpy(tail, element->buffer.pointer,
236 element->buffer.length);
237 head += sizeof(u8 *);
238 tail += element->buffer.length * sizeof(u8);
239 break;
240 default:
241 /* Should never get here */
242 break;
244 break;
246 case ACPI_TYPE_PACKAGE:
247 /* TBD: handle nested packages... */
248 default:
249 /* Should never get here */
250 break;
254 return AE_OK;
257 EXPORT_SYMBOL(acpi_extract_package);
259 acpi_status
260 acpi_evaluate_integer(acpi_handle handle,
261 acpi_string pathname,
262 struct acpi_object_list *arguments, unsigned long long *data)
264 acpi_status status = AE_OK;
265 union acpi_object element;
266 struct acpi_buffer buffer = { 0, NULL };
268 if (!data)
269 return AE_BAD_PARAMETER;
271 buffer.length = sizeof(union acpi_object);
272 buffer.pointer = &element;
273 status = acpi_evaluate_object(handle, pathname, arguments, &buffer);
274 if (ACPI_FAILURE(status)) {
275 acpi_util_eval_error(handle, pathname, status);
276 return status;
279 if (element.type != ACPI_TYPE_INTEGER) {
280 acpi_util_eval_error(handle, pathname, AE_BAD_DATA);
281 return AE_BAD_DATA;
284 *data = element.integer.value;
286 ACPI_DEBUG_PRINT((ACPI_DB_INFO, "Return value [%llu]\n", *data));
288 return AE_OK;
291 EXPORT_SYMBOL(acpi_evaluate_integer);
293 acpi_status
294 acpi_evaluate_reference(acpi_handle handle,
295 acpi_string pathname,
296 struct acpi_object_list *arguments,
297 struct acpi_handle_list *list)
299 acpi_status status = AE_OK;
300 union acpi_object *package = NULL;
301 union acpi_object *element = NULL;
302 struct acpi_buffer buffer = { ACPI_ALLOCATE_BUFFER, NULL };
303 u32 i = 0;
306 if (!list) {
307 return AE_BAD_PARAMETER;
310 /* Evaluate object. */
312 status = acpi_evaluate_object(handle, pathname, arguments, &buffer);
313 if (ACPI_FAILURE(status))
314 goto end;
316 package = buffer.pointer;
318 if ((buffer.length == 0) || !package) {
319 printk(KERN_ERR PREFIX "No return object (len %X ptr %p)\n",
320 (unsigned)buffer.length, package);
321 status = AE_BAD_DATA;
322 acpi_util_eval_error(handle, pathname, status);
323 goto end;
325 if (package->type != ACPI_TYPE_PACKAGE) {
326 printk(KERN_ERR PREFIX "Expecting a [Package], found type %X\n",
327 package->type);
328 status = AE_BAD_DATA;
329 acpi_util_eval_error(handle, pathname, status);
330 goto end;
332 if (!package->package.count) {
333 printk(KERN_ERR PREFIX "[Package] has zero elements (%p)\n",
334 package);
335 status = AE_BAD_DATA;
336 acpi_util_eval_error(handle, pathname, status);
337 goto end;
340 if (package->package.count > ACPI_MAX_HANDLES) {
341 return AE_NO_MEMORY;
343 list->count = package->package.count;
345 /* Extract package data. */
347 for (i = 0; i < list->count; i++) {
349 element = &(package->package.elements[i]);
351 if (element->type != ACPI_TYPE_LOCAL_REFERENCE) {
352 status = AE_BAD_DATA;
353 printk(KERN_ERR PREFIX
354 "Expecting a [Reference] package element, found type %X\n",
355 element->type);
356 acpi_util_eval_error(handle, pathname, status);
357 break;
360 if (!element->reference.handle) {
361 printk(KERN_WARNING PREFIX "Invalid reference in"
362 " package %s\n", pathname);
363 status = AE_NULL_ENTRY;
364 break;
366 /* Get the acpi_handle. */
368 list->handles[i] = element->reference.handle;
369 ACPI_DEBUG_PRINT((ACPI_DB_INFO, "Found reference [%p]\n",
370 list->handles[i]));
373 end:
374 if (ACPI_FAILURE(status)) {
375 list->count = 0;
376 //kfree(list->handles);
379 kfree(buffer.pointer);
381 return status;
384 EXPORT_SYMBOL(acpi_evaluate_reference);