1 // SPDX-License-Identifier: BSD-3-Clause OR GPL-2.0
2 /*******************************************************************************
3 *
4 * Module Name: utdelete - object deletion and reference count utilities
5 *
6 ******************************************************************************/
7
8 #include <acpi/acpi.h>
9 #include "accommon.h"
10 #include "acinterp.h"
11 #include "acnamesp.h"
12 #include "acevents.h"
13
14 #define _COMPONENT ACPI_UTILITIES
15 ACPI_MODULE_NAME("utdelete")
16
17 /* Local prototypes */
18 static void acpi_ut_delete_internal_obj(union acpi_operand_object *object);
19
20 static void
21 acpi_ut_update_ref_count(union acpi_operand_object *object, u32 action);
22
23 /*******************************************************************************
24 *
25 * FUNCTION: acpi_ut_delete_internal_obj
26 *
27 * PARAMETERS: object - Object to be deleted
28 *
29 * RETURN: None
30 *
31 * DESCRIPTION: Low level object deletion, after reference counts have been
32 * updated (All reference counts, including sub-objects!)
33 *
34 ******************************************************************************/
35
acpi_ut_delete_internal_obj(union acpi_operand_object * object)36 static void acpi_ut_delete_internal_obj(union acpi_operand_object *object)
37 {
38 void *obj_pointer = NULL;
39 union acpi_operand_object *handler_desc;
40 union acpi_operand_object *second_desc;
41 union acpi_operand_object *next_desc;
42 union acpi_operand_object *start_desc;
43 union acpi_operand_object **last_obj_ptr;
44
45 ACPI_FUNCTION_TRACE_PTR(ut_delete_internal_obj, object);
46
47 if (!object) {
48 return_VOID;
49 }
50
51 /*
52 * Must delete or free any pointers within the object that are not
53 * actual ACPI objects (for example, a raw buffer pointer).
54 */
55 switch (object->common.type) {
56 case ACPI_TYPE_STRING:
57
58 ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS,
59 "**** String %p, ptr %p\n", object,
60 object->string.pointer));
61
62 /* Free the actual string buffer */
63
64 if (!(object->common.flags & AOPOBJ_STATIC_POINTER)) {
65
66 /* But only if it is NOT a pointer into an ACPI table */
67
68 obj_pointer = object->string.pointer;
69 }
70 break;
71
72 case ACPI_TYPE_BUFFER:
73
74 ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS,
75 "**** Buffer %p, ptr %p\n", object,
76 object->buffer.pointer));
77
78 /* Free the actual buffer */
79
80 if (!(object->common.flags & AOPOBJ_STATIC_POINTER)) {
81
82 /* But only if it is NOT a pointer into an ACPI table */
83
84 obj_pointer = object->buffer.pointer;
85 }
86 break;
87
88 case ACPI_TYPE_PACKAGE:
89
90 ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS,
91 " **** Package of count %X\n",
92 object->package.count));
93
94 /*
95 * Elements of the package are not handled here, they are deleted
96 * separately
97 */
98
99 /* Free the (variable length) element pointer array */
100
101 obj_pointer = object->package.elements;
102 break;
103
104 /*
105 * These objects have a possible list of notify handlers.
106 * Device object also may have a GPE block.
107 */
108 case ACPI_TYPE_DEVICE:
109
110 if (object->device.gpe_block) {
111 (void)acpi_ev_delete_gpe_block(object->device.
112 gpe_block);
113 }
114
115 ACPI_FALLTHROUGH;
116
117 case ACPI_TYPE_PROCESSOR:
118 case ACPI_TYPE_THERMAL:
119
120 /* Walk the address handler list for this object */
121
122 handler_desc = object->common_notify.handler;
123 while (handler_desc) {
124 next_desc = handler_desc->address_space.next;
125 acpi_ut_remove_reference(handler_desc);
126 handler_desc = next_desc;
127 }
128 break;
129
130 case ACPI_TYPE_MUTEX:
131
132 ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS,
133 "***** Mutex %p, OS Mutex %p\n",
134 object, object->mutex.os_mutex));
135
136 if (object == acpi_gbl_global_lock_mutex) {
137
138 /* Global Lock has extra semaphore */
139
140 (void)
141 acpi_os_delete_semaphore
142 (acpi_gbl_global_lock_semaphore);
143 acpi_gbl_global_lock_semaphore = NULL;
144
145 acpi_os_delete_mutex(object->mutex.os_mutex);
146 acpi_gbl_global_lock_mutex = NULL;
147 } else {
148 acpi_ex_unlink_mutex(object);
149 acpi_os_delete_mutex(object->mutex.os_mutex);
150 }
151 break;
152
153 case ACPI_TYPE_EVENT:
154
155 ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS,
156 "***** Event %p, OS Semaphore %p\n",
157 object, object->event.os_semaphore));
158
159 (void)acpi_os_delete_semaphore(object->event.os_semaphore);
160 object->event.os_semaphore = NULL;
161 break;
162
163 case ACPI_TYPE_METHOD:
164
165 ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS,
166 "***** Method %p\n", object));
167
168 /* Delete the method mutex if it exists */
169
170 if (object->method.mutex) {
171 acpi_os_delete_mutex(object->method.mutex->mutex.
