diff --git a/changes.txt b/changes.txt index 240a7234ab5..5130ba82057 100644 --- a/changes.txt +++ b/changes.txt @@ -1,3 +1,19 @@ +---------------------------------------- +12 December 2024. Summary of changes for version 20241212: + +Major changes: + +Fix 2 critical CVE addressing memory leaks - Seunghun Han + +EINJ V2 updates ? Zaid Alali (Ampere Computing) + +CDAT updates ? Ira Weiny (Intel Corporation) + +Fix mutex handling, don?t release ones that were never acquired ? Daniil Tatianin + +Experiment with new tag name format Ryyyy_mm_dd to solve chronological sorting problems + + ---------------------------------------- 27 September 2024. Summary of changes for version 20240927: diff --git a/source/common/dmtbinfo3.c b/source/common/dmtbinfo3.c index 2f67e5e70da..1e6f609f3d7 100644 --- a/source/common/dmtbinfo3.c +++ b/source/common/dmtbinfo3.c @@ -379,7 +379,7 @@ ACPI_DMTABLE_INFO AcpiDmTableInfoSrat3[] = ACPI_DMT_TERMINATOR }; -/* 4: GCC ITS Affinity (ACPI 6.2) */ +/* 4: GIC ITS Affinity (ACPI 6.2) */ ACPI_DMTABLE_INFO AcpiDmTableInfoSrat4[] = { diff --git a/source/components/dispatcher/dsutils.c b/source/components/dispatcher/dsutils.c index cc1d2b1f1e0..f006d4325cb 100644 --- a/source/components/dispatcher/dsutils.c +++ b/source/components/dispatcher/dsutils.c @@ -867,6 +867,8 @@ AcpiDsCreateOperands ( ACPI_PARSE_OBJECT *Arguments[ACPI_OBJ_NUM_OPERANDS]; UINT32 ArgCount = 0; UINT32 Index = WalkState->NumOperands; + UINT32 PrevNumOperands = WalkState->NumOperands; + UINT32 NewNumOperands; UINT32 i; @@ -899,6 +901,7 @@ AcpiDsCreateOperands ( /* Create the interpreter arguments, in reverse order */ + NewNumOperands = Index; Index--; for (i = 0; i < ArgCount; i++) { @@ -926,7 +929,11 @@ Cleanup: * pop everything off of the operand stack and delete those * objects */ - AcpiDsObjStackPopAndDelete (ArgCount, WalkState); + WalkState->NumOperands = (UINT8) (i); + AcpiDsObjStackPopAndDelete (NewNumOperands, WalkState); + + /* Restore operand count */ + WalkState->NumOperands = (UINT8) (PrevNumOperands); ACPI_EXCEPTION ((AE_INFO, Status, "While creating Arg %u", Index)); return_ACPI_STATUS (Status); diff --git a/source/components/events/evxfregn.c b/source/components/events/evxfregn.c index 01643619d73..30cecb7c7da 100644 --- a/source/components/events/evxfregn.c +++ b/source/components/events/evxfregn.c @@ -392,7 +392,6 @@ AcpiRemoveAddressSpaceHandler ( /* Now we can delete the handler object */ - AcpiOsReleaseMutex (HandlerObj->AddressSpace.ContextMutex); AcpiUtRemoveReference (HandlerObj); goto UnlockAndExit; } diff --git a/source/components/parser/psobject.c b/source/components/parser/psobject.c index 40a6991209f..d02dcbe2815 100644 --- a/source/components/parser/psobject.c +++ b/source/components/parser/psobject.c @@ -815,7 +815,8 @@ AcpiPsCompleteFinalOp ( ACPI_PARSE_OBJECT *Op, ACPI_STATUS Status) { - ACPI_STATUS Status2; + ACPI_STATUS ReturnStatus = Status; + BOOLEAN Ascending = TRUE; ACPI_FUNCTION_TRACE_PTR (PsCompleteFinalOp, WalkState); @@ -832,7 +833,7 @@ AcpiPsCompleteFinalOp ( { if (Op) { - if (WalkState->AscendingCallback != NULL) + if (Ascending && WalkState->AscendingCallback != NULL) { WalkState->Op = Op; WalkState->OpInfo = AcpiPsGetOpcodeInfo (Op->Common.AmlOpcode); @@ -851,41 +852,28 @@ AcpiPsCompleteFinalOp ( if (Status == AE_CTRL_TERMINATE) { - Status = AE_OK; - - /* Clean up */ - do - { - if (Op) - { - Status2 = AcpiPsCompleteThisOp (WalkState, Op); - if (ACPI_FAILURE (Status2)) - { - return_ACPI_STATUS (Status2); - } - } - - AcpiPsPopScope (&(WalkState->ParserState), &Op, - &WalkState->ArgTypes, &WalkState->ArgCount); - - } while (Op); - - return_ACPI_STATUS (Status); + Ascending = FALSE; + ReturnStatus = AE_CTRL_TERMINATE; } else if (ACPI_FAILURE (Status)) { /* First error is most important */ - (void) AcpiPsCompleteThisOp (WalkState, Op); - return_ACPI_STATUS (Status); + Ascending = FALSE; + ReturnStatus = Status; } } - Status2 = AcpiPsCompleteThisOp (WalkState, Op); - if (ACPI_FAILURE (Status2)) + Status = AcpiPsCompleteThisOp (WalkState, Op); + if (ACPI_FAILURE (Status)) { - return_ACPI_STATUS (Status2); + Ascending = FALSE; + if (ACPI_SUCCESS (ReturnStatus) || + ReturnStatus == AE_CTRL_TERMINATE) + { + ReturnStatus = Status; + } } } @@ -894,5 +882,5 @@ AcpiPsCompleteFinalOp ( } while (Op); - return_ACPI_STATUS (Status); + return_ACPI_STATUS (ReturnStatus); } diff --git a/source/include/acpixf.h b/source/include/acpixf.h index 7590ee6c9fc..18f47c9e92d 100644 --- a/source/include/acpixf.h +++ b/source/include/acpixf.h @@ -154,7 +154,7 @@ /* Current ACPICA subsystem version in YYYYMMDD format */ -#define ACPI_CA_VERSION 0x20240927 +#define ACPI_CA_VERSION 0x20241212 #include "acconfig.h" #include "actypes.h" diff --git a/source/include/actbl1.h b/source/include/actbl1.h index 71cbc36d3fe..9ec85d2d22e 100644 --- a/source/include/actbl1.h +++ b/source/include/actbl1.h @@ -636,6 +636,8 @@ typedef struct acpi_cdat_dsmas /* Flags for subtable above */ #define ACPI_CDAT_DSMAS_NON_VOLATILE (1 << 2) +#define ACPI_CDAT_DSMAS_SHAREABLE (1 << 3) +#define ACPI_CDAT_DSMAS_READ_ONLY (1 << 6) /* Subtable 1: Device scoped Latency and Bandwidth Information Structure (DSLBIS) */ @@ -1369,17 +1371,18 @@ typedef struct acpi_einj_entry enum AcpiEinjActions { - ACPI_EINJ_BEGIN_OPERATION = 0, - ACPI_EINJ_GET_TRIGGER_TABLE = 1, - ACPI_EINJ_SET_ERROR_TYPE = 2, - ACPI_EINJ_GET_ERROR_TYPE = 3, - ACPI_EINJ_END_OPERATION = 4, - ACPI_EINJ_EXECUTE_OPERATION = 5, - ACPI_EINJ_CHECK_BUSY_STATUS = 6, - ACPI_EINJ_GET_COMMAND_STATUS = 7, - ACPI_EINJ_SET_ERROR_TYPE_WITH_ADDRESS = 8, - ACPI_EINJ_GET_EXECUTE_TIMINGS = 9, - ACPI_EINJ_ACTION_RESERVED = 10, /* 10 and greater are reserved */ + ACPI_EINJ_BEGIN_OPERATION = 0x0, + ACPI_EINJ_GET_TRIGGER_TABLE = 0x1, + ACPI_EINJ_SET_ERROR_TYPE = 0x2, + ACPI_EINJ_GET_ERROR_TYPE = 0x3, + ACPI_EINJ_END_OPERATION = 0x4, + ACPI_EINJ_EXECUTE_OPERATION = 0x5, + ACPI_EINJ_CHECK_BUSY_STATUS = 0x6, + ACPI_EINJ_GET_COMMAND_STATUS = 0x7, + ACPI_EINJ_SET_ERROR_TYPE_WITH_ADDRESS = 0x8, + ACPI_EINJ_GET_EXECUTE_TIMINGS = 0x9, + ACPI_EINJV2_GET_ERROR_TYPE = 0x11, + ACPI_EINJ_ACTION_RESERVED = 0x12, /* 0x12 and greater are reserved */ ACPI_EINJ_TRIGGER_ERROR = 0xFF /* Except for this value */ }; diff --git a/source/include/actbl3.h b/source/include/actbl3.h index 316197927fb..516b081d8ec 100644 --- a/source/include/actbl3.h +++ b/source/include/actbl3.h @@ -442,7 +442,7 @@ typedef struct acpi_srat_gicc_affinity #define ACPI_SRAT_GICC_ENABLED (1) /* 00: Use affinity structure */ -/* 4: GCC ITS Affinity (ACPI 6.2) */ +/* 4: GIC ITS Affinity (ACPI 6.2) */ typedef struct acpi_srat_gic_its_affinity { diff --git a/source/tools/acpixtract/acpixtract.c b/source/tools/acpixtract/acpixtract.c index 6cfd81118e5..107e94192fd 100644 --- a/source/tools/acpixtract/acpixtract.c +++ b/source/tools/acpixtract/acpixtract.c @@ -213,7 +213,8 @@ AxExtractTables ( AxNormalizeSignature (UpperSignature); Instances = AxCountTableInstances (InputPathname, UpperSignature); - if (Instances < MinimumInstances || MinimumInstances == AX_OPTIONAL_TABLES) + if (Instances < MinimumInstances || + (Instances == 0 && MinimumInstances == AX_OPTIONAL_TABLES)) { printf ("Table [%s] was not found in %s\n", UpperSignature, InputPathname);