linux_dsm_epyc7002/drivers/acpi/acpica/evregion.c
David E. Box d2e7d079c7 ACPICA: Operation region support: Never free the handler "context" pointer.
This change removes some dangerous code that attempts to free the
handler context pointer in some (rare) circumstances. The owner of
the handler owns this pointer and the ACPICA code should never
touch it. Although not seen to be an issue in any kernel, it did
show up as a problem under AcpiExec. Also, set the internal storage
field for the context pointer to zero when the region is deactivated,
simply for sanity. David Box.

Signed-off-by: David E. Box <david.e.box@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Reviewed-by: Len Brown <len.brown@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2013-09-24 01:46:24 +02:00

770 lines
22 KiB
C

/******************************************************************************
*
* Module Name: evregion - Operation Region support
*
*****************************************************************************/
/*
* Copyright (C) 2000 - 2013, Intel Corp.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions, and the following disclaimer,
* without modification.
* 2. Redistributions in binary form must reproduce at minimum a disclaimer
* substantially similar to the "NO WARRANTY" disclaimer below
* ("Disclaimer") and any redistribution must be conditioned upon
* including a substantially similar Disclaimer requirement for further
* binary redistribution.
* 3. Neither the names of the above-listed copyright holders nor the names
* of any contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* Alternatively, this software may be distributed under the terms of the
* GNU General Public License ("GPL") version 2 as published by the Free
* Software Foundation.
*
* NO WARRANTY
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGES.
*/
#include <acpi/acpi.h>
#include "accommon.h"
#include "acevents.h"
#include "acnamesp.h"
#include "acinterp.h"
#define _COMPONENT ACPI_EVENTS
ACPI_MODULE_NAME("evregion")
extern u8 acpi_gbl_default_address_spaces[];
/* Local prototypes */
static void
acpi_ev_orphan_ec_reg_method(struct acpi_namespace_node *ec_device_node);
static acpi_status
acpi_ev_reg_run(acpi_handle obj_handle,
u32 level, void *context, void **return_value);
/*******************************************************************************
*
* FUNCTION: acpi_ev_initialize_op_regions
*
* PARAMETERS: None
*
* RETURN: Status
*
* DESCRIPTION: Execute _REG methods for all Operation Regions that have
* an installed default region handler.
*
******************************************************************************/
acpi_status acpi_ev_initialize_op_regions(void)
{
acpi_status status;
u32 i;
ACPI_FUNCTION_TRACE(ev_initialize_op_regions);
status = acpi_ut_acquire_mutex(ACPI_MTX_NAMESPACE);
if (ACPI_FAILURE(status)) {
return_ACPI_STATUS(status);
}
/* Run the _REG methods for op_regions in each default address space */
for (i = 0; i < ACPI_NUM_DEFAULT_SPACES; i++) {
/*
* Make sure the installed handler is the DEFAULT handler. If not the
* default, the _REG methods will have already been run (when the
* handler was installed)
*/
if (acpi_ev_has_default_handler(acpi_gbl_root_node,
acpi_gbl_default_address_spaces
[i])) {
status =
acpi_ev_execute_reg_methods(acpi_gbl_root_node,
acpi_gbl_default_address_spaces
[i]);
}
}
acpi_gbl_reg_methods_executed = TRUE;
(void)acpi_ut_release_mutex(ACPI_MTX_NAMESPACE);
return_ACPI_STATUS(status);
}
/*******************************************************************************
*
* FUNCTION: acpi_ev_address_space_dispatch
*
* PARAMETERS: region_obj - Internal region object
* field_obj - Corresponding field. Can be NULL.
* function - Read or Write operation
* region_offset - Where in the region to read or write
* bit_width - Field width in bits (8, 16, 32, or 64)
* value - Pointer to in or out value, must be
* a full 64-bit integer
*
* RETURN: Status
*
* DESCRIPTION: Dispatch an address space or operation region access to
* a previously installed handler.
