Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 25 Nov 2012 15:00:08 +0100
From:      Stefan Farfeleder <stefanf@FreeBSD.org>
To:        Andriy Gapon <avg@FreeBSD.org>
Cc:        freebsd-acpi@FreeBSD.org
Subject:   Re: ACPI panic
Message-ID:  <20121125140008.GA1497@mole.fafoe.narf.at>
In-Reply-To: <50AE057D.8060808@FreeBSD.org>
References:  <20121120103522.GB2012@mole.fafoe.narf.at> <50AC0A68.8070906@FreeBSD.org> <20121121104840.GA1468@mole.fafoe.narf.at> <20121122081831.GA1483@mole.fafoe.narf.at> <50ADFD75.10709@FreeBSD.org> <50ADFFB2.1000108@FreeBSD.org> <50AE057D.8060808@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Andriy,

with your patch my notebook has a ~50% chance of stalling during boot.
This always happens after the "Entropy harvesting" line and I can only
power it down then.
I guess somehow cycles are introduced into the acpi objects list? The
panic was never triggered.

Stefan

On Thu, Nov 22, 2012 at 12:59:09PM +0200, Andriy Gapon wrote:
> 
> A patch that should actually compile, finally.
> BTW, it's probably better to replace the NULL dereference trick with a simple
> panic call in the first patch too.
> 
> diff --git a/sys/contrib/dev/acpica/components/utilities/utcache.c
> b/sys/contrib/dev/acpica/components/utilities/utcache.c
> index b8efa68..edd9e4f 100644
> --- a/sys/contrib/dev/acpica/components/utilities/utcache.c
> +++ b/sys/contrib/dev/acpica/components/utilities/utcache.c
> @@ -226,6 +226,21 @@ AcpiOsReleaseObject (
>          return (AE_BAD_PARAMETER);
>      }
> 
> +    (void) AcpiUtAcquireMutex (ACPI_MTX_CACHES);
> +    char                    *Curr;
> +    char                    *Next;
> +    Next = Cache->ListHead;
> +    while (Next)
> +    {
> +        Curr = Next;
> +        Next = *(ACPI_CAST_INDIRECT_PTR (char,
> +                    &(((char *) Curr)[Cache->LinkOffset])));
> +        if (Object == Curr) {
> +            panic("freeing a free object %p", Object);
> +        }
> +    }
> +    (void) AcpiUtReleaseMutex (ACPI_MTX_CACHES);
> +
>      /* If cache is full, just free this object */
> 
>      if (Cache->CurrentDepth >= Cache->MaxDepth)
> @@ -312,6 +327,10 @@ AcpiOsAcquireObject (
> 
>          Cache->CurrentDepth--;
> 
> +        if (*(const unsigned char *) Object != 0xCA) {
> +            panic("detected use after free %p\n", Object);
> +        }
> +
>          ACPI_MEM_TRACKING (Cache->Hits++);
>          ACPI_DEBUG_PRINT ((ACPI_DB_EXEC,
>              "Object %p from %s cache\n", Object, Cache->ListName));
> 
> -- 
> Andriy Gapon
> _______________________________________________
> freebsd-acpi@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-acpi
> To unsubscribe, send any mail to "freebsd-acpi-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121125140008.GA1497>