[SCSI] fix BUG when sum(scatterlist) > bufflen
[linux-2.6] / drivers / acpi / dispatcher / dsopcode.c
1 /******************************************************************************
2  *
3  * Module Name: dsopcode - Dispatcher Op Region support and handling of
4  *                         "control" opcodes
5  *
6  *****************************************************************************/
7
8 /*
9  * Copyright (C) 2000 - 2007, R. Byron Moore
10  * All rights reserved.
11  *
12  * Redistribution and use in source and binary forms, with or without
13  * modification, are permitted provided that the following conditions
14  * are met:
15  * 1. Redistributions of source code must retain the above copyright
16  *    notice, this list of conditions, and the following disclaimer,
17  *    without modification.
18  * 2. Redistributions in binary form must reproduce at minimum a disclaimer
19  *    substantially similar to the "NO WARRANTY" disclaimer below
20  *    ("Disclaimer") and any redistribution must be conditioned upon
21  *    including a substantially similar Disclaimer requirement for further
22  *    binary redistribution.
23  * 3. Neither the names of the above-listed copyright holders nor the names
24  *    of any contributors may be used to endorse or promote products derived
25  *    from this software without specific prior written permission.
26  *
27  * Alternatively, this software may be distributed under the terms of the
28  * GNU General Public License ("GPL") version 2 as published by the Free
29  * Software Foundation.
30  *
31  * NO WARRANTY
32  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
33  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
34  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
35  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
36  * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
37  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
38  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
39  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
40  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
41  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
42  * POSSIBILITY OF SUCH DAMAGES.
43  */
44
45 #include <acpi/acpi.h>
46 #include <acpi/acparser.h>
47 #include <acpi/amlcode.h>
48 #include <acpi/acdispat.h>
49 #include <acpi/acinterp.h>
50 #include <acpi/acnamesp.h>
51 #include <acpi/acevents.h>
52
53 #define _COMPONENT          ACPI_DISPATCHER
54 ACPI_MODULE_NAME("dsopcode")
55
56 /* Local prototypes */
57 static acpi_status
58 acpi_ds_execute_arguments(struct acpi_namespace_node *node,
59                           struct acpi_namespace_node *scope_node,
60                           u32 aml_length, u8 * aml_start);
61
62 static acpi_status
63 acpi_ds_init_buffer_field(u16 aml_opcode,
64                           union acpi_operand_object *obj_desc,
65                           union acpi_operand_object *buffer_desc,
66                           union acpi_operand_object *offset_desc,
67                           union acpi_operand_object *length_desc,
68                           union acpi_operand_object *result_desc);
69
70 /*******************************************************************************
71  *
72  * FUNCTION:    acpi_ds_execute_arguments
73  *
74  * PARAMETERS:  Node                - Object NS node
75  *              scope_node          - Parent NS node
76  *              aml_length          - Length of executable AML
77  *              aml_start           - Pointer to the AML
78  *
79  * RETURN:      Status.
80  *
81  * DESCRIPTION: Late (deferred) execution of region or field arguments
82  *
83  ******************************************************************************/
84
85 static acpi_status
86 acpi_ds_execute_arguments(struct acpi_namespace_node *node,
87                           struct acpi_namespace_node *scope_node,
88                           u32 aml_length, u8 * aml_start)
89 {
90         acpi_status status;
91         union acpi_parse_object *op;
92         struct acpi_walk_state *walk_state;
93
94         ACPI_FUNCTION_TRACE(ds_execute_arguments);
95
96         /*
97          * Allocate a new parser op to be the root of the parsed tree
98          */
99         op = acpi_ps_alloc_op(AML_INT_EVAL_SUBTREE_OP);
100         if (!op) {
101                 return_ACPI_STATUS(AE_NO_MEMORY);
102         }
103
104         /* Save the Node for use in acpi_ps_parse_aml */
105
106         op->common.node = scope_node;
107
108         /* Create and initialize a new parser state */
109
110         walk_state = acpi_ds_create_walk_state(0, NULL, NULL, NULL);
111         if (!walk_state) {
112                 status = AE_NO_MEMORY;
113                 goto cleanup;
114         }
115
116         status = acpi_ds_init_aml_walk(walk_state, op, NULL, aml_start,
117                                        aml_length, NULL, ACPI_IMODE_LOAD_PASS1);
118         if (ACPI_FAILURE(status)) {
119                 acpi_ds_delete_walk_state(walk_state);
120                 goto cleanup;
121         }
122
123         /* Mark this parse as a deferred opcode */
124
125         walk_state->parse_flags = ACPI_PARSE_DEFERRED_OP;
126         walk_state->deferred_node = node;
127
128         /* Pass1: Parse the entire declaration */
129
130         status = acpi_ps_parse_aml(walk_state);
131         if (ACPI_FAILURE(status)) {
132                 goto cleanup;
133         }
134
135         /* Get and init the Op created above */
136
137         op->common.node = node;
138         acpi_ps_delete_parse_tree(op);
139
140         /* Evaluate the deferred arguments */
141
142         op = acpi_ps_alloc_op(AML_INT_EVAL_SUBTREE_OP);
143         if (!op) {
144                 return_ACPI_STATUS(AE_NO_MEMORY);
145         }
146
147         op->common.node = scope_node;
148
149         /* Create and initialize a new parser state */
150
151         walk_state = acpi_ds_create_walk_state(0, NULL, NULL, NULL);
152         if (!walk_state) {
153                 status = AE_NO_MEMORY;
154                 goto cleanup;
155         }
156
157         /* Execute the opcode and arguments */
158
159         status = acpi_ds_init_aml_walk(walk_state, op, NULL, aml_start,
160                                        aml_length, NULL, ACPI_IMODE_EXECUTE);
161         if (ACPI_FAILURE(status)) {
162                 acpi_ds_delete_walk_state(walk_state);
163                 goto cleanup;
164         }
165
166         /* Mark this execution as a deferred opcode */
167
168         walk_state->deferred_node = node;
169         status = acpi_ps_parse_aml(walk_state);
170
171       cleanup:
172         acpi_ps_delete_parse_tree(op);
173         return_ACPI_STATUS(status);
174 }
175
176 /*******************************************************************************
177  *
178  * FUNCTION:    acpi_ds_get_buffer_field_arguments
179  *
180  * PARAMETERS:  obj_desc        - A valid buffer_field object
181  *
182  * RETURN:      Status.
