From: Greg Kroah-Hartman Date: Sun, 24 Nov 2013 03:27:13 +0000 (-0800) Subject: 3.4-stable patches X-Git-Tag: v3.11.10~50 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4dcb34f0f6d67466f8763ff18fc52b695887a8ec;p=thirdparty%2Fkernel%2Fstable-queue.git 3.4-stable patches added patches: acpica-derefof-operator-update-to-fully-resolve-fieldunit-and-bufferfield-refs.patch acpica-fix-for-a-store-argx-when-argx-contains-a-reference-to-a-field.patch acpica-interpreter-fix-store-when-implicit-conversion-is-not-possible.patch acpica-return-error-if-derefof-resolves-to-a-null-package-element.patch --- diff --git a/queue-3.4/acpica-derefof-operator-update-to-fully-resolve-fieldunit-and-bufferfield-refs.patch b/queue-3.4/acpica-derefof-operator-update-to-fully-resolve-fieldunit-and-bufferfield-refs.patch new file mode 100644 index 00000000000..ca4d6f4c72a --- /dev/null +++ b/queue-3.4/acpica-derefof-operator-update-to-fully-resolve-fieldunit-and-bufferfield-refs.patch @@ -0,0 +1,75 @@ +From 63660e05ec719613b518547b40a1c501c10f0bc4 Mon Sep 17 00:00:00 2001 +From: Bob Moore +Date: Thu, 8 Aug 2013 15:29:32 +0800 +Subject: ACPICA: DeRefOf operator: Update to fully resolve FieldUnit and BufferField refs. + +From: Bob Moore + +commit 63660e05ec719613b518547b40a1c501c10f0bc4 upstream. + +Previously, references to these objects were resolved only to the actual +FieldUnit or BufferField object. The correct behavior is to resolve these +references to an actual value. +The problem is that DerefOf did not resolve these objects to actual +values. An "Integer" object is simple, return the value. But a field in +an operation region will require a read operation. For a BufferField, the +appropriate data must be extracted from the parent buffer. + +NOTE: It appears that this issues is present in Windows7 but not +Windows8. + +Signed-off-by: Bob Moore +Signed-off-by: Lv Zheng +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/acpica/exoparg1.c | 35 ++++++++++++++++++++++++++++++++--- + 1 file changed, 32 insertions(+), 3 deletions(-) + +--- a/drivers/acpi/acpica/exoparg1.c ++++ b/drivers/acpi/acpica/exoparg1.c +@@ -998,11 +998,40 @@ acpi_status acpi_ex_opcode_1A_0T_1R(stru + acpi_namespace_node + *) + return_desc); +- } ++ if (!return_desc) { ++ break; ++ } ++ ++ /* ++ * June 2013: ++ * buffer_fields/field_units require additional resolution ++ */ ++ switch (return_desc->common.type) { ++ case ACPI_TYPE_BUFFER_FIELD: ++ case ACPI_TYPE_LOCAL_REGION_FIELD: ++ case ACPI_TYPE_LOCAL_BANK_FIELD: ++ case ACPI_TYPE_LOCAL_INDEX_FIELD: ++ ++ status = ++ acpi_ex_read_data_from_field ++ (walk_state, return_desc, ++ &temp_desc); ++ if (ACPI_FAILURE(status)) { ++ goto cleanup; ++ } + +- /* Add another reference to the object! */ ++ return_desc = temp_desc; ++ break; + +- acpi_ut_add_reference(return_desc); ++ default: ++ ++ /* Add another reference to the object */ ++ ++ acpi_ut_add_reference ++ (return_desc); ++ break; ++ } ++ } + break; + + default: diff --git a/queue-3.4/acpica-fix-for-a-store-argx-when-argx-contains-a-reference-to-a-field.patch b/queue-3.4/acpica-fix-for-a-store-argx-when-argx-contains-a-reference-to-a-field.patch new file mode 100644 index 00000000000..77081792ad7 --- /dev/null +++ b/queue-3.4/acpica-fix-for-a-store-argx-when-argx-contains-a-reference-to-a-field.patch @@ -0,0 +1,252 @@ +From 4be4be8fee2ee99a52f94f90d03d2f287ee1db86 Mon Sep 17 00:00:00 2001 +From: Bob Moore +Date: Fri, 6 Sep 2013 14:27:15 +0800 +Subject: ACPICA: Fix for a Store->ArgX when ArgX contains a reference to a field. + +From: Bob Moore + +commit 4be4be8fee2ee99a52f94f90d03d2f287ee1db86 upstream. + +This change fixes a problem where a Store operation to an ArgX object +that contained a reference to a field object did not complete the +automatic dereference and then write to the actual field object. +Instead, the object type of the field object was inadvertently changed +to match the type of the source operand. The new behavior will actually +write to the field object (buffer field or field unit), thus matching +the correct ACPI-defined behavior. + +Signed-off-by: Bob Moore +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Lv