2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2025-01-10 06:34:17 +08:00
linux-next/drivers/acpi/acpica/acobject.h
Hans de Goede c27f3d011b ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling
ACPICA commit c9e0116952363b0fa815143dca7e9a2eb4fefa61

The handling of the generic_serial_bus (I2C) and GPIO op_regions in
acpi_ev_address_space_dispatch() passes a number of extra parameters
to the address-space handler through the address-space Context pointer
(instead of using more function parameters).

The Context is shared between threads, so if multiple threads try to
call the handler for the same address-space at the same time, then
a second thread could change the parameters of a first thread while
the handler is running for the first thread.

An example of this race hitting is the Lenovo Yoga Tablet2 1015L,
where there are both attrib_bytes accesses and attrib_byte accesses
to the same address-space. The attrib_bytes access stores the number
of bytes to transfer in Context->access_length. Where as for the
attrib_byte access the number of bytes to transfer is always 1 and
field_obj->Field.access_length is unused (so 0). Both types of
accesses racing from different threads leads to the following problem:

 1. Thread a. starts an attrib_bytes access, stores a non 0 value
    from field_obj->Field.access_length in Context->access_length

 2. Thread b. starts an attrib_byte access, stores 0 in
    Context->access_length

 3. Thread a. calls i2c_acpi_space_handler() (under Linux). Which
    sees that the access-type is ACPI_GSB_ACCESS_ATTRIB_MULTIBYTE
    and calls acpi_gsb_i2c_read_bytes(..., Context->access_length)

 4. At this point Context->access_length is 0 (set by thread b.)

rather then the field_obj->Field.access_length value from thread a.
This 0 length reads leads to the following errors being logged:

 i2c i2c-0: adapter quirk: no zero length (addr 0x0078, size 0, read)
 i2c i2c-0: i2c read 0 bytes from client@0x78 starting at reg 0x0 failed, error: -95

Note this is just an example of the problems which this race can cause.

There are likely many more (sporadic) problems caused by this race.

This commit adds a new context_mutex to struct acpi_object_addr_handler
and makes acpi_ev_address_space_dispatch() take that mutex when
using the shared Context to pass extra parameters to an address-space
handler, fixing this race.

Note the new mutex must be taken *after* exiting the interpreter,
therefor the existing acpi_ex_exit_interpreter() call is moved to above
the code which stores the extra parameters in the Context.

Link: https://github.com/acpica/acpica/commit/c9e01169
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Erik Kaneda <erik.kaneda@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2021-02-19 16:03:25 +01:00

