1 // SPDX-License-Identifier: BSD-3-Clause OR GPL-2.0
2 /******************************************************************************
3  *
4  * Module Name: exconfig - Namespace reconfiguration (Load/Unload opcodes)
5  *
6  * Copyright (C) 2000 - 2022, Intel Corp.
7  *
8  *****************************************************************************/
9 
10 #include <acpi/acpi.h>
11 #include "accommon.h"
12 #include "acinterp.h"
13 #include "acnamesp.h"
14 #include "actables.h"
15 #include "acdispat.h"
16 #include "acevents.h"
17 #include "amlcode.h"
18 
19 #define _COMPONENT          ACPI_EXECUTER
20 ACPI_MODULE_NAME("exconfig")
21 
22 /* Local prototypes */
23 static acpi_status
24 acpi_ex_add_table(u32 table_index, union acpi_operand_object **ddb_handle);
25 
26 static acpi_status
27 acpi_ex_region_read(union acpi_operand_object *obj_desc,
28 		    u32 length, u8 *buffer);
29 
30 /*******************************************************************************
31  *
32  * FUNCTION:    acpi_ex_add_table
33  *
34  * PARAMETERS:  table               - Pointer to raw table
35  *              parent_node         - Where to load the table (scope)
36  *              ddb_handle          - Where to return the table handle.
37  *
38  * RETURN:      Status
39  *
40  * DESCRIPTION: Common function to Install and Load an ACPI table with a
41  *              returned table handle.
42  *
43  ******************************************************************************/
44 
45 static acpi_status
acpi_ex_add_table(u32 table_index,union acpi_operand_object ** ddb_handle)46 acpi_ex_add_table(u32 table_index, union acpi_operand_object **ddb_handle)
47 {
48 	union acpi_operand_object *obj_desc;
49 
50 	ACPI_FUNCTION_TRACE(ex_add_table);
51 
52 	/* Create an object to be the table handle */
53 
54 	obj_desc = acpi_ut_create_internal_object(ACPI_TYPE_LOCAL_REFERENCE);
55 	if (!obj_desc) {
56 		return_ACPI_STATUS(AE_NO_MEMORY);
57 	}
58 
59 	/* Init the table handle */
60 
61 	obj_desc->common.flags |= AOPOBJ_DATA_VALID;
62 	obj_desc->reference.class = ACPI_REFCLASS_TABLE;
63 	obj_desc->reference.value = table_index;
64 	*ddb_handle = obj_desc;
65 	return_ACPI_STATUS(AE_OK);
66 }
67 
68 /*******************************************************************************
69  *
70  * FUNCTION:    acpi_ex_load_table_op
71  *
72  * PARAMETERS:  walk_state          - Current state with operands
73  *              return_desc         - Where to store the return object
74  *
75  * RETURN:      Status
76  *
77  * DESCRIPTION: Load an ACPI table from the RSDT/XSDT
78  *
79  ******************************************************************************/
80 
81 acpi_status
acpi_ex_load_table_op(struct acpi_walk_state * walk_state,union acpi_operand_object ** return_desc)82 acpi_ex_load_table_op(struct acpi_walk_state *walk_state,
83 		      union acpi_operand_object **return_desc)
84 {
85 	acpi_status status;
86 	union acpi_operand_object **operand = &walk_state->operands[0];
87 	struct acpi_namespace_node *parent_node;
88 	struct acpi_namespace_node *start_node;
89 	struct acpi_namespace_node *parameter_node = NULL;
90 	union acpi_operand_object *return_obj;
91 	union acpi_operand_object *ddb_handle;
92 	u32 table_index;
93 
94 	ACPI_FUNCTION_TRACE(ex_load_table_op);
95 
96 	/* Create the return object */
97 
98 	return_obj = acpi_ut_create_integer_object((u64)0);
99 	if (!return_obj) {
100 		return_ACPI_STATUS(AE_NO_MEMORY);
101 	}
102 
103 	*return_desc = return_obj;
104 
105 	/* Find the ACPI table in the RSDT/XSDT */
106 
107 	acpi_ex_exit_interpreter();
108 	status = acpi_tb_find_table(operand[0]->string.pointer,
109 				    operand[1]->string.pointer,
110 				    operand[2]->string.pointer, &table_index);
111 	acpi_ex_enter_interpreter();
112 	if (ACPI_FAILURE(status)) {
113 		if (status != AE_NOT_FOUND) {
114 			return_ACPI_STATUS(status);
115 		}
116 
117 		/* Table not found, return an Integer=0 and AE_OK */
118 
119 		return_ACPI_STATUS(AE_OK);
120 	}
121 
122 	/* Default nodes */
123 
124 	start_node = walk_state->scope_info->scope.node;
125 	parent_node = acpi_gbl_root_node;
126 
127 	/* root_path (optional parameter) */
128 
129 	if (operand[3]->string.length > 0) {
130 		/*
131 		 * Find the node referenced by the root_path_string. This is the
132 		 * location within the namespace where the table will be loaded.