172 os_mutex);
173 acpi_ut_delete_object_desc(object->method.mutex);
174 object->method.mutex = NULL;
175 }
176
177 if (object->method.node) {
178 object->method.node = NULL;
179 }
180 break;
181
182 case ACPI_TYPE_REGION:
183
184 ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS,
185 "***** Region %p\n", object));
186
187 /*
188 * Update address_range list. However, only permanent regions
189 * are installed in this list. (Not created within a method)
190 */
191 if (!(object->region.node->flags & ANOBJ_TEMPORARY)) {
192 acpi_ut_remove_address_range(object->region.space_id,
193 object->region.node);
194 }
195
196 second_desc = acpi_ns_get_secondary_object(object);
197 if (second_desc) {
198 /*
199 * Free the region_context if and only if the handler is one of the
200 * default handlers -- and therefore, we created the context object
201 * locally, it was not created by an external caller.
202 */
203 handler_desc = object->region.handler;
204 if (handler_desc) {
205 next_desc =
206 handler_desc->address_space.region_list;
207 start_desc = next_desc;
208 last_obj_ptr =
209 &handler_desc->address_space.region_list;
210
211 /* Remove the region object from the handler list */
212
213 while (next_desc) {
214 if (next_desc == object) {
215 *last_obj_ptr =
216 next_desc->region.next;
217 break;
218 }
219
220 /* Walk the linked list of handlers */
221
222 last_obj_ptr = &next_desc->region.next;
223 next_desc = next_desc->region.next;
224
225 /* Prevent infinite loop if list is corrupted */
226
227 if (next_desc == start_desc) {
228 ACPI_ERROR((AE_INFO,
229 "Circular region list in address handler object %p",
230 handler_desc));
231 return_VOID;
232 }
233 }
234
235 if (handler_desc->address_space.handler_flags &
236 ACPI_ADDR_HANDLER_DEFAULT_INSTALLED) {
237
238 /* Deactivate region and free region context */
239
240 if (handler_desc->address_space.setup) {
241 (void)handler_desc->
242 address_space.setup(object,
243 ACPI_REGION_DEACTIVATE,
244 handler_desc->
245 address_space.
246 context,
247 &second_desc->
248 extra.
249 region_context);
250 }
251 }
252
253 acpi_ut_remove_reference(handler_desc);
254 }
255
256 /* Now we can free the Extra object */
257
258 acpi_ut_delete_object_desc(second_desc);
259 }
260 if (object->field.internal_pcc_buffer) {
261 ACPI_FREE(object->field.internal_pcc_buffer);
262 }
263
264 break;
265
266 case ACPI_TYPE_BUFFER_FIELD:
267
268 ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS,
269 "***** Buffer Field %p\n", object));
270
271 second_desc = acpi_ns_get_secondary_object(object);
272 if (second_desc) {
273 acpi_ut_delete_object_desc(second_desc);
274 }
275 break;
276
277 case ACPI_TYPE_LOCAL_BANK_FIELD:
278
279 ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS,
280 "***** Bank Field %p\n", object));
281
282 second_desc = acpi_ns_get_secondary_object(object);
283 if (second_desc) {
284 acpi_ut_delete_object_desc(second_desc);
285 }
286 break;
287
288 case ACPI_TYPE_LOCAL_ADDRESS_HANDLER:
289
290 ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS,
291 "***** Address handler %p\n", object));
292
293 acpi_os_delete_mutex(object->address_space.context_mutex);
294 break;
295
296 default:
297
298 break;
299 }
300
301 /* Free any allocated memory (pointer within the object) found above */
302
303 if (obj_pointer) {
304 ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS,
305 "Deleting Object Subptr %p\n", obj_pointer));
306 ACPI_FREE(obj_pointer);
307 }
308
309 /* Now the object can be safely deleted */
310
311 ACPI_DEBUG_PRINT_RAW((ACPI_DB_ALLOCATIONS,
312 "%s: Deleting Object %p [%s]\n",
313 ACPI_GET_FUNCTION_NAME, object,
314 acpi_ut_get_object_type_name(object)));
315
316 acpi_ut_delete_object_desc(object);
317 return_VOID;
318 }
319
320 /*******************************************************************************
321 *