183  *
184  * DESCRIPTION: Get buffer_field Buffer and Index. This implements the late
185  *              evaluation of these field attributes.
186  *
187  ******************************************************************************/
188
189 acpi_status
190 acpi_ds_get_buffer_field_arguments(union acpi_operand_object *obj_desc)
191 {
192         union acpi_operand_object *extra_desc;
193         struct acpi_namespace_node *node;
194         acpi_status status;
195
196         ACPI_FUNCTION_TRACE_PTR(ds_get_buffer_field_arguments, obj_desc);
197
198         if (obj_desc->common.flags & AOPOBJ_DATA_VALID) {
199                 return_ACPI_STATUS(AE_OK);
200         }
201
202         /* Get the AML pointer (method object) and buffer_field node */
203
204         extra_desc = acpi_ns_get_secondary_object(obj_desc);
205         node = obj_desc->buffer_field.node;
206
207         ACPI_DEBUG_EXEC(acpi_ut_display_init_pathname
208                         (ACPI_TYPE_BUFFER_FIELD, node, NULL));
209         ACPI_DEBUG_PRINT((ACPI_DB_EXEC, "[%4.4s] BufferField Arg Init\n",
210                           acpi_ut_get_node_name(node)));
211
212         /* Execute the AML code for the term_arg arguments */
213
214         status = acpi_ds_execute_arguments(node, acpi_ns_get_parent_node(node),
215                                            extra_desc->extra.aml_length,
216                                            extra_desc->extra.aml_start);
217         return_ACPI_STATUS(status);
218 }
219
220 /*******************************************************************************
221  *
222  * FUNCTION:    acpi_ds_get_buffer_arguments
223  *
224  * PARAMETERS:  obj_desc        - A valid Buffer object
225  *
226  * RETURN:      Status.
227  *
228  * DESCRIPTION: Get Buffer length and initializer byte list.  This implements
229  *              the late evaluation of these attributes.
230  *
231  ******************************************************************************/
232
233 acpi_status acpi_ds_get_buffer_arguments(union acpi_operand_object *obj_desc)
234 {
235         struct acpi_namespace_node *node;
236         acpi_status status;
237
238         ACPI_FUNCTION_TRACE_PTR(ds_get_buffer_arguments, obj_desc);
239
240         if (obj_desc->common.flags & AOPOBJ_DATA_VALID) {
241                 return_ACPI_STATUS(AE_OK);
242         }
243
244         /* Get the Buffer node */
245
246         node = obj_desc->buffer.node;
247         if (!node) {
248                 ACPI_ERROR((AE_INFO,
249                             "No pointer back to NS node in buffer obj %p",
250                             obj_desc));
251                 return_ACPI_STATUS(AE_AML_INTERNAL);
252         }
253
254         ACPI_DEBUG_PRINT((ACPI_DB_EXEC, "Buffer Arg Init\n"));
255
256         /* Execute the AML code for the term_arg arguments */
257
258         status = acpi_ds_execute_arguments(node, node,
259                                            obj_desc->buffer.aml_length,
260                                            obj_desc->buffer.aml_start);
261         return_ACPI_STATUS(status);
262 }
263
264 /*******************************************************************************
265  *
266  * FUNCTION:    acpi_ds_get_package_arguments
267  *
268  * PARAMETERS:  obj_desc        - A valid Package object
269  *
270  * RETURN:      Status.
271  *
272  * DESCRIPTION: Get Package length and initializer byte list.  This implements
273  *              the late evaluation of these attributes.