133 		 */
134 		status = acpi_ns_get_node_unlocked(start_node,
135 						   operand[3]->string.pointer,
136 						   ACPI_NS_SEARCH_PARENT,
137 						   &parent_node);
138 		if (ACPI_FAILURE(status)) {
139 			return_ACPI_STATUS(status);
140 		}
141 	}
142 
143 	/* parameter_path (optional parameter) */
144 
145 	if (operand[4]->string.length > 0) {
146 		if ((operand[4]->string.pointer[0] != AML_ROOT_PREFIX) &&
147 		    (operand[4]->string.pointer[0] != AML_PARENT_PREFIX)) {
148 			/*
149 			 * Path is not absolute, so it will be relative to the node
150 			 * referenced by the root_path_string (or the NS root if omitted)
151 			 */
152 			start_node = parent_node;
153 		}
154 
155 		/* Find the node referenced by the parameter_path_string */
156 
157 		status = acpi_ns_get_node_unlocked(start_node,
158 						   operand[4]->string.pointer,
159 						   ACPI_NS_SEARCH_PARENT,
160 						   &parameter_node);
161 		if (ACPI_FAILURE(status)) {
162 			return_ACPI_STATUS(status);
163 		}
164 	}
165 
166 	/* Load the table into the namespace */
167 
168 	ACPI_INFO(("Dynamic OEM Table Load:"));
169 	acpi_ex_exit_interpreter();
170 	status = acpi_tb_load_table(table_index, parent_node);
171 	acpi_ex_enter_interpreter();
172 	if (ACPI_FAILURE(status)) {
173 		return_ACPI_STATUS(status);
174 	}
175 
176 	status = acpi_ex_add_table(table_index, &ddb_handle);
177 	if (ACPI_FAILURE(status)) {
178 		return_ACPI_STATUS(status);
179 	}
180 
181 	/* Complete the initialization/resolution of new objects */
182 
183 	acpi_ex_exit_interpreter();
184 	acpi_ns_initialize_objects();
185 	acpi_ex_enter_interpreter();
186 
187 	/* Parameter Data (optional) */
188 
189 	if (parameter_node) {
190 
191 		/* Store the parameter data into the optional parameter object */
192 
193 		status = acpi_ex_store(operand[5],
194 				       ACPI_CAST_PTR(union acpi_operand_object,
195 						     parameter_node),
196 				       walk_state);
197 		if (ACPI_FAILURE(status)) {
198 			(void)acpi_ex_unload_table(ddb_handle);
199 
200 			acpi_ut_remove_reference(ddb_handle);
201 			return_ACPI_STATUS(status);
202 		}
203 	}
204 
205 	/* Remove the reference to ddb_handle created by acpi_ex_add_table above */
206 
207 	acpi_ut_remove_reference(ddb_handle);
208 
209 	/* Return -1 (non-zero) indicates success */
210 
211 	return_obj->integer.value = 0xFFFFFFFFFFFFFFFF;
212 	return_ACPI_STATUS(status);
213 }
214 
215 /*******************************************************************************
216  *
217  * FUNCTION:    acpi_ex_region_read
218  *
219  * PARAMETERS:  obj_desc        - Region descriptor
220  *              length          - Number of bytes to read
221  *              buffer          - Pointer to where to put the data
222  *
223  * RETURN:      Status
224  *
225  * DESCRIPTION: Read data from an operation region. The read starts from the
226  *              beginning of the region.