443 lines
16 KiB
C

/* SPDX-License-Identifier: BSD-3-Clause OR GPL-2.0 */
/******************************************************************************
*
* Name: acobject.h - Definition of union acpi_operand_object (Internal object only)
*
* Copyright (C) 2000 - 2021, Intel Corp.
*
*****************************************************************************/
#ifndef _ACOBJECT_H
#define _ACOBJECT_H
/* acpisrc:struct_defs -- for acpisrc conversion */
/*
* The union acpi_operand_object is used to pass AML operands from the dispatcher
* to the interpreter, and to keep track of the various handlers such as
* address space handlers and notify handlers. The object is a constant
* size in order to allow it to be cached and reused.
*
* Note: The object is optimized to be aligned and will not work if it is
* byte-packed.
*/
#if ACPI_MACHINE_WIDTH == 64
#pragma pack(8)
#else
#pragma pack(4)
#endif
/*******************************************************************************
*
* Common Descriptors
*
******************************************************************************/
/*
* Common area for all objects.
*
* descriptor_type is used to differentiate between internal descriptors, and
* must be in the same place across all descriptors
*
* Note: The descriptor_type and Type fields must appear in the identical
* position in both the struct acpi_namespace_node and union acpi_operand_object
* structures.
*/
#define ACPI_OBJECT_COMMON_HEADER \
union acpi_operand_object *next_object; /* Objects linked to parent NS node */\
u8 descriptor_type; /* To differentiate various internal objs */\
u8 type; /* acpi_object_type */\
u16 reference_count; /* For object deletion management */\
u8 flags;
/*
* Note: There are 3 bytes available here before the
* next natural alignment boundary (for both 32/64 cases)
*/
/* Values for Flag byte above */
#define AOPOBJ_AML_CONSTANT 0x01 /* Integer is an AML constant */
#define AOPOBJ_STATIC_POINTER 0x02 /* Data is part of an ACPI table, don't delete */
#define AOPOBJ_DATA_VALID 0x04 /* Object is initialized and data is valid */
#define AOPOBJ_OBJECT_INITIALIZED 0x08 /* Region is initialized */
#define AOPOBJ_REG_CONNECTED 0x10 /* _REG was run */
#define AOPOBJ_SETUP_COMPLETE 0x20 /* Region setup is complete */
#define AOPOBJ_INVALID 0x40 /* Host OS won't allow a Region address */
/******************************************************************************
*
* Basic data types
*
*****************************************************************************/
struct acpi_object_common {
ACPI_OBJECT_COMMON_HEADER};
struct acpi_object_integer {
ACPI_OBJECT_COMMON_HEADER u8 fill[3]; /* Prevent warning on some compilers */
u64 value;
};
/*
* Note: The String and Buffer object must be identical through the
* pointer and length elements. There is code that depends on this.
*
* Fields common to both Strings and Buffers
*/
#define ACPI_COMMON_BUFFER_INFO(_type) \
_type *pointer; \
u32 length;
/* Null terminated, ASCII characters only */
struct acpi_object_string {
ACPI_OBJECT_COMMON_HEADER ACPI_COMMON_BUFFER_INFO(char) /* String in AML stream or allocated string */
};
struct acpi_object_buffer {
ACPI_OBJECT_COMMON_HEADER ACPI_COMMON_BUFFER_INFO(u8) /* Buffer in AML stream or allocated buffer */
u32 aml_length;
u8 *aml_start;
struct acpi_namespace_node *node; /* Link back to parent node */
};
struct acpi_object_package {
ACPI_OBJECT_COMMON_HEADER struct acpi_namespace_node *node; /* Link back to parent node */
union acpi_operand_object **elements; /* Array of pointers to acpi_objects */
u8 *aml_start;
u32 aml_length;
u32 count; /* # of elements in package */
};
/******************************************************************************
*
* Complex data types
*
*****************************************************************************/
struct acpi_object_event {
ACPI_OBJECT_COMMON_HEADER acpi_semaphore os_semaphore; /* Actual OS synchronization object */
};
struct acpi_object_mutex {
ACPI_OBJECT_COMMON_HEADER u8 sync_level; /* 0-15, specified in Mutex() call */
u16 acquisition_depth; /* Allow multiple Acquires, same thread */
acpi_mutex os_mutex; /* Actual OS synchronization object */
acpi_thread_id thread_id; /* Current owner of the mutex */
struct acpi_thread_state *owner_thread; /* Current owner of the mutex */
union acpi_operand_object *prev; /* Link for list of acquired mutexes */
union acpi_operand_object *next; /* Link for list of acquired mutexes */
struct acpi_namespace_node *node; /* Containing namespace node */
u8 original_sync_level; /* Owner's original sync level (0-15) */
};
struct acpi_object_region {
ACPI_OBJECT_COMMON_HEADER u8 space_id;
struct acpi_namespace_node *node; /* Containing namespace node */
union acpi_operand_object *handler; /* Handler for region access */
union acpi_operand_object *next;
acpi_physical_address address;
u32 length;
};
struct acpi_object_method {
ACPI_OBJECT_COMMON_HEADER u8 info_flags;
u8 param_count;
u8 sync_level;
union acpi_operand_object *mutex;
union acpi_operand_object *node;
u8 *aml_start;
union {
acpi_internal_method implementation;