274  *
275  ******************************************************************************/
276
277 acpi_status acpi_ds_get_package_arguments(union acpi_operand_object *obj_desc)
278 {
279         struct acpi_namespace_node *node;
280         acpi_status status;
281
282         ACPI_FUNCTION_TRACE_PTR(ds_get_package_arguments, obj_desc);
283
284         if (obj_desc->common.flags & AOPOBJ_DATA_VALID) {
285                 return_ACPI_STATUS(AE_OK);
286         }
287
288         /* Get the Package node */
289
290         node = obj_desc->package.node;
291         if (!node) {
292                 ACPI_ERROR((AE_INFO,
293                             "No pointer back to NS node in package %p",
294                             obj_desc));
295                 return_ACPI_STATUS(AE_AML_INTERNAL);
296         }
297
298         ACPI_DEBUG_PRINT((ACPI_DB_EXEC, "Package Arg Init\n"));
299
300         /* Execute the AML code for the term_arg arguments */
301
302         status = acpi_ds_execute_arguments(node, node,
303                                            obj_desc->package.aml_length,
304                                            obj_desc->package.aml_start);
305         return_ACPI_STATUS(status);
306 }
307
308 /*****************************************************************************
309  *
310  * FUNCTION:    acpi_ds_get_region_arguments
311  *
312  * PARAMETERS:  obj_desc        - A valid region object
313  *
314  * RETURN:      Status.
315  *
316  * DESCRIPTION: Get region address and length.  This implements the late
317  *              evaluation of these region attributes.
318  *
319  ****************************************************************************/
320
321 acpi_status acpi_ds_get_region_arguments(union acpi_operand_object *obj_desc)
322 {
323         struct acpi_namespace_node *node;
324         acpi_status status;
325         union acpi_operand_object *extra_desc;
326
327         ACPI_FUNCTION_TRACE_PTR(ds_get_region_arguments, obj_desc);
328
329         if (obj_desc->region.flags & AOPOBJ_DATA_VALID) {
330                 return_ACPI_STATUS(AE_OK);
331         }
332
333         extra_desc = acpi_ns_get_secondary_object(obj_desc);
334         if (!extra_desc) {
335                 return_ACPI_STATUS(AE_NOT_EXIST);
336         }
337
338         /* Get the Region node */
339
340         node = obj_desc->region.node;
341
342         ACPI_DEBUG_EXEC(acpi_ut_display_init_pathname
343                         (ACPI_TYPE_REGION, node, NULL));
344
345         ACPI_DEBUG_PRINT((ACPI_DB_EXEC, "[%4.4s] OpRegion Arg Init at AML %p\n",
346                           acpi_ut_get_node_name(node),
347                           extra_desc->extra.aml_start));
348
349         /* Execute the argument AML */
350
351         status = acpi_ds_execute_arguments(node, acpi_ns_get_parent_node(node),
352                                            extra_desc->extra.aml_length,
353                                            extra_desc->extra.aml_start);
354         if (ACPI_FAILURE(status)) {
355                 return_ACPI_STATUS(status);
356         }
357
358         /* Validate the region address/length via the host OS */
359
360         status = acpi_os_validate_address(obj_desc->region.space_id,
361                                           obj_desc->region.address,
362                                           (acpi_size) obj_desc->region.length,
363                                           acpi_ut_get_node_name(node));
364
365         if (ACPI_FAILURE(status)) {
366                 /*
367                  * Invalid address/length. We will emit an error message and mark
368                  * the region as invalid, so that it will cause an additional error if
369                  * it is ever used. Then return AE_OK.
370                  */
371                 ACPI_EXCEPTION((AE_INFO, status,
372                                 "During address validation of OpRegion [%4.4s]",
373                                 node->name.ascii));
374                 obj_desc->common.flags |= AOPOBJ_INVALID;
375                 status = AE_OK;
376         }
377
378         return_ACPI_STATUS(status);
379 }
380
381 /*******************************************************************************
382  *
383  * FUNCTION:    acpi_ds_initialize_region
384  *
385  * PARAMETERS:  obj_handle      - Region namespace node
386  *
387  * RETURN:      Status
388  *
389  * DESCRIPTION: Front end to ev_initialize_region
390  *
391  ******************************************************************************/
392
393 acpi_status acpi_ds_initialize_region(acpi_handle obj_handle)
394 {
395         union acpi_operand_object *obj_desc;
396         acpi_status status;
397
398         obj_desc = acpi_ns_get_attached_object(obj_handle);
399
400         /* Namespace is NOT locked */
401
402         status = acpi_ev_initialize_region(obj_desc, FALSE);
403         return (status);
404 }
405
406 /*******************************************************************************
407  *
408  * FUNCTION:    acpi_ds_init_buffer_field
409  *
410  * PARAMETERS:  aml_opcode      - create_xxx_field
411  *              obj_desc        - buffer_field object
412  *              buffer_desc     - Host Buffer
413  *              offset_desc     - Offset into buffer
414  *              length_desc     - Length of field (CREATE_FIELD_OP only)
415  *              result_desc     - Where to store the result
416  *
417  * RETURN:      Status
418  *
419  * DESCRIPTION: Perform actual initialization of a buffer field
420  *
421  ******************************************************************************/
422
423 static acpi_status
424 acpi_ds_init_buffer_field(u16 aml_opcode,
425                           union acpi_operand_object *obj_desc,
426                           union acpi_operand_object *buffer_desc,
427                           union acpi_operand_object *offset_desc,
428                           union acpi_operand_object *length_desc,
429                           union acpi_operand_object *result_desc)
430 {
431         u32 offset;
432         u32 bit_offset;
433         u32 bit_count;
434         u8 field_flags;
435         acpi_status status;
436
437         ACPI_FUNCTION_TRACE_PTR(ds_init_buffer_field, obj_desc);
438
439         /* Host object must be a Buffer */
440
441         if (ACPI_GET_OBJECT_TYPE(buffer_desc) != ACPI_TYPE_BUFFER) {
442                 ACPI_ERROR((AE_INFO,
443                             "Target of Create Field is not a Buffer object - %s",
444                             acpi_ut_get_object_type_name(buffer_desc)));
445
446                 status = AE_AML_OPERAND_TYPE;
447                 goto cleanup;
448         }
449
450         /*
451          * The last parameter to all of these opcodes (result_desc) started
452          * out as a name_string, and should therefore now be a NS node
453          * after resolution in acpi_ex_resolve_operands().