322 * FUNCTION: acpi_ut_delete_internal_object_list
323 *
324 * PARAMETERS: obj_list - Pointer to the list to be deleted
325 *
326 * RETURN: None
327 *
328 * DESCRIPTION: This function deletes an internal object list, including both
329 * simple objects and package objects
330 *
331 ******************************************************************************/
332
acpi_ut_delete_internal_object_list(union acpi_operand_object ** obj_list)333 void acpi_ut_delete_internal_object_list(union acpi_operand_object **obj_list)
334 {
335 union acpi_operand_object **internal_obj;
336
337 ACPI_FUNCTION_ENTRY();
338
339 /* Walk the null-terminated internal list */
340
341 for (internal_obj = obj_list; *internal_obj; internal_obj++) {
342 acpi_ut_remove_reference(*internal_obj);
343 }
344
345 /* Free the combined parameter pointer list and object array */
346
347 ACPI_FREE(obj_list);
348 return;
349 }
350
351 /*******************************************************************************
352 *
353 * FUNCTION: acpi_ut_update_ref_count
354 *
355 * PARAMETERS: object - Object whose ref count is to be updated
356 * action - What to do (REF_INCREMENT or REF_DECREMENT)
357 *
358 * RETURN: None. Sets new reference count within the object
359 *
360 * DESCRIPTION: Modify the reference count for an internal acpi object
361 *
362 ******************************************************************************/
363
364 static void
acpi_ut_update_ref_count(union acpi_operand_object * object,u32 action)365 acpi_ut_update_ref_count(union acpi_operand_object *object, u32 action)
366 {
367 u16 original_count;
368 u16 new_count = 0;
369 acpi_cpu_flags lock_flags;
370 char *message;
371
372 ACPI_FUNCTION_NAME(ut_update_ref_count);
373
374 if (!object) {
375 return;
376 }
377
378 /*
379 * Always get the reference count lock. Note: Interpreter and/or
380 * Namespace is not always locked when this function is called.
381 */
382 lock_flags = acpi_os_acquire_lock(acpi_gbl_reference_count_lock);
383 original_count = object->common.reference_count;
384
385 /* Perform the reference count action (increment, decrement) */
386
387 switch (action) {
388 case REF_INCREMENT:
389
390 new_count = original_count + 1;
391 object->common.reference_count = new_count;
392 acpi_os_release_lock(acpi_gbl_reference_count_lock, lock_flags);
393
394 /* The current reference count should never be zero here */
395
396 if (!original_count) {
397 ACPI_WARNING((AE_INFO,
398 "Obj %p, Reference Count was zero before increment\n",
399 object));
400 }
401
402 ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS,
403 "Obj %p Type %.2X [%s] Refs %.2X [Incremented]\n",
404 object, object->common.type,
405 acpi_ut_get_object_type_name(object),
406 new_count));
407 message = "Incremement";
408 break;
409
410 case REF_DECREMENT:
411
412 /* The current reference count must be non-zero */
413
414 if (original_count) {
415 new_count = original_count - 1;
416 object->common.reference_count = new_count;
417 }
418
419 acpi_os_release_lock(acpi_gbl_reference_count_lock, lock_flags);
420
421 if (!original_count) {
422 ACPI_WARNING((AE_INFO,
423 "Obj %p, Reference Count is already zero, cannot decrement\n",
424 object));
425 }
426
427 ACPI_DEBUG_PRINT_RAW((ACPI_DB_ALLOCATIONS,
428 "%s: Obj %p Type %.2X Refs %.2X [Decremented]\n",
429 ACPI_GET_FUNCTION_NAME, object,
430 object->common.type, new_count));
431
432 /* Actually delete the object on a reference count of zero */
433
434 if (new_count == 0) {
435 acpi_ut_delete_internal_obj(object);
436 }
437 message = "Decrement";
438 break;
439
440 default:
441
442 acpi_os_release_lock(acpi_gbl_reference_count_lock, lock_flags);
443 ACPI_ERROR((AE_INFO, "Unknown Reference Count action (0x%X)",
444 action));
445 return;
446 }
447
448 /*
449 * Sanity check the reference count, for debug purposes only.