227  *
228  ******************************************************************************/
229 
230 static acpi_status
acpi_ex_region_read(union acpi_operand_object * obj_desc,u32 length,u8 * buffer)231 acpi_ex_region_read(union acpi_operand_object *obj_desc, u32 length, u8 *buffer)
232 {
233 	acpi_status status;
234 	u64 value;
235 	u32 region_offset = 0;
236 	u32 i;
237 
238 	/* Bytewise reads */
239 
240 	for (i = 0; i < length; i++) {
241 		status =
242 		    acpi_ev_address_space_dispatch(obj_desc, NULL, ACPI_READ,
243 						   region_offset, 8, &value);
244 		if (ACPI_FAILURE(status)) {
245 			return (status);
246 		}
247 
248 		*buffer = (u8)value;
249 		buffer++;
250 		region_offset++;
251 	}
252 
253 	return (AE_OK);
254 }
255 
256 /*******************************************************************************
257  *
258  * FUNCTION:    acpi_ex_load_op
259  *
260  * PARAMETERS:  obj_desc        - Region or Buffer/Field where the table will be
261  *                                obtained
262  *              target          - Where the status of the load will be stored
263  *              walk_state      - Current state
264  *
265  * RETURN:      Status
266  *
267  * DESCRIPTION: Load an ACPI table from a field or operation region
268  *
269  * NOTE: Region Fields (Field, bank_field, index_fields) are resolved to buffer
270  *       objects before this code is reached.
271  *
272  *       If source is an operation region, it must refer to system_memory, as
273  *       per the ACPI specification.
274  *
275  ******************************************************************************/
276 
277 acpi_status
acpi_ex_load_op(union acpi_operand_object * obj_desc,union acpi_operand_object * target,struct acpi_walk_state * walk_state)278 acpi_ex_load_op(union acpi_operand_object *obj_desc,
279 		union acpi_operand_object *target,
280 		struct acpi_walk_state *walk_state)
281 {
282 	union acpi_operand_object *ddb_handle;
283 	struct acpi_table_header *table_header;
284 	struct acpi_table_header *table;
285 	u32 table_index;
286 	acpi_status status;
287 	u32 length;
288 
289 	ACPI_FUNCTION_TRACE(ex_load_op);
290 
291 	if (target->common.descriptor_type == ACPI_DESC_TYPE_NAMED) {
292 		target =
293 		    acpi_ns_get_attached_object(ACPI_CAST_PTR
294 						(struct acpi_namespace_node,
295 						 target));
296 	}
297 	if (target->common.type != ACPI_TYPE_INTEGER) {
298 		ACPI_ERROR((AE_INFO, "Type not integer: %X",
299 			    target->common.type));
300 		return_ACPI_STATUS(AE_AML_OPERAND_TYPE);
301 	}
302 
303 	target->integer.value = 0;
304 
305 	/* Source Object can be either an op_region or a Buffer/Field */
306 
307 	switch (obj_desc->common.type) {
308 	case ACPI_TYPE_REGION:
309 
310 		ACPI_DEBUG_PRINT((ACPI_DB_EXEC,
311 				  "Load table from Region %p\n", obj_desc));
312 
313 		/* Region must be system_memory (from ACPI spec) */
314 
315 		if (obj_desc->region.space_id != ACPI_ADR_SPACE_SYSTEM_MEMORY) {
316 			return_ACPI_STATUS(AE_AML_OPERAND_TYPE);
317 		}
318 
319 		/*
320 		 * If the Region Address and Length have not been previously
321 		 * evaluated, evaluate them now and save the results.
322 		 */
323 		if (!(obj_desc->common.flags & AOPOBJ_DATA_VALID)) {
324 			status = acpi_ds_get_region_arguments(obj_desc);
325 			if (ACPI_FAILURE(status)) {
326 				return_ACPI_STATUS(status);
327 			}
328 		}
329 
330 		/* Get the table header first so we can get the table length */
331 
332 		table_header = ACPI_ALLOCATE(sizeof(struct acpi_table_header));
333 		if (!table_header) {
334 			return_ACPI_STATUS(AE_NO_MEMORY);
335 		}
336 
337 		status =
338 		    acpi_ex_region_read(obj_desc,
339 					sizeof(struct acpi_table_header),
340 					ACPI_CAST_PTR(u8, table_header));
341 		length = table_header->length;
342 		ACPI_FREE(table_header);
343 
344 		if (ACPI_FAILURE(status)) {
345 			return_ACPI_STATUS(status);
346 		}
347 
348 		/* Must have at least an ACPI table header */
349 
350 		if (length < sizeof(struct acpi_table_header)) {
351 			return_ACPI_STATUS(AE_INVALID_TABLE_LENGTH);
352 		}
353 
354 		/*
355 		 * The original implementation simply mapped the table, with no copy.