454          */
455         if (ACPI_GET_DESCRIPTOR_TYPE(result_desc) != ACPI_DESC_TYPE_NAMED) {
456                 ACPI_ERROR((AE_INFO,
457                             "(%s) destination not a NS Node [%s]",
458                             acpi_ps_get_opcode_name(aml_opcode),
459                             acpi_ut_get_descriptor_name(result_desc)));
460
461                 status = AE_AML_OPERAND_TYPE;
462                 goto cleanup;
463         }
464
465         offset = (u32) offset_desc->integer.value;
466
467         /*
468          * Setup the Bit offsets and counts, according to the opcode
469          */
470         switch (aml_opcode) {
471         case AML_CREATE_FIELD_OP:
472
473                 /* Offset is in bits, count is in bits */
474
475                 field_flags = AML_FIELD_ACCESS_BYTE;
476                 bit_offset = offset;
477                 bit_count = (u32) length_desc->integer.value;
478
479                 /* Must have a valid (>0) bit count */
480
481                 if (bit_count == 0) {
482                         ACPI_ERROR((AE_INFO,
483                                     "Attempt to CreateField of length zero"));
484                         status = AE_AML_OPERAND_VALUE;
485                         goto cleanup;
486                 }
487                 break;
488
489         case AML_CREATE_BIT_FIELD_OP:
490
491                 /* Offset is in bits, Field is one bit */
492
493                 bit_offset = offset;
494                 bit_count = 1;
495                 field_flags = AML_FIELD_ACCESS_BYTE;
496                 break;
497
498         case AML_CREATE_BYTE_FIELD_OP:
499
500                 /* Offset is in bytes, field is one byte */
501
502                 bit_offset = 8 * offset;
503                 bit_count = 8;
504                 field_flags = AML_FIELD_ACCESS_BYTE;
505                 break;
506
507         case AML_CREATE_WORD_FIELD_OP:
508
509                 /* Offset is in bytes, field is one word */
510
511                 bit_offset = 8 * offset;
512                 bit_count = 16;
513                 field_flags = AML_FIELD_ACCESS_WORD;
514                 break;
515
516         case AML_CREATE_DWORD_FIELD_OP:
517
518                 /* Offset is in bytes, field is one dword */
519
520                 bit_offset = 8 * offset;
521                 bit_count = 32;
522                 field_flags = AML_FIELD_ACCESS_DWORD;
523                 break;
524
525         case AML_CREATE_QWORD_FIELD_OP:
526
527                 /* Offset is in bytes, field is one qword */
528
529                 bit_offset = 8 * offset;
530                 bit_count = 64;
531                 field_flags = AML_FIELD_ACCESS_QWORD;
532                 break;
533
534         default:
535
536                 ACPI_ERROR((AE_INFO,
537                             "Unknown field creation opcode %02x", aml_opcode));
538                 status = AE_AML_BAD_OPCODE;
539                 goto cleanup;
540         }
541
542         /* Entire field must fit within the current length of the buffer */
543
544         if ((bit_offset + bit_count) > (8 * (u32) buffer_desc->buffer.length)) {
545                 ACPI_ERROR((AE_INFO,
546                             "Field [%4.4s] at %d exceeds Buffer [%4.4s] size %d (bits)",
547                             acpi_ut_get_node_name(result_desc),
548                             bit_offset + bit_count,
549                             acpi_ut_get_node_name(buffer_desc->buffer.node),
550                             8 * (u32) buffer_desc->buffer.length));
551                 status = AE_AML_BUFFER_LIMIT;
552                 goto cleanup;
553         }
554
555         /*
556          * Initialize areas of the field object that are common to all fields
557          * For field_flags, use LOCK_RULE = 0 (NO_LOCK),
558          * UPDATE_RULE = 0 (UPDATE_PRESERVE)
559          */
560         status = acpi_ex_prep_common_field_object(obj_desc, field_flags, 0,
561                                                   bit_offset, bit_count);
562         if (ACPI_FAILURE(status)) {
563                 goto cleanup;
564         }
565
566         obj_desc->buffer_field.buffer_obj = buffer_desc;
567
568         /* Reference count for buffer_desc inherits obj_desc count */
569
570         buffer_desc->common.reference_count = (u16)
571             (buffer_desc->common.reference_count +
572              obj_desc->common.reference_count);
573
574       cleanup:
575
576         /* Always delete the operands */
577
578         acpi_ut_remove_reference(offset_desc);
579         acpi_ut_remove_reference(buffer_desc);
580
581         if (aml_opcode == AML_CREATE_FIELD_OP) {
582                 acpi_ut_remove_reference(length_desc);
583         }
584
585         /* On failure, delete the result descriptor */
586
587         if (ACPI_FAILURE(status)) {
588                 acpi_ut_remove_reference(result_desc);  /* Result descriptor */
589         } else {
590                 /* Now the address and length are valid for this buffer_field */
591
592                 obj_desc->buffer_field.flags |= AOPOBJ_DATA_VALID;
593         }
594
595         return_ACPI_STATUS(status);
596 }
597
598 /*******************************************************************************
599  *
600  * FUNCTION:    acpi_ds_eval_buffer_field_operands
601  *
602  * PARAMETERS:  walk_state      - Current walk
