Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 22 Nov 2012 12:59:09 +0200
From:      Andriy Gapon <avg@FreeBSD.org>
To:        Stefan Farfeleder <stefanf@FreeBSD.org>
Cc:        freebsd-acpi@FreeBSD.org
Subject:   Re: ACPI panic
Message-ID:  <50AE057D.8060808@FreeBSD.org>
In-Reply-To: <50ADFFB2.1000108@FreeBSD.org>
References:  <20121120103522.GB2012@mole.fafoe.narf.at> <50AC0A68.8070906@FreeBSD.org> <20121121104840.GA1468@mole.fafoe.narf.at> <20121122081831.GA1483@mole.fafoe.narf.at> <50ADFD75.10709@FreeBSD.org> <50ADFFB2.1000108@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 


A patch that should actually compile, finally.
BTW, it's probably better to replace the NULL dereference trick with a simple
panic call in the first patch too.

diff --git a/sys/contrib/dev/acpica/components/utilities/utcache.c
b/sys/contrib/dev/acpica/components/utilities/utcache.c
index b8efa68..edd9e4f 100644
--- a/sys/contrib/dev/acpica/components/utilities/utcache.c
+++ b/sys/contrib/dev/acpica/components/utilities/utcache.c
@@ -226,6 +226,21 @@ AcpiOsReleaseObject (
         return (AE_BAD_PARAMETER);
     }

+    (void) AcpiUtAcquireMutex (ACPI_MTX_CACHES);
+    char                    *Curr;
+    char                    *Next;
+    Next = Cache->ListHead;
+    while (Next)
+    {
+        Curr = Next;
+        Next = *(ACPI_CAST_INDIRECT_PTR (char,
+                    &(((char *) Curr)[Cache->LinkOffset])));
+        if (Object == Curr) {
+            panic("freeing a free object %p", Object);
+        }
+    }
+    (void) AcpiUtReleaseMutex (ACPI_MTX_CACHES);
+
     /* If cache is full, just free this object */

     if (Cache->CurrentDepth >= Cache->MaxDepth)
@@ -312,6 +327,10 @@ AcpiOsAcquireObject (

         Cache->CurrentDepth--;

+        if (*(const unsigned char *) Object != 0xCA) {
+            panic("detected use after free %p\n", Object);
+        }
+
         ACPI_MEM_TRACKING (Cache->Hits++);
         ACPI_DEBUG_PRINT ((ACPI_DB_EXEC,
             "Object %p from %s cache\n", Object, Cache->ListName));

-- 
Andriy Gapon

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50AE057D.8060808>