UltraOS/uACPI

Increment/Decrement don't support buffer index & write-back for field units

d-tatianin opened this issue · 1 comments

d-tatianin commented 
UACPI_OP(                                                        \
    IncrementOp, 0x75,                                           \
    {                                                            \
        UACPI_PARSE_OP_SUPERNAME_IMPLICIT_DEREF,                 \
        UACPI_PARSE_OP_TYPECHECK, UACPI_OBJECT_INTEGER,          \
        UACPI_PARSE_OP_INVOKE_HANDLER,                           \
        UACPI_PARSE_OP_TRUNCATE_NUMBER,                          \
        UACPI_PARSE_OP_OBJECT_COPY_TO_PREV,                      \
    },                                                           \
    UACPI_OP_PROPERTY_TERM_ARG                                   \
)

Both are the only users of UACPI_PARSE_OP_SUPERNAME_IMPLICIT_DEREF, which is a weird special-cased uop that should be removed completely.

Since that code was added before any sort of Index support, trying to Increment(Buffer[index]) has pretty sad consequences when trying to treat OBJECT_BUFFER_INDEX as if it was a reference:

/mnt/d/uACPI/source/interpreter.c:4780:17: runtime error: member access within null pointer of type 'struct uacpi_object'
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2579==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc 0x562680d5c442 bp 0x7fff7600e590 sp 0x7fff7600e3f0 T0)
==2579==The signal is caused by a READ memory access.
==2579==Hint: address points to the zero page.
    #0 0x562680d5c442 in exec_op /mnt/d/uACPI/source/interpreter.c:4780
    #1 0x562680d6208c in uacpi_execute_control_method /mnt/d/uACPI/source/interpreter.c:5307
    #2 0x562680d35a01 in do_load_table /mnt/d/uACPI/source/interpreter.c:1221
    #3 0x562680d37b3e in uacpi_load_table /mnt/d/uACPI/source/interpreter.c:1415
    #4 0x562680d21104 in uacpi_namespace_load /mnt/d/uACPI/source/uacpi.c:289
    #5 0x562680cf9181 in run_test(std::basic_string_view<char, std::char_traits<char> >, uacpi_object_type, std::basic_string_view<char, std::char_traits<char> >) /mnt/d/uACPI/tests/runner/test_runner.cpp:124
    #6 0x562680cf97b9 in main /mnt/d/uACPI/tests/runner/test_runner.cpp:150
    #7 0x7fefbbb52d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #8 0x7fefbbb52e3f in __libc_start_main_impl ../csu/libc-start.c:392
    #9 0x562680cf70f4 in _start (/mnt/d/uACPI/tests/runner/build-linux/test-runner+0xc00f4)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /mnt/d/uACPI/source/interpreter.c:4780 in exec_op
==2579==ABORTING
d-tatianin commented

This is apparently used in some firmware

[uACPI][WARN] Op 0x0076 ('DecrementOp'): bad object type: expected Integer, got Field Unit!
[uACPI][ERROR] Aborting execution due to previous errors:
[uACPI][ERROR]     #0 in \FLNK()
[uACPI][ERROR]     #1 in \_SB_.PCI0.LPC0.LREG()
[uACPI][ERROR]     #2 in \_SB_.PCI0._INI()