603  *              Op              - A valid buffer_field Op object
604  *
605  * RETURN:      Status
606  *
607  * DESCRIPTION: Get buffer_field Buffer and Index
608  *              Called from acpi_ds_exec_end_op during buffer_field parse tree walk
609  *
610  ******************************************************************************/
611
612 acpi_status
613 acpi_ds_eval_buffer_field_operands(struct acpi_walk_state *walk_state,
614                                    union acpi_parse_object *op)
615 {
616         acpi_status status;
617         union acpi_operand_object *obj_desc;
618         struct acpi_namespace_node *node;
619         union acpi_parse_object *next_op;
620
621         ACPI_FUNCTION_TRACE_PTR(ds_eval_buffer_field_operands, op);
622
623         /*
624          * This is where we evaluate the address and length fields of the
625          * create_xxx_field declaration
626          */
627         node = op->common.node;
628
629         /* next_op points to the op that holds the Buffer */
630
631         next_op = op->common.value.arg;
632
633         /* Evaluate/create the address and length operands */
634
635         status = acpi_ds_create_operands(walk_state, next_op);
636         if (ACPI_FAILURE(status)) {
637                 return_ACPI_STATUS(status);
638         }
639
640         obj_desc = acpi_ns_get_attached_object(node);
641         if (!obj_desc) {
642                 return_ACPI_STATUS(AE_NOT_EXIST);
643         }
644
645         /* Resolve the operands */
646
647         status = acpi_ex_resolve_operands(op->common.aml_opcode,
648                                           ACPI_WALK_OPERANDS, walk_state);
649
650         ACPI_DUMP_OPERANDS(ACPI_WALK_OPERANDS, ACPI_IMODE_EXECUTE,
651                            acpi_ps_get_opcode_name(op->common.aml_opcode),
652                            walk_state->num_operands,
653                            "after AcpiExResolveOperands");
654
655         if (ACPI_FAILURE(status)) {
656                 ACPI_ERROR((AE_INFO, "(%s) bad operand(s) (%X)",
657                             acpi_ps_get_opcode_name(op->common.aml_opcode),
658                             status));
659
660                 return_ACPI_STATUS(status);
661         }
662
663         /* Initialize the Buffer Field */
664
665         if (op->common.aml_opcode == AML_CREATE_FIELD_OP) {
666
667                 /* NOTE: Slightly different operands for this opcode */
668
669                 status =
670                     acpi_ds_init_buffer_field(op->common.aml_opcode, obj_desc,
671                                               walk_state->operands[0],
672                                               walk_state->operands[1],
673                                               walk_state->operands[2],
674                                               walk_state->operands[3]);
675         } else {
676                 /* All other, create_xxx_field opcodes */
677
678                 status =
679                     acpi_ds_init_buffer_field(op->common.aml_opcode, obj_desc,
680                                               walk_state->operands[0],
681                                               walk_state->operands[1], NULL,
682                                               walk_state->operands[2]);
683         }
684
685         return_ACPI_STATUS(status);
686 }
687
688 /*******************************************************************************
689  *
690  * FUNCTION:    acpi_ds_eval_region_operands
691  *
692  * PARAMETERS:  walk_state      - Current walk
693  *              Op              - A valid region Op object
694  *
695  * RETURN:      Status
696  *
697  * DESCRIPTION: Get region address and length
698  *              Called from acpi_ds_exec_end_op during op_region parse tree walk
699  *
700  ******************************************************************************/
701
702 acpi_status
703 acpi_ds_eval_region_operands(struct acpi_walk_state *walk_state,
704                              union acpi_parse_object *op)
705 {
706         acpi_status status;
707         union acpi_operand_object *obj_desc;
708         union acpi_operand_object *operand_desc;
709         struct acpi_namespace_node *node;
710         union acpi_parse_object *next_op;
711
712         ACPI_FUNCTION_TRACE_PTR(ds_eval_region_operands, op);
713
714         /*
715          * This is where we evaluate the address and length fields of the
716          * op_region declaration
717          */
718         node = op->common.node;
719
720         /* next_op points to the op that holds the space_iD */
721
722         next_op = op->common.value.arg;
723
724         /* next_op points to address op */
725
726         next_op = next_op->common.next;
727
728         /* Evaluate/create the address and length operands */
729
730         status = acpi_ds_create_operands(walk_state, next_op);
731         if (ACPI_FAILURE(status)) {
732                 return_ACPI_STATUS(status);
733         }
734
735         /* Resolve the length and address operands to numbers */
736
737         status = acpi_ex_resolve_operands(op->common.aml_opcode,
738                                           ACPI_WALK_OPERANDS, walk_state);
739         if (ACPI_FAILURE(status)) {
740                 return_ACPI_STATUS(status);
741         }
742
743         ACPI_DUMP_OPERANDS(ACPI_WALK_OPERANDS, ACPI_IMODE_EXECUTE,
744                            acpi_ps_get_opcode_name(op->common.aml_opcode),