Zheng +Signed-off-by: Greg Kroah-Hartman +--- + drivers/acpi/acpica/exstore.c | 166 +++++++++++++++++++++++++----------------- + 1 file changed, 102 insertions(+), 64 deletions(-) + +--- a/drivers/acpi/acpica/exstore.c ++++ b/drivers/acpi/acpica/exstore.c +@@ -57,6 +57,11 @@ acpi_ex_store_object_to_index(union acpi + union acpi_operand_object *dest_desc, + struct acpi_walk_state *walk_state); + ++static acpi_status ++acpi_ex_store_direct_to_node(union acpi_operand_object *source_desc, ++ struct acpi_namespace_node *node, ++ struct acpi_walk_state *walk_state); ++ + /******************************************************************************* + * + * FUNCTION: acpi_ex_store +@@ -376,7 +381,11 @@ acpi_ex_store_object_to_index(union acpi + * When storing into an object the data is converted to the + * target object type then stored in the object. This means + * that the target object type (for an initialized target) will +- * not be changed by a store operation. ++ * not be changed by a store operation. A copy_object can change ++ * the target type, however. ++ * ++ * The implicit_conversion flag is set to NO/FALSE only when ++ * storing to an arg_x -- as per the rules of the ACPI spec. + * + * Assumes parameters are already validated. + * +@@ -400,7 +409,7 @@ acpi_ex_store_object_to_node(union acpi_ + target_type = acpi_ns_get_type(node); + target_desc = acpi_ns_get_attached_object(node); + +- ACPI_DEBUG_PRINT((ACPI_DB_EXEC, "Storing %p(%s) into node %p(%s)\n", ++ ACPI_DEBUG_PRINT((ACPI_DB_EXEC, "Storing %p (%s) to node %p (%s)\n", + source_desc, + acpi_ut_get_object_type_name(source_desc), node, + acpi_ut_get_type_name(target_type))); +@@ -414,46 +423,31 @@ acpi_ex_store_object_to_node(union acpi_ + return_ACPI_STATUS(status); + } + +- /* If no implicit conversion, drop into the default case below */ +- +- if ((!implicit_conversion) || +- ((walk_state->opcode == AML_COPY_OP) && +- (target_type != ACPI_TYPE_LOCAL_REGION_FIELD) && +- (target_type != ACPI_TYPE_LOCAL_BANK_FIELD) && +- (target_type != ACPI_TYPE_LOCAL_INDEX_FIELD))) { +- /* +- * Force execution of default (no implicit conversion). Note: +- * copy_object does not perform an implicit conversion, as per the ACPI +- * spec -- except in case of region/bank/index fields -- because these +- * objects must retain their original type permanently. +- */ +- target_type = ACPI_TYPE_ANY; +- } +- + /* Do the actual store operation */ + + switch (target_type) { +- case ACPI_TYPE_BUFFER_FIELD: +- case ACPI_TYPE_LOCAL_REGION_FIELD: +- case ACPI_TYPE_LOCAL_BANK_FIELD: +- case ACPI_TYPE_LOCAL_INDEX_FIELD: +- +- /* For fields, copy the source data to the target field. */ +- +- status = acpi_ex_write_data_to_field(source_desc, target_desc, +- &walk_state->result_obj); +- break; +- + case ACPI_TYPE_INTEGER: + case ACPI_TYPE_STRING: + case ACPI_TYPE_BUFFER: + + /* +- * These target types are all of type Integer/String/Buffer, and +- * therefore support implicit conversion before the store. +- * +- * Copy and/or convert the source object to a new target object ++ * The simple data types all support implicit source operand ++ * conversion before the store. + */ ++ ++ if ((walk_state->opcode == AML_COPY_OP) || !implicit_conversion) { ++ /* ++ * However, copy_object and Stores to arg_x do not perform ++ * an implicit conversion, as per the ACPI specification. ++ * A direct store is performed instead. ++ */ ++ status = acpi_ex_store_direct_to_node(source_desc, node, ++ walk_state); ++ break; ++ } ++ ++ /* Store with implicit source operand conversion support */ ++ + status = + acpi_ex_store_object_to_object(source_desc, target_desc, + &new_desc, walk_state); +@@ -467,13 +461,12 @@ acpi_ex_store_object_to_node(union acpi_ + * the Name's type to that of the value being stored in it. + * source_desc reference count is incremented by attach_object. + * +- * Note: This may change the type of the node if an explicit store +- * has been performed such that the node/object type has been +- * changed. ++ * Note: This may change the type of the node if an explicit ++ * store has been performed such that the node/object type ++ * has been changed. + */ +- status = +- acpi_ns_attach_object(node, new_desc, +- new_desc->common.type); ++ status = acpi_ns_attach_object(node, new_desc, ++ new_desc->common.type); + + ACPI_DEBUG_PRINT((ACPI_DB_EXEC, + "Store %s into %s via Convert/Attach\n", +@@ -484,38 +477,83 @@ acpi_ex_store_object_to_node(union acpi_ + } + break; + +- default: +- +- ACPI_DEBUG_PRINT((ACPI_DB_EXEC, +- "Storing [%s] (%p) directly into node [%s] (%p)" +- " with no implicit conversion\n", +- acpi_ut_get_object_type_name(source_desc), +- source_desc, +- acpi_ut_get_object_type_name(target_desc), +- node)); ++ case ACPI_TYPE_BUFFER_FIELD: ++ case ACPI_TYPE_LOCAL_REGION_FIELD: ++ case ACPI_TYPE_LOCAL_BANK_FIELD: ++ case ACPI_TYPE_LOCAL_INDEX_FIELD: ++ /* ++ * For all fields, always write the source data to the target ++ * field. Any required implicit source operand conversion is ++ * performed in the function below as necessary. Note, field ++ * objects must retain their original type permanently. ++ */ ++ status = acpi_ex_write_data_to_field(source_desc, target_desc, ++ &walk_state->result_obj); ++ break; + ++ default: + /* + * No conversions for all other types. Directly store a copy of +- * the source object. NOTE: This is a departure from the ACPI +- * spec, which states "If conversion is impossible, abort the +- * running control method". ++ * the source object. This is the ACPI spec-defined behavior for ++ * the copy_object operator. + * +- * This code implements "If conversion is impossible, treat the +- * Store operation as a CopyObject". ++ * NOTE: For the Store operator, this is a departure from the ++ * ACPI spec, which states "If conversion is impossible, abort ++ * the running control method". Instead, this code implements ++ * "If conversion is impossible, treat the Store operation as ++ * a CopyObject". + */ +- status = +- acpi_ut_copy_iobject_to_iobject(source_desc, &new_desc, +- walk_state); +- if (ACPI_FAILURE(status)) { +- return_ACPI_STATUS(status); +- } +- +- status = +- acpi_ns_attach_object(node, new_desc, +- new_desc->common.type); +- acpi_ut_remove_reference(new_desc); ++ status = acpi_ex_store_direct_to_node(source_desc, node, ++ walk_state); + break; + } + + return_ACPI_STATUS(status); + } ++ ++/******************************************************************************* ++ * ++ * FUNCTION: acpi_ex_store_direct_to_node ++ * ++ * PARAMETERS: source_desc - Value to be stored ++ * node - Named object to receive the value ++ * walk_state - Current walk state ++ * ++ * RETURN: Status ++ * ++ * DESCRIPTION: "Store" an object directly to a node. This involves a copy ++ * and an attach. ++ * ++ ******************************************************************************/ ++ ++static acpi_status ++acpi_ex_store_direct_to_node(union acpi_operand_object *source_desc, ++ struct acpi_namespace_node *node, ++ struct acpi_walk_state *walk_state) ++{ ++ acpi_status status; ++ union acpi_operand_object *new_desc; ++ ++ ACPI_FUNCTION_TRACE(ex_store_direct_to_node); ++ ++ ACPI_DEBUG_PRINT((ACPI_DB_EXEC, ++ "Storing [%s] (%p) directly into node [%s] (%p)" ++ " with no implicit conversion\n", ++ acpi_ut_get_object_type_name(source_desc), ++ source_desc, acpi_ut_get_type_name(node->type), ++ node)); ++ ++ /* Copy the source object to a new object */ ++ ++ status = ++ acpi_ut_copy_iobject_to_iobject(source_desc, &new_desc, walk_state); ++ if (ACPI_FAILURE(status)) { ++ return_ACPI_STATUS(status); ++ } ++ ++ /* Attach the new object to the node */ ++ ++ status = acpi_ns_attach_object(node, new_desc, new_desc->common.type); ++ acpi_ut_remove_reference(new_desc); ++ return_ACPI_STATUS(status); ++} diff --git a/queue-3.4/acpica-interpreter-fix-store-when-implicit-conversion-is-not-possible.patch b/queue-3.4/acpica-interpreter-fix-store-when-implicit-conversion-is-not-possible.patch new file mode 100644 index 00000000000..a2e2d50e5a8 --- /dev/null +++ b/queue-3.4/acpica-interpreter-fix-store-when-implicit-conversion-is-not-possible.patch @@ -0,0 +1,65 @@ +From 3f654bad3257427bea7ba1c4d43a23d99a03622b Mon Sep 17 00:00:00 2001 +From: Bob Moore +Date: Mon, 31 Dec 2012 00:11:45 +0000 +Subject: ACPICA: Interpreter: Fix