450 * (A deleted object will have a huge reference count)
451 */
452 if (new_count > ACPI_MAX_REFERENCE_COUNT) {
453 ACPI_WARNING((AE_INFO,
454 "Large Reference Count (0x%X) in object %p, Type=0x%.2X Operation=%s",
455 new_count, object, object->common.type, message));
456 }
457 }
458
459 /*******************************************************************************
460 *
461 * FUNCTION: acpi_ut_update_object_reference
462 *
463 * PARAMETERS: object - Increment or decrement the ref count for
464 * this object and all sub-objects
465 * action - Either REF_INCREMENT or REF_DECREMENT
466 *
467 * RETURN: Status
468 *
469 * DESCRIPTION: Increment or decrement the object reference count
470 *
471 * Object references are incremented when:
472 * 1) An object is attached to a Node (namespace object)
473 * 2) An object is copied (all subobjects must be incremented)
474 *
475 * Object references are decremented when:
476 * 1) An object is detached from an Node
477 *
478 ******************************************************************************/
479
480 acpi_status
acpi_ut_update_object_reference(union acpi_operand_object * object,u16 action)481 acpi_ut_update_object_reference(union acpi_operand_object *object, u16 action)
482 {
483 acpi_status status = AE_OK;
484 union acpi_generic_state *state_list = NULL;
485 union acpi_operand_object *next_object = NULL;
486 union acpi_operand_object *prev_object;
487 union acpi_generic_state *state;
488 u32 i;
489
490 ACPI_FUNCTION_NAME(ut_update_object_reference);
491
492 while (object) {
493
494 /* Make sure that this isn't a namespace handle */
495
496 if (ACPI_GET_DESCRIPTOR_TYPE(object) == ACPI_DESC_TYPE_NAMED) {
497 ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS,
498 "Object %p is NS handle\n", object));
499 return (AE_OK);
500 }
501
502 /*
503 * All sub-objects must have their reference count updated
504 * also. Different object types have different subobjects.
505 */
506 switch (object->common.type) {
507 case ACPI_TYPE_DEVICE:
508 case ACPI_TYPE_PROCESSOR:
509 case ACPI_TYPE_POWER:
510 case ACPI_TYPE_THERMAL:
511 /*
512 * Update the notify objects for these types (if present)
513 * Two lists, system and device notify handlers.
514 */
515 for (i = 0; i < ACPI_NUM_NOTIFY_TYPES; i++) {
516 prev_object =
517 object->common_notify.notify_list[i];
518 while (prev_object) {
519 next_object =
520 prev_object->notify.next[i];
521 acpi_ut_update_ref_count(prev_object,
522 action);
523 prev_object = next_object;
524 }
525 }
526 break;
527
528 case ACPI_TYPE_PACKAGE:
529 /*
530 * We must update all the sub-objects of the package,
531 * each of whom may have their own sub-objects.
532 */
533 for (i = 0; i < object->package.count; i++) {
534 /*
535 * Null package elements are legal and can be simply
536 * ignored.
537 */
538 next_object = object->package.elements[i];
539 if (!next_object) {
540 continue;
541 }
542
543 switch (next_object->common.type) {
544 case ACPI_TYPE_INTEGER:
545 case ACPI_TYPE_STRING:
546 case ACPI_TYPE_BUFFER:
547 /*
548 * For these very simple sub-objects, we can just
549 * update the reference count here and continue.
550 * Greatly increases performance of this operation.
551 */
552 acpi_ut_update_ref_count(next_object,
553 action);
554 break;
555
556 default:
557 /*
558 * For complex sub-objects, push them onto the stack
559 * for later processing (this eliminates recursion.)
560 */
561 status =
562 acpi_ut_create_update_state_and_push
563 (next_object, action, &state_list);
564 if (ACPI_FAILURE(status)) {
565 goto error_exit;
566 }
567 break;
568 }
569 }
570
571 next_object = NULL;
572 break;
573
574 case ACPI_TYPE_BUFFER_FIELD:
575
576 next_object = object->buffer_field.buffer_obj;
577 break;
578
579 case ACPI_TYPE_LOCAL_BANK_FIELD:
580
581 next_object = object->bank_field.bank_obj;
582 status =
583 acpi_ut_create_update_state_and_push(object->
584 bank_field.