356 		 * However, the memory region is not guaranteed to remain stable and
357 		 * we must copy the table to a local buffer. For example, the memory
358 		 * region is corrupted after suspend on some machines. Dynamically
359 		 * loaded tables are usually small, so this overhead is minimal.
360 		 *
361 		 * The latest implementation (5/2009) does not use a mapping at all.
362 		 * We use the low-level operation region interface to read the table
363 		 * instead of the obvious optimization of using a direct mapping.
364 		 * This maintains a consistent use of operation regions across the
365 		 * entire subsystem. This is important if additional processing must
366 		 * be performed in the (possibly user-installed) operation region
367 		 * handler. For example, acpi_exec and ASLTS depend on this.
368 		 */
369 
370 		/* Allocate a buffer for the table */
371 
372 		table = ACPI_ALLOCATE(length);
373 		if (!table) {
374 			return_ACPI_STATUS(AE_NO_MEMORY);
375 		}
376 
377 		/* Read the entire table */
378 
379 		status = acpi_ex_region_read(obj_desc, length,
380 					     ACPI_CAST_PTR(u8, table));
381 		if (ACPI_FAILURE(status)) {
382 			ACPI_FREE(table);
383 			return_ACPI_STATUS(status);
384 		}
385 		break;
386 
387 	case ACPI_TYPE_BUFFER:	/* Buffer or resolved region_field */
388 
389 		ACPI_DEBUG_PRINT((ACPI_DB_EXEC,
390 				  "Load table from Buffer or Field %p\n",
391 				  obj_desc));
392 
393 		/* Must have at least an ACPI table header */
394 
395 		if (obj_desc->buffer.length < sizeof(struct acpi_table_header)) {
396 			return_ACPI_STATUS(AE_INVALID_TABLE_LENGTH);
397 		}
398 
399 		/* Get the actual table length from the table header */
400 
401 		table_header =
402 		    ACPI_CAST_PTR(struct acpi_table_header,
403 				  obj_desc->buffer.pointer);
404 		length = table_header->length;
405 
406 		/* Table cannot extend beyond the buffer */
407 
408 		if (length > obj_desc->buffer.length) {
409 			return_ACPI_STATUS(AE_AML_BUFFER_LIMIT);
410 		}
411 		if (length < sizeof(struct acpi_table_header)) {
412 			return_ACPI_STATUS(AE_INVALID_TABLE_LENGTH);
413 		}
414 
415 		/*
416 		 * Copy the table from the buffer because the buffer could be
417 		 * modified or even deleted in the future
418 		 */
419 		table = ACPI_ALLOCATE(length);
420 		if (!table) {
421 			return_ACPI_STATUS(AE_NO_MEMORY);
422 		}
423 
424 		memcpy(table, table_header, length);
425 		break;
426 
427 	default:
428 
429 		return_ACPI_STATUS(AE_AML_OPERAND_TYPE);
430 	}
431 
432 	/* Install the new table into the local data structures */
433 
434 	ACPI_INFO(("Dynamic OEM Table Load:"));
435 	acpi_ex_exit_interpreter();
436 	status = acpi_tb_install_and_load_table(ACPI_PTR_TO_PHYSADDR(table),
437 						ACPI_TABLE_ORIGIN_INTERNAL_VIRTUAL,
438 						table, TRUE, &table_index);
439 	acpi_ex_enter_interpreter();
440 	if (ACPI_FAILURE(status)) {
441 
442 		/* Delete allocated table buffer */
443 
444 		ACPI_FREE(table);
445 		return_ACPI_STATUS(status);
446 	}
447 
448 	/*
449 	 * Add the table to the namespace.
450 	 *
451 	 * Note: Load the table objects relative to the root of the namespace.