Store() when implicit conversion is not possible. + +From: Bob Moore + +commit 3f654bad3257427bea7ba1c4d43a23d99a03622b upstream. + +For the cases such as a store of a string to an existing package +object, implement the store as a CopyObject(). +This is a small departure from the ACPI specification which states +that the control method should be aborted in this case. However, +ASLTS suite depends on this behavior. + +Signed-off-by: Bob Moore +Signed-off-by: Lv Zheng +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/acpica/exstore.c | 29 ++++++++++++++++++++++++----- + 1 file changed, 24 insertions(+), 5 deletions(-) + +--- a/drivers/acpi/acpica/exstore.c ++++ b/drivers/acpi/acpica/exstore.c +@@ -487,14 +487,33 @@ acpi_ex_store_object_to_node(union acpi_ + default: + + ACPI_DEBUG_PRINT((ACPI_DB_EXEC, +- "Storing %s (%p) directly into node (%p) with no implicit conversion\n", ++ "Storing [%s] (%p) directly into node [%s] (%p)" ++ " with no implicit conversion\n", + acpi_ut_get_object_type_name(source_desc), +- source_desc, node)); ++ source_desc, ++ acpi_ut_get_object_type_name(target_desc), ++ node)); + +- /* No conversions for all other types. Just attach the source object */ ++ /* ++ * No conversions for all other types. Directly store a copy of ++ * the source object. NOTE: This is a departure from the ACPI ++ * spec, which states "If conversion is impossible, abort the ++ * running control method". ++ * ++ * This code implements "If conversion is impossible, treat the ++ * Store operation as a CopyObject". ++ */ ++ status = ++ acpi_ut_copy_iobject_to_iobject(source_desc, &new_desc, ++ walk_state); ++ if (ACPI_FAILURE(status)) { ++ return_ACPI_STATUS(status); ++ } + +- status = acpi_ns_attach_object(node, source_desc, +- source_desc->common.type); ++ status = ++ acpi_ns_attach_object(node, new_desc, ++ new_desc->common.type); ++ acpi_ut_remove_reference(new_desc); + break; + } + diff --git a/queue-3.4/acpica-return-error-if-derefof-resolves-to-a-null-package-element.patch b/queue-3.4/acpica-return-error-if-derefof-resolves-to-a-null-package-element.patch new file mode 100644 index 00000000000..5eafd46f657 --- /dev/null +++ b/queue-3.4/acpica-return-error-if-derefof-resolves-to-a-null-package-element.patch @@ -0,0 +1,46 @@ +From a50abf4842dd7d603a2ad6dcc7f1467fd2a66f03 Mon Sep 17 00:00:00 2001 +From: Bob Moore +Date: Thu, 8 Aug 2013 15:29:58 +0800 +Subject: ACPICA: Return error if DerefOf resolves to a null package element. + +From: Bob Moore + +commit a50abf4842dd7d603a2ad6dcc7f1467fd2a66f03 upstream. + +Disallow the dereference of a reference (via index) to an uninitialized +package element. Provides compatibility with other ACPI +implementations. ACPICA BZ 1003. + +References: https://bugs.acpica.org/show_bug.cgi?id=431 +Signed-off-by: Bob Moore +Signed-off-by: Lv Zheng +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/acpica/exoparg1.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +--- a/drivers/acpi/acpica/exoparg1.c ++++ b/drivers/acpi/acpica/exoparg1.c +@@ -970,10 +970,17 @@ acpi_status acpi_ex_opcode_1A_0T_1R(stru + */ + return_desc = + *(operand[0]->reference.where); +- if (return_desc) { +- acpi_ut_add_reference +- (return_desc); ++ if (!return_desc) { ++ /* ++ * Element is NULL, do not allow the dereference. ++ * This provides compatibility with other ACPI ++ * implementations. ++ */ ++ return_ACPI_STATUS ++ (AE_AML_UNINITIALIZED_ELEMENT); + } ++ ++ acpi_ut_add_reference(return_desc); + break; + + default: diff --git a/queue-3.4/series b/queue-3.4/series index 940c996c755..431388877ab 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -2,3 +2,7 @@ vfs-proc-guarantee-unique-inodes-in-proc.patch nfs-don-t-allow-nfs_find_actor-to-match-inodes-of-the-wrong-type.patch libertas-potential-oops-in-debugfs.patch aacraid-prevent-invalid-pointer-dereference.patch +acpica-interpreter-fix-store-when-implicit-conversion-is-not-possible.patch +acpica-derefof-operator-update-to-fully-resolve-fieldunit-and-bufferfield-refs.patch +acpica-return-error-if-derefof-resolves-to-a-null-package-element.patch +acpica-fix-for-a-store-argx-when-argx-contains-a-reference-to-a-field.patch