745                            1, "after AcpiExResolveOperands");
746
747         obj_desc = acpi_ns_get_attached_object(node);
748         if (!obj_desc) {
749                 return_ACPI_STATUS(AE_NOT_EXIST);
750         }
751
752         /*
753          * Get the length operand and save it
754          * (at Top of stack)
755          */
756         operand_desc = walk_state->operands[walk_state->num_operands - 1];
757
758         obj_desc->region.length = (u32) operand_desc->integer.value;
759         acpi_ut_remove_reference(operand_desc);
760
761         /*
762          * Get the address and save it
763          * (at top of stack - 1)
764          */
765         operand_desc = walk_state->operands[walk_state->num_operands - 2];
766
767         obj_desc->region.address = (acpi_physical_address)
768             operand_desc->integer.value;
769         acpi_ut_remove_reference(operand_desc);
770
771         ACPI_DEBUG_PRINT((ACPI_DB_EXEC, "RgnObj %p Addr %8.8X%8.8X Len %X\n",
772                           obj_desc,
773                           ACPI_FORMAT_UINT64(obj_desc->region.address),
774                           obj_desc->region.length));
775
776         /* Now the address and length are valid for this opregion */
777
778         obj_desc->region.flags |= AOPOBJ_DATA_VALID;
779
780         return_ACPI_STATUS(status);
781 }
782
783 /*******************************************************************************
784  *
785  * FUNCTION:    acpi_ds_eval_data_object_operands
786  *
787  * PARAMETERS:  walk_state      - Current walk
788  *              Op              - A valid data_object Op object
789  *              obj_desc        - data_object
790  *
791  * RETURN:      Status
792  *
793  * DESCRIPTION: Get the operands and complete the following data object types:
794  *              Buffer, Package.
795  *
796  ******************************************************************************/
797
798 acpi_status
799 acpi_ds_eval_data_object_operands(struct acpi_walk_state *walk_state,
800                                   union acpi_parse_object *op,
801                                   union acpi_operand_object *obj_desc)
802 {
803         acpi_status status;
804         union acpi_operand_object *arg_desc;
805         u32 length;
806
807         ACPI_FUNCTION_TRACE(ds_eval_data_object_operands);
808
809         /* The first operand (for all of these data objects) is the length */
810
811         status = acpi_ds_create_operand(walk_state, op->common.value.arg, 1);
812         if (ACPI_FAILURE(status)) {
813                 return_ACPI_STATUS(status);
814         }
815
816         status = acpi_ex_resolve_operands(walk_state->opcode,
817                                           &(walk_state->
818                                             operands[walk_state->num_operands -
819                                                      1]), walk_state);
820         if (ACPI_FAILURE(status)) {
821                 return_ACPI_STATUS(status);
822         }
823
824         /* Extract length operand */
825
826         arg_desc = walk_state->operands[walk_state->num_operands - 1];
827         length = (u32) arg_desc->integer.value;
828
829         /* Cleanup for length operand */
830
831         status = acpi_ds_obj_stack_pop(1, walk_state);
832         if (ACPI_FAILURE(status)) {
833                 return_ACPI_STATUS(status);
834         }
835
836         acpi_ut_remove_reference(arg_desc);
837
838         /*
839          * Create the actual data object
840          */
841         switch (op->common.aml_opcode) {
842         case AML_BUFFER_OP:
843
844                 status =
845                     acpi_ds_build_internal_buffer_obj(walk_state, op, length,
846                                                       &obj_desc);
847                 break;
848
849         case AML_PACKAGE_OP:
850         case AML_VAR_PACKAGE_OP:
851
852                 status =
853                     acpi_ds_build_internal_package_obj(walk_state, op, length,
854                                                        &obj_desc);
855                 break;
856
857         default:
858                 return_ACPI_STATUS(AE_AML_BAD_OPCODE);
859         }
860
861         if (ACPI_SUCCESS(status)) {
862                 /*
863                  * Return the object in the walk_state, unless the parent is a package -
864                  * in this case, the return object will be stored in the parse tree
865                  * for the package.
866                  */
867                 if ((!op->common.parent) ||
868                     ((op->common.parent->common.aml_opcode != AML_PACKAGE_OP) &&
869                      (op->common.parent->common.aml_opcode !=
870                       AML_VAR_PACKAGE_OP)
871                      && (op->common.parent->common.aml_opcode != AML_NAME_OP))) {
872                         walk_state->result_obj = obj_desc;
873                 }
874         }
875
876         return_ACPI_STATUS(status);
877 }
878
879 /*******************************************************************************
880  *
881  * FUNCTION:    acpi_ds_exec_begin_control_op
882  *
883  * PARAMETERS:  walk_list       - The list that owns the walk stack
884  *              Op              - The control Op
885  *
886  * RETURN:      Status
887  *
888  * DESCRIPTION: Handles all control ops encountered during control method
889  *              execution.
