ACPI panic

Andriy Gapon avg at FreeBSD.org
Thu Nov 22 10:59:13 UTC 2012


A patch that should actually compile, finally.
BTW, it's probably better to replace the NULL dereference trick with a simple
panic call in the first patch too.

diff --git a/sys/contrib/dev/acpica/components/utilities/utcache.c
b/sys/contrib/dev/acpica/components/utilities/utcache.c
index b8efa68..edd9e4f 100644
--- a/sys/contrib/dev/acpica/components/utilities/utcache.c
+++ b/sys/contrib/dev/acpica/components/utilities/utcache.c
@@ -226,6 +226,21 @@ AcpiOsReleaseObject (
         return (AE_BAD_PARAMETER);
     }

+    (void) AcpiUtAcquireMutex (ACPI_MTX_CACHES);
+    char                    *Curr;
+    char                    *Next;
+    Next = Cache->ListHead;
+    while (Next)
+    {
+        Curr = Next;
+        Next = *(ACPI_CAST_INDIRECT_PTR (char,
+                    &(((char *) Curr)[Cache->LinkOffset])));
+        if (Object == Curr) {
+            panic("freeing a free object %p", Object);
+        }
+    }
+    (void) AcpiUtReleaseMutex (ACPI_MTX_CACHES);
+
     /* If cache is full, just free this object */

     if (Cache->CurrentDepth >= Cache->MaxDepth)
@@ -312,6 +327,10 @@ AcpiOsAcquireObject (

         Cache->CurrentDepth--;

+        if (*(const unsigned char *) Object != 0xCA) {
+            panic("detected use after free %p\n", Object);
+        }
+
         ACPI_MEM_TRACKING (Cache->Hits++);
         ACPI_DEBUG_PRINT ((ACPI_DB_EXEC,
             "Object %p from %s cache\n", Object, Cache->ListName));

-- 
Andriy Gapon


More information about the freebsd-acpi mailing list