*
******************************************************************************/
acpi_status
acpi_ev_address_space_dispatch(union acpi_operand_object *region_obj,
union acpi_operand_object *field_obj,
u32 function,
u32 region_offset, u32 bit_width, u64 *value)
{
acpi_status status;
acpi_adr_space_handler handler;
acpi_adr_space_setup region_setup;
union acpi_operand_object *handler_desc;
union acpi_operand_object *region_obj2;
void *region_context = NULL;
struct acpi_connection_info *context;
ACPI_FUNCTION_TRACE(ev_address_space_dispatch);
region_obj2 = acpi_ns_get_secondary_object(region_obj);
if (!region_obj2) {
return_ACPI_STATUS(AE_NOT_EXIST);
}
/* Ensure that there is a handler associated with this region */
handler_desc = region_obj->region.handler;
if (!handler_desc) {
ACPI_ERROR((AE_INFO,
"No handler for Region [%4.4s] (%p) [%s]",
acpi_ut_get_node_name(region_obj->region.node),
region_obj,
acpi_ut_get_region_name(region_obj->region.
space_id)));
return_ACPI_STATUS(AE_NOT_EXIST);
}
context = handler_desc->address_space.context;
/*
* It may be the case that the region has never been initialized.
* Some types of regions require special init code
*/
if (!(region_obj->region.flags & AOPOBJ_SETUP_COMPLETE)) {
/* This region has not been initialized yet, do it */
region_setup = handler_desc->address_space.setup;
if (!region_setup) {
/* No initialization routine, exit with error */
ACPI_ERROR((AE_INFO,
"No init routine for region(%p) [%s]",
region_obj,
acpi_ut_get_region_name(region_obj->region.
space_id)));
return_ACPI_STATUS(AE_NOT_EXIST);
}
/*
* We must exit the interpreter because the region setup will
* potentially execute control methods (for example, the _REG method
* for this region)
*/
acpi_ex_exit_interpreter();
status = region_setup(region_obj, ACPI_REGION_ACTIVATE,
context, &region_context);
/* Re-enter the interpreter */
acpi_ex_enter_interpreter();
/* Check for failure of the Region Setup */
if (ACPI_FAILURE(status)) {
ACPI_EXCEPTION((AE_INFO, status,
"During region initialization: [%s]",
acpi_ut_get_region_name(region_obj->
region.
space_id)));
return_ACPI_STATUS(status);
}
/* Region initialization may have been completed by region_setup */
if (!(region_obj->region.flags & AOPOBJ_SETUP_COMPLETE)) {
region_obj->region.flags |= AOPOBJ_SETUP_COMPLETE;
/*
* Save the returned context for use in all accesses to
* the handler for this particular region
*/
if (!(region_obj2->extra.region_context)) {
region_obj2->extra.region_context =
region_context;
}
}
}
/* We have everything we need, we can invoke the address space handler */
handler = handler_desc->address_space.handler;
ACPI_DEBUG_PRINT((ACPI_DB_OPREGION,
"Handler %p (@%p) Address %8.8X%8.8X [%s]\n",
&region_obj->region.handler->address_space, handler,
ACPI_FORMAT_NATIVE_UINT(region_obj->region.address +
region_offset),
acpi_ut_get_region_name(region_obj->region.
space_id)));
/*
* Special handling for generic_serial_bus and general_purpose_io:
* There are three extra parameters that must be passed to the
* handler via the context:
* 1) Connection buffer, a resource template from Connection() op.
* 2) Length of the above buffer.
* 3) Actual access length from the access_as() op.
*/
if (((region_obj->region.space_id == ACPI_ADR_SPACE_GSBUS) ||
(region_obj->region.space_id == ACPI_ADR_SPACE_GPIO)) &&
context && field_obj) {
/* Get the Connection (resource_template) buffer */
context->connection = field_obj->field.resource_buffer;
context->length = field_obj->field.resource_length;
context->access_length = field_obj->field.access_length;
}
if (!(handler_desc->address_space.handler_flags &
ACPI_ADDR_HANDLER_DEFAULT_INSTALLED)) {
/*
* For handlers other than the default (supplied) handlers, we must
* exit the interpreter because the handler *might* block -- we don't
* know what it will do, so we can't hold the lock on the intepreter.
*/
acpi_ex_exit_interpreter();
}
/* Call the handler */
status = handler(function,
(region_obj->region.address + region_offset),
bit_width, value, context,
region_obj2->extra.region_context);
if (ACPI_FAILURE(status)) {
ACPI_EXCEPTION((AE_INFO, status, "Returned by Handler for [%s]",
acpi_ut_get_region_name(region_obj->region.
space_id)));
}
if (!(handler_desc->address_space.handler_flags &
ACPI_ADDR_HANDLER_DEFAULT_INSTALLED)) {
/*
* We just returned from a non-default handler, we must re-enter the
* interpreter
*/
acpi_ex_enter_interpreter();
}
return_ACPI_STATUS(status);
}
/*******************************************************************************
*
* FUNCTION: acpi_ev_detach_region
*
* PARAMETERS: region_obj - Region Object
* acpi_ns_is_locked - Namespace Region Already Locked?