585 region_obj,
586 action,
587 &state_list);
588 if (ACPI_FAILURE(status)) {
589 goto error_exit;
590 }
591 break;
592
593 case ACPI_TYPE_LOCAL_INDEX_FIELD:
594
595 next_object = object->index_field.index_obj;
596 status =
597 acpi_ut_create_update_state_and_push(object->
598 index_field.
599 data_obj,
600 action,
601 &state_list);
602 if (ACPI_FAILURE(status)) {
603 goto error_exit;
604 }
605 break;
606
607 case ACPI_TYPE_LOCAL_REFERENCE:
608 /*
609 * The target of an Index (a package, string, or buffer) or a named
610 * reference must track changes to the ref count of the index or
611 * target object.
612 */
613 if ((object->reference.class == ACPI_REFCLASS_INDEX) ||
614 (object->reference.class == ACPI_REFCLASS_NAME)) {
615 next_object = object->reference.object;
616 }
617 break;
618
619 case ACPI_TYPE_LOCAL_REGION_FIELD:
620 case ACPI_TYPE_REGION:
621 default:
622
623 break; /* No subobjects for all other types */
624 }
625
626 /*
627 * Now we can update the count in the main object. This can only
628 * happen after we update the sub-objects in case this causes the
629 * main object to be deleted.
630 */
631 acpi_ut_update_ref_count(object, action);
632 object = NULL;
633
634 /* Move on to the next object to be updated */
635
636 if (next_object) {
637 object = next_object;
638 next_object = NULL;
639 } else if (state_list) {
640 state = acpi_ut_pop_generic_state(&state_list);
641 object = state->update.object;
642 acpi_ut_delete_generic_state(state);
643 }
644 }
645
646 return (AE_OK);
647
648 error_exit:
649
650 ACPI_EXCEPTION((AE_INFO, status,
651 "Could not update object reference count"));
652
653 /* Free any stacked Update State objects */
654
655 while (state_list) {
656 state = acpi_ut_pop_generic_state(&state_list);
657 acpi_ut_delete_generic_state(state);
658 }
659
660 return (status);
661 }
662
663 /*******************************************************************************
664 *
665 * FUNCTION: acpi_ut_add_reference
666 *
667 * PARAMETERS: object - Object whose reference count is to be
668 * incremented
669 *
670 * RETURN: None
671 *
672 * DESCRIPTION: Add one reference to an ACPI object
673 *
674 ******************************************************************************/
675
acpi_ut_add_reference(union acpi_operand_object * object)676 void acpi_ut_add_reference(union acpi_operand_object *object)
677 {
678
679 ACPI_FUNCTION_NAME(ut_add_reference);
680
681 /* Ensure that we have a valid object */
682
683 if (!acpi_ut_valid_internal_object(object)) {
684 return;
685 }
686
687 ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS,
688 "Obj %p Current Refs=%X [To Be Incremented]\n",
689 object, object->common.reference_count));
690
691 /* Increment the reference count */
692
693 (void)acpi_ut_update_object_reference(object, REF_INCREMENT);
694 return;
695 }
696
697 /*******************************************************************************
698 *
699 * FUNCTION: acpi_ut_remove_reference
700 *
701 * PARAMETERS: object - Object whose ref count will be decremented
702 *
703 * RETURN: None
704 *
705 * DESCRIPTION: Decrement the reference count of an ACPI internal object
706 *
707 ******************************************************************************/
708
acpi_ut_remove_reference(union acpi_operand_object * object)709 void acpi_ut_remove_reference(union acpi_operand_object *object)
710 {
711
712 ACPI_FUNCTION_NAME(ut_remove_reference);
713
714 /*
715 * Allow a NULL pointer to be passed in, just ignore it. This saves
716 * each caller from having to check. Also, ignore NS nodes.
717 */
718 if (!object ||
719 (ACPI_GET_DESCRIPTOR_TYPE(object) == ACPI_DESC_TYPE_NAMED)) {
720 return;
721 }
722
723 /* Ensure that we have a valid object */
724
725 if (!acpi_ut_valid_internal_object(object)) {
726 return;
727 }
728
729 ACPI_DEBUG_PRINT_RAW((ACPI_DB_ALLOCATIONS,
730 "%s: Obj %p Current Refs=%X [To Be Decremented]\n",
731 ACPI_GET_FUNCTION_NAME, object,
732 object->common.reference_count));
733
734 /*
735 * Decrement the reference count, and only actually delete the object
736 * if the reference count becomes 0. (Must also decrement the ref count
737 * of all subobjects!)
738 */
739 (void)acpi_ut_update_object_reference(object, REF_DECREMENT);
740 return;
741 }
742