452 	 * This appears to go against the ACPI specification, but we do it for
453 	 * compatibility with other ACPI implementations.
454 	 */
455 	status = acpi_ex_add_table(table_index, &ddb_handle);
456 	if (ACPI_FAILURE(status)) {
457 		return_ACPI_STATUS(status);
458 	}
459 
460 	/* Complete the initialization/resolution of new objects */
461 
462 	acpi_ex_exit_interpreter();
463 	acpi_ns_initialize_objects();
464 	acpi_ex_enter_interpreter();
465 
466 	/* Remove the reference to ddb_handle created by acpi_ex_add_table above */
467 
468 	acpi_ut_remove_reference(ddb_handle);
469 
470 	/* Return -1 (non-zero) indicates success */
471 
472 	target->integer.value = 0xFFFFFFFFFFFFFFFF;
473 	return_ACPI_STATUS(status);
474 }
475 
476 /*******************************************************************************
477  *
478  * FUNCTION:    acpi_ex_unload_table
479  *
480  * PARAMETERS:  ddb_handle          - Handle to a previously loaded table
481  *
482  * RETURN:      Status
483  *
484  * DESCRIPTION: Unload an ACPI table
485  *
486  ******************************************************************************/
487 
acpi_ex_unload_table(union acpi_operand_object * ddb_handle)488 acpi_status acpi_ex_unload_table(union acpi_operand_object *ddb_handle)
489 {
490 	acpi_status status = AE_OK;
491 	union acpi_operand_object *table_desc = ddb_handle;
492 	u32 table_index;
493 
494 	ACPI_FUNCTION_TRACE(ex_unload_table);
495 
496 	/*
497 	 * Temporarily emit a warning so that the ASL for the machine can be
498 	 * hopefully obtained. This is to say that the Unload() operator is
499 	 * extremely rare if not completely unused.
500 	 */
501 	ACPI_WARNING((AE_INFO, "Received request to unload an ACPI table"));
502 
503 	/*
504 	 * May 2018: Unload is no longer supported for the following reasons:
505 	 * 1) A correct implementation on some hosts may not be possible.
506 	 * 2) Other ACPI implementations do not correctly/fully support it.
507 	 * 3) It requires host device driver support which does not exist.
508 	 *    (To properly support namespace unload out from underneath.)
509 	 * 4) This AML operator has never been seen in the field.
510 	 */
511 	ACPI_EXCEPTION((AE_INFO, AE_NOT_IMPLEMENTED,
512 			"AML Unload operator is not supported"));
513 
514 	/*
515 	 * Validate the handle
516 	 * Although the handle is partially validated in acpi_ex_reconfiguration()
517 	 * when it calls acpi_ex_resolve_operands(), the handle is more completely
518 	 * validated here.
519 	 *
520 	 * Handle must be a valid operand object of type reference. Also, the
521 	 * ddb_handle must still be marked valid (table has not been previously
522 	 * unloaded)
523 	 */
524 	if ((!ddb_handle) ||
525 	    (ACPI_GET_DESCRIPTOR_TYPE(ddb_handle) != ACPI_DESC_TYPE_OPERAND) ||
526 	    (ddb_handle->common.type != ACPI_TYPE_LOCAL_REFERENCE) ||
527 	    (!(ddb_handle->common.flags & AOPOBJ_DATA_VALID))) {
528 		return_ACPI_STATUS(AE_AML_OPERAND_TYPE);
529 	}
530 
531 	/* Get the table index from the ddb_handle */
532 
533 	table_index = table_desc->reference.value;
534 
535 	/*
536 	 * Release the interpreter lock so that the table lock won't have
537 	 * strict order requirement against it.
538 	 */
539 	acpi_ex_exit_interpreter();
540 	status = acpi_tb_unload_table(table_index);
541 	acpi_ex_enter_interpreter();
542 
543 	/*
544 	 * Invalidate the handle. We do this because the handle may be stored
545 	 * in a named object and may not be actually deleted until much later.
546 	 */
547 	if (ACPI_SUCCESS(status)) {
548 		ddb_handle->common.flags &= ~AOPOBJ_DATA_VALID;
549 	}
550 	return_ACPI_STATUS(status);
551 }
552