*
* RETURN: None
*
* DESCRIPTION: Break the association between the handler and the region
* this is a two way association.
*
******************************************************************************/
void
acpi_ev_detach_region(union acpi_operand_object *region_obj,
u8 acpi_ns_is_locked)
{
union acpi_operand_object *handler_obj;
union acpi_operand_object *obj_desc;
union acpi_operand_object **last_obj_ptr;
acpi_adr_space_setup region_setup;
void **region_context;
union acpi_operand_object *region_obj2;
acpi_status status;
ACPI_FUNCTION_TRACE(ev_detach_region);
region_obj2 = acpi_ns_get_secondary_object(region_obj);
if (!region_obj2) {
return_VOID;
}
region_context = &region_obj2->extra.region_context;
/* Get the address handler from the region object */
handler_obj = region_obj->region.handler;
if (!handler_obj) {
/* This region has no handler, all done */
return_VOID;
}
/* Find this region in the handler's list */
obj_desc = handler_obj->address_space.region_list;
last_obj_ptr = &handler_obj->address_space.region_list;
while (obj_desc) {
/* Is this the correct Region? */
if (obj_desc == region_obj) {
ACPI_DEBUG_PRINT((ACPI_DB_OPREGION,
"Removing Region %p from address handler %p\n",
region_obj, handler_obj));
/* This is it, remove it from the handler's list */
*last_obj_ptr = obj_desc->region.next;
obj_desc->region.next = NULL; /* Must clear field */
if (acpi_ns_is_locked) {
status =
acpi_ut_release_mutex(ACPI_MTX_NAMESPACE);
if (ACPI_FAILURE(status)) {
return_VOID;
}
}
/* Now stop region accesses by executing the _REG method */
status =
acpi_ev_execute_reg_method(region_obj,
ACPI_REG_DISCONNECT);
if (ACPI_FAILURE(status)) {
ACPI_EXCEPTION((AE_INFO, status,
"from region _REG, [%s]",
acpi_ut_get_region_name
(region_obj->region.space_id)));
}
if (acpi_ns_is_locked) {
status =
acpi_ut_acquire_mutex(ACPI_MTX_NAMESPACE);
if (ACPI_FAILURE(status)) {
return_VOID;
}
}
/*
* If the region has been activated, call the setup handler with
* the deactivate notification
*/
if (region_obj->region.flags & AOPOBJ_SETUP_COMPLETE) {
region_setup = handler_obj->address_space.setup;
status =
region_setup(region_obj,
ACPI_REGION_DEACTIVATE,
handler_obj->address_space.
context, region_context);
/*
* region_context should have been released by the deactivate
* operation. We don't need access to it anymore here.
*/
if (region_context) {
*region_context = NULL;
}
/* Init routine may fail, Just ignore errors */
if (ACPI_FAILURE(status)) {
ACPI_EXCEPTION((AE_INFO, status,
"from region handler - deactivate, [%s]",
acpi_ut_get_region_name
(region_obj->region.
space_id)));
}
region_obj->region.flags &=
~(AOPOBJ_SETUP_COMPLETE);
}
/*
* Remove handler reference in the region
*
* NOTE: this doesn't mean that the region goes away, the region
* is just inaccessible as indicated to the _REG method
*
* If the region is on the handler's list, this must be the
* region's handler
*/
region_obj->region.handler = NULL;
acpi_ut_remove_reference(handler_obj);
return_VOID;
}
/* Walk the linked list of handlers */
last_obj_ptr = &obj_desc->region.next;
obj_desc = obj_desc->region.next;
}
/* If we get here, the region was not in the handler's region list */
ACPI_DEBUG_PRINT((ACPI_DB_OPREGION,
"Cannot remove region %p from address handler %p\n",
region_obj, handler_obj));
return_VOID;
}
/*******************************************************************************
*
* FUNCTION: acpi_ev_attach_region
*
* PARAMETERS: handler_obj - Handler Object
* region_obj - Region Object
* acpi_ns_is_locked - Namespace Region Already Locked?
*
* RETURN: None
*
* DESCRIPTION: Create the association between the handler and the region
* this is a two way association.