union acpi_operand_object *handler;
} dispatch;
u32 aml_length;
acpi_owner_id owner_id;
u8 thread_count;
};
/* Flags for info_flags field above */
#define ACPI_METHOD_MODULE_LEVEL 0x01 /* Method is actually module-level code */
#define ACPI_METHOD_INTERNAL_ONLY 0x02 /* Method is implemented internally (_OSI) */
#define ACPI_METHOD_SERIALIZED 0x04 /* Method is serialized */
#define ACPI_METHOD_SERIALIZED_PENDING 0x08 /* Method is to be marked serialized */
#define ACPI_METHOD_IGNORE_SYNC_LEVEL 0x10 /* Method was auto-serialized at table load time */
#define ACPI_METHOD_MODIFIED_NAMESPACE 0x20 /* Method modified the namespace */
/******************************************************************************
*
* Objects that can be notified. All share a common notify_info area.
*
*****************************************************************************/
/*
* Common fields for objects that support ASL notifications
*/
#define ACPI_COMMON_NOTIFY_INFO \
union acpi_operand_object *notify_list[2]; /* Handlers for system/device notifies */\
union acpi_operand_object *handler; /* Handler for Address space */
/* COMMON NOTIFY for POWER, PROCESSOR, DEVICE, and THERMAL */
struct acpi_object_notify_common {
ACPI_OBJECT_COMMON_HEADER ACPI_COMMON_NOTIFY_INFO};
struct acpi_object_device {
ACPI_OBJECT_COMMON_HEADER
ACPI_COMMON_NOTIFY_INFO struct acpi_gpe_block_info *gpe_block;
};
struct acpi_object_power_resource {
ACPI_OBJECT_COMMON_HEADER ACPI_COMMON_NOTIFY_INFO u32 system_level;
u32 resource_order;
};
struct acpi_object_processor {
ACPI_OBJECT_COMMON_HEADER
/* The next two fields take advantage of the 3-byte space before NOTIFY_INFO */
u8 proc_id;
u8 length;
ACPI_COMMON_NOTIFY_INFO acpi_io_address address;
};
struct acpi_object_thermal_zone {
ACPI_OBJECT_COMMON_HEADER ACPI_COMMON_NOTIFY_INFO};
/******************************************************************************
*
* Fields. All share a common header/info field.
*
*****************************************************************************/
/*
* Common bitfield for the field objects
* "Field Datum" -- a datum from the actual field object
* "Buffer Datum" -- a datum from a user buffer, read from or to be written to the field
*/
#define ACPI_COMMON_FIELD_INFO \
u8 field_flags; /* Access, update, and lock bits */\
u8 attribute; /* From access_as keyword */\
u8 access_byte_width; /* Read/Write size in bytes */\
struct acpi_namespace_node *node; /* Link back to parent node */\
u32 bit_length; /* Length of field in bits */\
u32 base_byte_offset; /* Byte offset within containing object */\
u32 value; /* Value to store into the Bank or Index register */\
u8 start_field_bit_offset;/* Bit offset within first field datum (0-63) */\
u8 access_length; /* For serial regions/fields */
/* COMMON FIELD (for BUFFER, REGION, BANK, and INDEX fields) */
struct acpi_object_field_common {
ACPI_OBJECT_COMMON_HEADER ACPI_COMMON_FIELD_INFO union acpi_operand_object *region_obj; /* Parent Operation Region object (REGION/BANK fields only) */
};
struct acpi_object_region_field {
ACPI_OBJECT_COMMON_HEADER ACPI_COMMON_FIELD_INFO u16 resource_length;
union acpi_operand_object *region_obj; /* Containing op_region object */
u8 *resource_buffer; /* resource_template for serial regions/fields */
u16 pin_number_index; /* Index relative to previous Connection/Template */
u8 *internal_pcc_buffer; /* Internal buffer for fields associated with PCC */
};
struct acpi_object_bank_field {
ACPI_OBJECT_COMMON_HEADER ACPI_COMMON_FIELD_INFO union acpi_operand_object *region_obj; /* Containing op_region object */
union acpi_operand_object *bank_obj; /* bank_select Register object */
};
struct acpi_object_index_field {
ACPI_OBJECT_COMMON_HEADER ACPI_COMMON_FIELD_INFO
/*
* No "RegionObj" pointer needed since the Index and Data registers
* are each field definitions unto themselves.
*/
union acpi_operand_object *index_obj; /* Index register */
union acpi_operand_object *data_obj; /* Data register */
};
/* The buffer_field is different in that it is part of a Buffer, not an op_region */
struct acpi_object_buffer_field {
ACPI_OBJECT_COMMON_HEADER ACPI_COMMON_FIELD_INFO u8 is_create_field; /* Special case for objects created by create_field() */
union acpi_operand_object *buffer_obj; /* Containing Buffer object */
};
/******************************************************************************
*
* Objects for handlers
*
*****************************************************************************/
struct acpi_object_notify_handler {
ACPI_OBJECT_COMMON_HEADER struct acpi_namespace_node *node; /* Parent device */
u32 handler_type; /* Type: Device/System/Both */
acpi_notify_handler handler; /* Handler address */
void *context;
union acpi_operand_object *next[2]; /* Device and System handler lists */
};
struct acpi_object_addr_handler {
ACPI_OBJECT_COMMON_HEADER u8 space_id;
u8 handler_flags;
acpi_adr_space_handler handler;
struct acpi_namespace_node *node; /* Parent device */
void *context;
acpi_mutex context_mutex;
acpi_adr_space_setup setup;
union acpi_operand_object *region_list; /* Regions using this handler */