890  *
891  ******************************************************************************/
892
893 acpi_status
894 acpi_ds_exec_begin_control_op(struct acpi_walk_state *walk_state,
895                               union acpi_parse_object *op)
896 {
897         acpi_status status = AE_OK;
898         union acpi_generic_state *control_state;
899
900         ACPI_FUNCTION_NAME(ds_exec_begin_control_op);
901
902         ACPI_DEBUG_PRINT((ACPI_DB_DISPATCH, "Op=%p Opcode=%2.2X State=%p\n", op,
903                           op->common.aml_opcode, walk_state));
904
905         switch (op->common.aml_opcode) {
906         case AML_IF_OP:
907         case AML_WHILE_OP:
908
909                 /*
910                  * IF/WHILE: Create a new control state to manage these
911                  * constructs. We need to manage these as a stack, in order
912                  * to handle nesting.
913                  */
914                 control_state = acpi_ut_create_control_state();
915                 if (!control_state) {
916                         status = AE_NO_MEMORY;
917                         break;
918                 }
919                 /*
920                  * Save a pointer to the predicate for multiple executions
921                  * of a loop
922                  */
923                 control_state->control.aml_predicate_start =
924                     walk_state->parser_state.aml - 1;
925                 control_state->control.package_end =
926                     walk_state->parser_state.pkg_end;
927                 control_state->control.opcode = op->common.aml_opcode;
928
929                 /* Push the control state on this walk's control stack */
930
931                 acpi_ut_push_generic_state(&walk_state->control_state,
932                                            control_state);
933                 break;
934
935         case AML_ELSE_OP:
936
937                 /* Predicate is in the state object */
938                 /* If predicate is true, the IF was executed, ignore ELSE part */
939
940                 if (walk_state->last_predicate) {
941                         status = AE_CTRL_TRUE;
942                 }
943
944                 break;
945
946         case AML_RETURN_OP:
947
948                 break;
949
950         default:
951                 break;
952         }
953
954         return (status);
955 }
956
957 /*******************************************************************************
958  *
959  * FUNCTION:    acpi_ds_exec_end_control_op
960  *
961  * PARAMETERS:  walk_list       - The list that owns the walk stack
962  *              Op              - The control Op
963  *
964  * RETURN:      Status
965  *
966  * DESCRIPTION: Handles all control ops encountered during control method
967  *              execution.
968  *
969  ******************************************************************************/
970
971 acpi_status
972 acpi_ds_exec_end_control_op(struct acpi_walk_state * walk_state,
973                             union acpi_parse_object * op)
974 {
975         acpi_status status = AE_OK;
976         union acpi_generic_state *control_state;
977
978         ACPI_FUNCTION_NAME(ds_exec_end_control_op);
979
980         switch (op->common.aml_opcode) {
981         case AML_IF_OP:
982
983                 ACPI_DEBUG_PRINT((ACPI_DB_DISPATCH, "[IF_OP] Op=%p\n", op));
984
985                 /*
986                  * Save the result of the predicate in case there is an
987                  * ELSE to come
988                  */
989                 walk_state->last_predicate =
990                     (u8) walk_state->control_state->common.value;
991
992                 /*
993                  * Pop the control state that was created at the start
994                  * of the IF and free it
995                  */
996                 control_state =
997                     acpi_ut_pop_generic_state(&walk_state->control_state);
998                 acpi_ut_delete_generic_state(control_state);
999                 break;
1000
1001         case AML_ELSE_OP:
1002
1003                 break;
1004
1005         case AML_WHILE_OP:
1006
1007                 ACPI_DEBUG_PRINT((ACPI_DB_DISPATCH, "[WHILE_OP] Op=%p\n", op));
1008
1009                 if (walk_state->control_state->common.value) {
1010
1011                         /* Predicate was true, go back and evaluate it again! */
1012
1013                         status = AE_CTRL_PENDING;
1014                 }
1015
1016                 ACPI_DEBUG_PRINT((ACPI_DB_DISPATCH,
1017                                   "[WHILE_OP] termination! Op=%p\n", op));
1018
1019                 /* Pop this control state and free it */
1020
1021                 control_state =
1022                     acpi_ut_pop_generic_state(&walk_state->control_state);
1023
1024                 walk_state->aml_last_while =
1025                     control_state->control.aml_predicate_start;
1026                 acpi_ut_delete_generic_state(control_state);
1027                 break;
1028
1029         case AML_RETURN_OP:
1030
1031                 ACPI_DEBUG_PRINT((ACPI_DB_DISPATCH,
1032                                   "[RETURN_OP] Op=%p Arg=%p\n", op,
1033                                   op->common.value.arg));
1034
1035                 /*
1036                  * One optional operand -- the return value
1037                  * It can be either an immediate operand or a result that
1038                  * has been bubbled up the tree
1039                  */
1040                 if (op->common.value.arg) {
1041
1042                         /* Since we have a real Return(), delete any implicit return */
1043
1044                         acpi_ds_clear_implicit_return(walk_state);
1045
1046                         /* Return statement has an immediate operand */
1047
1048                         status =
1049                             acpi_ds_create_operands(walk_state,
1050                                                     op->common.value.arg);
1051                         if (ACPI_FAILURE(status)) {
1052                                 return (status);
1053                         }
1054
1055                         /*
1056                          * If value being returned is a Reference (such as
1057                          * an arg or local), resolve it now because it may
1058                          * cease to exist at the end of the method.