*
******************************************************************************/
acpi_status
acpi_ev_attach_region(union acpi_operand_object *handler_obj,
union acpi_operand_object *region_obj,
u8 acpi_ns_is_locked)
{
ACPI_FUNCTION_TRACE(ev_attach_region);
ACPI_DEBUG_PRINT((ACPI_DB_OPREGION,
"Adding Region [%4.4s] %p to address handler %p [%s]\n",
acpi_ut_get_node_name(region_obj->region.node),
region_obj, handler_obj,
acpi_ut_get_region_name(region_obj->region.
space_id)));
/* Link this region to the front of the handler's list */
region_obj->region.next = handler_obj->address_space.region_list;
handler_obj->address_space.region_list = region_obj;
/* Install the region's handler */
if (region_obj->region.handler) {
return_ACPI_STATUS(AE_ALREADY_EXISTS);
}
region_obj->region.handler = handler_obj;
acpi_ut_add_reference(handler_obj);
return_ACPI_STATUS(AE_OK);
}
/*******************************************************************************
*
* FUNCTION: acpi_ev_execute_reg_method
*
* PARAMETERS: region_obj - Region object
* function - Passed to _REG: On (1) or Off (0)
*
* RETURN: Status
*
* DESCRIPTION: Execute _REG method for a region
*
******************************************************************************/
acpi_status
acpi_ev_execute_reg_method(union acpi_operand_object *region_obj, u32 function)
{
struct acpi_evaluate_info *info;
union acpi_operand_object *args[3];
union acpi_operand_object *region_obj2;
acpi_status status;
ACPI_FUNCTION_TRACE(ev_execute_reg_method);
region_obj2 = acpi_ns_get_secondary_object(region_obj);
if (!region_obj2) {
return_ACPI_STATUS(AE_NOT_EXIST);
}
if (region_obj2->extra.method_REG == NULL) {
return_ACPI_STATUS(AE_OK);
}
/* Allocate and initialize the evaluation information block */
info = ACPI_ALLOCATE_ZEROED(sizeof(struct acpi_evaluate_info));
if (!info) {
return_ACPI_STATUS(AE_NO_MEMORY);
}
info->prefix_node = region_obj2->extra.method_REG;
info->relative_pathname = NULL;
info->parameters = args;
info->flags = ACPI_IGNORE_RETURN_VALUE;
/*
* The _REG method has two arguments:
*
* arg0 - Integer:
* Operation region space ID Same value as region_obj->Region.space_id
*
* arg1 - Integer:
* connection status 1 for connecting the handler, 0 for disconnecting
* the handler (Passed as a parameter)
*/
args[0] =
acpi_ut_create_integer_object((u64)region_obj->region.space_id);
if (!args[0]) {
status = AE_NO_MEMORY;
goto cleanup1;
}
args[1] = acpi_ut_create_integer_object((u64)function);
if (!args[1]) {
status = AE_NO_MEMORY;
goto cleanup2;
}
args[2] = NULL; /* Terminate list */
/* Execute the method, no return value */
ACPI_DEBUG_EXEC(acpi_ut_display_init_pathname
(ACPI_TYPE_METHOD, info->prefix_node, NULL));
status = acpi_ns_evaluate(info);
acpi_ut_remove_reference(args[1]);
cleanup2:
acpi_ut_remove_reference(args[0]);
cleanup1:
ACPI_FREE(info);
return_ACPI_STATUS(status);
}
/*******************************************************************************
*
* FUNCTION: acpi_ev_execute_reg_methods
*
* PARAMETERS: node - Namespace node for the device
* space_id - The address space ID
*
* RETURN: Status
*
* DESCRIPTION: Run all _REG methods for the input Space ID;
* Note: assumes namespace is locked, or system init time.
