Date: Thu, 3 Dec 2009 20:57:16 -0800 From: "Moore, Robert" <robert.moore@intel.com> To: Andriy Gapon <avg@icyb.net.ua>, "freebsd-acpi@freebsd.org" <freebsd-acpi@freebsd.org> Cc: Tarick <tungan@ukr.net> Subject: RE: panic in AcpiExReleaseMutex Message-ID: <4911F71203A09E4D9981D27F9D8308583E8F26CF@orsmsx503.amr.corp.intel.com> In-Reply-To: <4B178387.4050601@icyb.net.ua> References: <4B178387.4050601@icyb.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
>I am somewhat suspicious of recursive use of \_SB.PCI0.LPC0.EC0.MUT1 It is OK for AML code to acquire a mutex multiple times, so I don't think t= hat is the problem. > PreviousSyncLevel =3D > WalkState->Thread->AcquiredMutexList->Mutex.OriginalSyncLevel; Multiple pointers here, do you know which one is null? >-----Original Message----- >From: Andriy Gapon [mailto:avg@icyb.net.ua] >Sent: Thursday, December 03, 2009 1:23 AM >To: freebsd-acpi@freebsd.org; Moore, Robert >Cc: Tarick >Subject: panic in AcpiExReleaseMutex > > >We are trying to resolve an issue reported in the following FreeBSD PR: >http://www.freebsd.org/cgi/query-pr.cgi?pr=3D140979 > >There is some additional information in: >http://people.freebsd.org/~avg/pr140979/ > >This is 8-stable, so ACPICA version is 20090521. > >It looks like a NULL-pointer issue in AcpiExReleaseMutex. >The reported line where the trap happens is the following: > > PreviousSyncLevel =3D > WalkState->Thread->AcquiredMutexList->Mutex.OriginalSyncLevel; > >Fault address is 0x40 which is exactly an offset of OriginalSyncLevel >within >ACPI_OBJECT_MUTEX on amd64 platform. > >My understanding of the stacktrace on the pictures is the following. >From EC driver we call AcpiInstallAddressSpaceHandler to install >EcSpaceHandler >function for ACPI_ADR_SPACE_EC. As I understand, that leads to execution >of >_REG method of EC device. _REG method seems to access some registers in E= C >address space (with \_SB.PCI0.LPC0.EC0.MUT1 mutex locked). That access >triggers >a call to EcSpaceHandler. Now, we have a code in EcSpaceHandler that make= s >a >direct call to EcGpeQueryHandler during a cold boot phase if SCI bit is se= t >in >CSR register. EcGpeQueryHandler performs an EC query and executes _Qxx >method >if need. Apparently, in our case that code path was taken and we got the >NULL-pointer problem while evaluating AML Release function in either _Q20 >or >_Q09. Both of them acquire and release the already mentioned >\_SB.PCI0.LPC0.EC0.MUT1 Mutex. > >Does my interpretation sound correct? >Does this scenario ring any bells? >Does our EC driver do everything correct? > >I am somewhat suspicious of recursive use of \_SB.PCI0.LPC0.EC0.MUT1 in >this >situation. But I am not sure if it's an issue with AML or with our code. > >-- >Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4911F71203A09E4D9981D27F9D8308583E8F26CF>