1059                          */
1060                         status =
1061                             acpi_ex_resolve_to_value(&walk_state->operands[0],
1062                                                      walk_state);
1063                         if (ACPI_FAILURE(status)) {
1064                                 return (status);
1065                         }
1066
1067                         /*
1068                          * Get the return value and save as the last result
1069                          * value.  This is the only place where walk_state->return_desc
1070                          * is set to anything other than zero!
1071                          */
1072                         walk_state->return_desc = walk_state->operands[0];
1073                 } else if ((walk_state->results) &&
1074                            (walk_state->results->results.num_results > 0)) {
1075
1076                         /* Since we have a real Return(), delete any implicit return */
1077
1078                         acpi_ds_clear_implicit_return(walk_state);
1079
1080                         /*
1081                          * The return value has come from a previous calculation.
1082                          *
1083                          * If value being returned is a Reference (such as
1084                          * an arg or local), resolve it now because it may
1085                          * cease to exist at the end of the method.
1086                          *
1087                          * Allow references created by the Index operator to return unchanged.
1088                          */
1089                         if ((ACPI_GET_DESCRIPTOR_TYPE
1090                              (walk_state->results->results.obj_desc[0]) ==
1091                              ACPI_DESC_TYPE_OPERAND)
1092                             &&
1093                             (ACPI_GET_OBJECT_TYPE
1094                              (walk_state->results->results.obj_desc[0]) ==
1095                              ACPI_TYPE_LOCAL_REFERENCE)
1096                             && ((walk_state->results->results.obj_desc[0])->
1097                                 reference.opcode != AML_INDEX_OP)) {
1098                                 status =
1099                                     acpi_ex_resolve_to_value(&walk_state->
1100                                                              results->results.
1101                                                              obj_desc[0],
1102                                                              walk_state);
1103                                 if (ACPI_FAILURE(status)) {
1104                                         return (status);
1105                                 }
1106                         }
1107
1108                         walk_state->return_desc =
1109                             walk_state->results->results.obj_desc[0];
1110                 } else {
1111                         /* No return operand */
1112
1113                         if (walk_state->num_operands) {
1114                                 acpi_ut_remove_reference(walk_state->
1115                                                          operands[0]);
1116                         }
1117
1118                         walk_state->operands[0] = NULL;
1119                         walk_state->num_operands = 0;
1120                         walk_state->return_desc = NULL;
1121                 }
1122
1123                 ACPI_DEBUG_PRINT((ACPI_DB_DISPATCH,
1124                                   "Completed RETURN_OP State=%p, RetVal=%p\n",
1125                                   walk_state, walk_state->return_desc));
1126
1127                 /* End the control method execution right now */
1128
1129                 status = AE_CTRL_TERMINATE;
1130                 break;
1131
1132         case AML_NOOP_OP:
1133
1134                 /* Just do nothing! */
1135                 break;
1136
1137         case AML_BREAK_POINT_OP:
1138
1139                 /* Call up to the OS service layer to handle this */
1140
1141                 status =
1142                     acpi_os_signal(ACPI_SIGNAL_BREAKPOINT,
1143                                    "Executed AML Breakpoint opcode");
1144
1145                 /* If and when it returns, all done. */
1146
1147                 break;
1148
1149         case AML_BREAK_OP:
1150         case AML_CONTINUE_OP:   /* ACPI 2.0 */
1151
1152                 /* Pop and delete control states until we find a while */
1153
1154                 while (walk_state->control_state &&
1155                        (walk_state->control_state->control.opcode !=
1156                         AML_WHILE_OP)) {
1157                         control_state =
1158                             acpi_ut_pop_generic_state(&walk_state->
1159                                                       control_state);
1160                         acpi_ut_delete_generic_state(control_state);
1161                 }
1162
1163                 /* No while found? */
1164
1165                 if (!walk_state->control_state) {
1166                         return (AE_AML_NO_WHILE);
1167                 }
1168
1169                 /* Was: walk_state->aml_last_while = walk_state->control_state->Control.aml_predicate_start; */
1170
1171                 walk_state->aml_last_while =
1172                     walk_state->control_state->control.package_end;
1173
1174                 /* Return status depending on opcode */
1175
1176                 if (op->common.aml_opcode == AML_BREAK_OP) {
1177                         status = AE_CTRL_BREAK;
1178                 } else {
1179                         status = AE_CTRL_CONTINUE;
1180                 }
1181                 break;
1182
1183         default:
1184
1185                 ACPI_ERROR((AE_INFO, "Unknown control opcode=%X Op=%p",
1186                             op->common.aml_opcode, op));
1187
1188                 status = AE_AML_BAD_OPCODE;
1189                 break;
1190         }
1191
1192         return (status);
1193 }