union acpi_operand_object *next;
};
/* Flags for address handler (handler_flags) */
#define ACPI_ADDR_HANDLER_DEFAULT_INSTALLED 0x01
/******************************************************************************
*
* Special internal objects
*
*****************************************************************************/
/*
* The Reference object is used for these opcodes:
* Arg[0-6], Local[0-7], index_op, name_op, ref_of_op, load_op, load_table_op, debug_op
* The Reference.Class differentiates these types.
*/
struct acpi_object_reference {
ACPI_OBJECT_COMMON_HEADER u8 class; /* Reference Class */
u8 target_type; /* Used for Index Op */
u8 resolved; /* Reference has been resolved to a value */
void *object; /* name_op=>HANDLE to obj, index_op=>union acpi_operand_object */
struct acpi_namespace_node *node; /* ref_of or Namepath */
union acpi_operand_object **where; /* Target of Index */
u8 *index_pointer; /* Used for Buffers and Strings */
u8 *aml; /* Used for deferred resolution of the ref */
u32 value; /* Used for Local/Arg/Index/ddb_handle */
};
/* Values for Reference.Class above */
typedef enum {
ACPI_REFCLASS_LOCAL = 0, /* Method local */
ACPI_REFCLASS_ARG = 1, /* Method argument */
ACPI_REFCLASS_REFOF = 2, /* Result of ref_of() TBD: Split to Ref/Node and Ref/operand_obj? */
ACPI_REFCLASS_INDEX = 3, /* Result of Index() */
ACPI_REFCLASS_TABLE = 4, /* ddb_handle - Load(), load_table() */
ACPI_REFCLASS_NAME = 5, /* Reference to a named object */
ACPI_REFCLASS_DEBUG = 6, /* Debug object */
ACPI_REFCLASS_MAX = 6
} ACPI_REFERENCE_CLASSES;
/*
* Extra object is used as additional storage for types that
* have AML code in their declarations (term_args) that must be
* evaluated at run time.
*
* Currently: Region and field_unit types
*/
struct acpi_object_extra {
ACPI_OBJECT_COMMON_HEADER struct acpi_namespace_node *method_REG; /* _REG method for this region (if any) */
struct acpi_namespace_node *scope_node;
void *region_context; /* Region-specific data */
u8 *aml_start;
u32 aml_length;
};
/* Additional data that can be attached to namespace nodes */
struct acpi_object_data {
ACPI_OBJECT_COMMON_HEADER acpi_object_handler handler;
void *pointer;
};
/* Structure used when objects are cached for reuse */
struct acpi_object_cache_list {
ACPI_OBJECT_COMMON_HEADER union acpi_operand_object *next; /* Link for object cache and internal lists */
};
/******************************************************************************
*
* union acpi_operand_object descriptor - a giant union of all of the above
*
*****************************************************************************/
union acpi_operand_object {
struct acpi_object_common common;
struct acpi_object_integer integer;
struct acpi_object_string string;
struct acpi_object_buffer buffer;
struct acpi_object_package package;
struct acpi_object_event event;
struct acpi_object_method method;
struct acpi_object_mutex mutex;
struct acpi_object_region region;
struct acpi_object_notify_common common_notify;
struct acpi_object_device device;
struct acpi_object_power_resource power_resource;
struct acpi_object_processor processor;
struct acpi_object_thermal_zone thermal_zone;
struct acpi_object_field_common common_field;
struct acpi_object_region_field field;
struct acpi_object_buffer_field buffer_field;
struct acpi_object_bank_field bank_field;
struct acpi_object_index_field index_field;
struct acpi_object_notify_handler notify;
struct acpi_object_addr_handler address_space;
struct acpi_object_reference reference;
struct acpi_object_extra extra;
struct acpi_object_data data;
struct acpi_object_cache_list cache;
/*
* Add namespace node to union in order to simplify code that accepts both
* ACPI_OPERAND_OBJECTs and ACPI_NAMESPACE_NODEs. The structures share
* a common descriptor_type field in order to differentiate them.
*/
struct acpi_namespace_node node;
};
/******************************************************************************
*
* union acpi_descriptor - objects that share a common descriptor identifier
*
*****************************************************************************/
/* Object descriptor types */
#define ACPI_DESC_TYPE_CACHED 0x01 /* Used only when object is cached */
#define ACPI_DESC_TYPE_STATE 0x02
#define ACPI_DESC_TYPE_STATE_UPDATE 0x03
#define ACPI_DESC_TYPE_STATE_PACKAGE 0x04
#define ACPI_DESC_TYPE_STATE_CONTROL 0x05
#define ACPI_DESC_TYPE_STATE_RPSCOPE 0x06
#define ACPI_DESC_TYPE_STATE_PSCOPE 0x07
#define ACPI_DESC_TYPE_STATE_WSCOPE 0x08
#define ACPI_DESC_TYPE_STATE_RESULT 0x09
#define ACPI_DESC_TYPE_STATE_NOTIFY 0x0A
#define ACPI_DESC_TYPE_STATE_THREAD 0x0B
#define ACPI_DESC_TYPE_WALK 0x0C
#define ACPI_DESC_TYPE_PARSER 0x0D
#define ACPI_DESC_TYPE_OPERAND 0x0E
#define ACPI_DESC_TYPE_NAMED 0x0F
#define ACPI_DESC_TYPE_MAX 0x0F
struct acpi_common_descriptor {
void *common_pointer;
u8 descriptor_type; /* To differentiate various internal objs */
};
union acpi_descriptor {
struct acpi_common_descriptor common;
union acpi_operand_object object;
struct acpi_namespace_node node;
union acpi_parse_object op;
};
#pragma pack()
#endif /* _ACOBJECT_H */