ACPI panic
Andriy Gapon
avg at FreeBSD.org
Thu Nov 22 10:34:30 UTC 2012
on 22/11/2012 12:24 Andriy Gapon said the following:
> on 22/11/2012 10:18 Stefan Farfeleder said the following:
>> I'm afraid the AcpiOsAcquireObject panic is not directly related to
>> reference counting. I had the very same panic today with your patch.
>
> OK, let's try to attack it from a different angle.
> Please try this patch:
[snip]
Or better this one:
diff --git a/sys/contrib/dev/acpica/components/utilities/utcache.c
b/sys/contrib/dev/acpica/components/utilities/utcache.c
index b8efa68..09b77b2 100644
--- a/sys/contrib/dev/acpica/components/utilities/utcache.c
+++ b/sys/contrib/dev/acpica/components/utilities/utcache.c
@@ -226,6 +226,22 @@ AcpiOsReleaseObject (
return (AE_BAD_PARAMETER);
}
+ (void) AcpiUtAcquireMutex (ACPI_MTX_CACHES);
+ char *Curr;
+ char *Next;
+ Next = Cache->ListHead;
+ while (Next)
+ {
+ Curr = Next;
+ Next = *(ACPI_CAST_INDIRECT_PTR (char,
+ &(((char *) Curr)[Cache->LinkOffset])));
+ if (Object == Curr) {
+ ACPI_ERROR ((AE_INFO, "freeing a free object %p\n", Object));
+ Curr = *(volatile char **)NULL; /* induce crash */
+ }
+ }
+ (void) AcpiUtReleaseMutex (ACPI_MTX_CACHES);
+
/* If cache is full, just free this object */
if (Cache->CurrentDepth >= Cache->MaxDepth)
@@ -312,6 +328,11 @@ AcpiOsAcquireObject (
Cache->CurrentDepth--;
+ if (*(const char *) Object != 0xCA) {
+ ACPI_ERROR ((AE_INFO, "detected use after free %p\n", Object));
+ Object = *(volatile char **)NULL; /* induce crash */
+ }
+
ACPI_MEM_TRACKING (Cache->Hits++);
ACPI_DEBUG_PRINT ((ACPI_DB_EXEC,
"Object %p from %s cache\n", Object, Cache->ListName));
--
Andriy Gapon
More information about the freebsd-acpi
mailing list