ACPI panic
Andriy Gapon
avg at FreeBSD.org
Thu Nov 22 10:59:13 UTC 2012
A patch that should actually compile, finally.
BTW, it's probably better to replace the NULL dereference trick with a simple
panic call in the first patch too.
diff --git a/sys/contrib/dev/acpica/components/utilities/utcache.c
b/sys/contrib/dev/acpica/components/utilities/utcache.c
index b8efa68..edd9e4f 100644
--- a/sys/contrib/dev/acpica/components/utilities/utcache.c
+++ b/sys/contrib/dev/acpica/components/utilities/utcache.c
@@ -226,6 +226,21 @@ AcpiOsReleaseObject (
return (AE_BAD_PARAMETER);
}
+ (void) AcpiUtAcquireMutex (ACPI_MTX_CACHES);
+ char *Curr;
+ char *Next;
+ Next = Cache->ListHead;
+ while (Next)
+ {
+ Curr = Next;
+ Next = *(ACPI_CAST_INDIRECT_PTR (char,
+ &(((char *) Curr)[Cache->LinkOffset])));
+ if (Object == Curr) {
+ panic("freeing a free object %p", Object);
+ }
+ }
+ (void) AcpiUtReleaseMutex (ACPI_MTX_CACHES);
+
/* If cache is full, just free this object */
if (Cache->CurrentDepth >= Cache->MaxDepth)
@@ -312,6 +327,10 @@ AcpiOsAcquireObject (
Cache->CurrentDepth--;
+ if (*(const unsigned char *) Object != 0xCA) {
+ panic("detected use after free %p\n", Object);
+ }
+
ACPI_MEM_TRACKING (Cache->Hits++);
ACPI_DEBUG_PRINT ((ACPI_DB_EXEC,
"Object %p from %s cache\n", Object, Cache->ListName));
--
Andriy Gapon
More information about the freebsd-acpi
mailing list