*
******************************************************************************/
acpi_status
acpi_ev_execute_reg_methods(struct acpi_namespace_node *node,
acpi_adr_space_type space_id)
{
acpi_status status;
ACPI_FUNCTION_TRACE(ev_execute_reg_methods);
/*
* Run all _REG methods for all Operation Regions for this space ID. This
* is a separate walk in order to handle any interdependencies between
* regions and _REG methods. (i.e. handlers must be installed for all
* regions of this Space ID before we can run any _REG methods)
*/
status = acpi_ns_walk_namespace(ACPI_TYPE_ANY, node, ACPI_UINT32_MAX,
ACPI_NS_WALK_UNLOCK, acpi_ev_reg_run,
NULL, &space_id, NULL);
/* Special case for EC: handle "orphan" _REG methods with no region */
if (space_id == ACPI_ADR_SPACE_EC) {
acpi_ev_orphan_ec_reg_method(node);
}
return_ACPI_STATUS(status);
}
/*******************************************************************************
*
* FUNCTION: acpi_ev_reg_run
*
* PARAMETERS: walk_namespace callback
*
* DESCRIPTION: Run _REG method for region objects of the requested spaceID
*
******************************************************************************/
static acpi_status
acpi_ev_reg_run(acpi_handle obj_handle,
u32 level, void *context, void **return_value)
{
union acpi_operand_object *obj_desc;
struct acpi_namespace_node *node;
acpi_adr_space_type space_id;
acpi_status status;
space_id = *ACPI_CAST_PTR(acpi_adr_space_type, context);
/* Convert and validate the device handle */
node = acpi_ns_validate_handle(obj_handle);
if (!node) {
return (AE_BAD_PARAMETER);
}
/*
* We only care about regions.and objects that are allowed to have address
* space handlers
*/
if ((node->type != ACPI_TYPE_REGION) && (node != acpi_gbl_root_node)) {
return (AE_OK);
}
/* Check for an existing internal object */
obj_desc = acpi_ns_get_attached_object(node);
if (!obj_desc) {
/* No object, just exit */
return (AE_OK);
}
/* Object is a Region */
if (obj_desc->region.space_id != space_id) {
/* This region is for a different address space, just ignore it */
return (AE_OK);
}
status = acpi_ev_execute_reg_method(obj_desc, ACPI_REG_CONNECT);
return (status);
}
/*******************************************************************************
*
* FUNCTION: acpi_ev_orphan_ec_reg_method
*
* PARAMETERS: ec_device_node - Namespace node for an EC device
*
* RETURN: None
*
* DESCRIPTION: Execute an "orphan" _REG method that appears under the EC
* device. This is a _REG method that has no corresponding region
* within the EC device scope. The orphan _REG method appears to
* have been enabled by the description of the ECDT in the ACPI
* specification: "The availability of the region space can be
* detected by providing a _REG method object underneath the
* Embedded Controller device."
*
* To quickly access the EC device, we use the ec_device_node used
* during EC handler installation. Otherwise, we would need to
* perform a time consuming namespace walk, executing _HID
* methods to find the EC device.
*
* MUTEX: Assumes the namespace is locked
*
******************************************************************************/
static void
acpi_ev_orphan_ec_reg_method(struct acpi_namespace_node *ec_device_node)
{
acpi_handle reg_method;
struct acpi_namespace_node *next_node;
acpi_status status;
struct acpi_object_list args;
union acpi_object objects[2];
ACPI_FUNCTION_TRACE(ev_orphan_ec_reg_method);
if (!ec_device_node) {
return_VOID;
}
/* Namespace is currently locked, must release */
(void)acpi_ut_release_mutex(ACPI_MTX_NAMESPACE);
/* Get a handle to a _REG method immediately under the EC device */
status = acpi_get_handle(ec_device_node, METHOD_NAME__REG, &reg_method);
if (ACPI_FAILURE(status)) {
goto exit; /* There is no _REG method present */
}
/*
* Execute the _REG method only if there is no Operation Region in
* this scope with the Embedded Controller space ID. Otherwise, it
* will already have been executed. Note, this allows for Regions
* with other space IDs to be present; but the code below will then
* execute the _REG method with the embedded_control space_ID argument.
*/
next_node = acpi_ns_get_next_node(ec_device_node, NULL);
while (next_node) {
if ((next_node->type == ACPI_TYPE_REGION) &&
(next_node->object) &&
(next_node->object->region.space_id == ACPI_ADR_SPACE_EC)) {
goto exit; /* Do not execute the _REG */
}
next_node = acpi_ns_get_next_node(ec_device_node, next_node);
}
/* Evaluate the _REG(embedded_control,Connect) method */
args.count = 2;
args.pointer = objects;
objects[0].type = ACPI_TYPE_INTEGER;
objects[0].integer.value = ACPI_ADR_SPACE_EC;
objects[1].type = ACPI_TYPE_INTEGER;
objects[1].integer.value = ACPI_REG_CONNECT;
status = acpi_evaluate_object(reg_method, NULL, &args, NULL);
exit:
/* We ignore all errors from above, don't care */
status = acpi_ut_acquire_mutex(ACPI_MTX_NAMESPACE);
return_VOID;
}