From: Andriy Gapon <avg at FreeBSD.org>
To: devel@acpica.org
Subject: Re: [Devel] ref-counting races?
Date: Fri, 09 Nov 2012 16:41:44 +0200 [thread overview]
Message-ID: <509D1628.6060707@FreeBSD.org> (raw)
In-Reply-To: 94F2FBAB4432B54E8AACC7DFDE6C92E346BBFC80@ORSMSX101.amr.corp.intel.com
[-- Attachment #1: Type: text/plain, Size: 2009 bytes --]
on 09/11/2012 16:28 Moore, Robert said the following:
> There is a lock around the entire AML interpreter. We do support the limited threading model defined by the ACPI spec, but at any given time, only one thread is executing the interpreter.
Bob,
thank you for the reply.
To make sure that we speak about the same thing - is e.g. AcpiUtEvaluateObject
always called under that lock?
That function and its users have calls to AcpiUtRemoveReference.
>> -----Original Message-----
>> From: devel-bounces(a)acpica.org [mailto:devel-bounces(a)acpica.org] On Behalf
>> Of Andriy Gapon
>> Sent: Thursday, November 08, 2012 11:34 PM
>> To: devel(a)acpica.org
>> Subject: [Devel] ref-counting races?
>>
>>
>> It looks like the reference count manipulations performed in
>> AcpiUtUpdateRefCount/AcpiUtUpdateObjectReference are not protected by any
>> lock.
>> Although, it is possible that I am missing some implied locking in the
>> higher levels.
>>
>> In particular, I am concerned about access to the ASL elements like
>> Name(_HID,
>> 2) via AcpiNsEvaluate -> AcpiExResolveNodeToValue. In this case multiple
>> threads can concurrently get or drop references to the value object.
>>
>> The reason to inquire about this is that over the time several FreeBSD
>> users has reported some seldom occurring, non-reproducible, ACPI-related
>> heisen-panics.
>> Their common element is a trap upon memory access in
>> AcpiOsAcquireObject(AcpiGbl_OperandCache). Which, in my opinion, strongly
>> hints at corruption of AcpiGbl_OperandCache via double-deallocation of an
>> object.
>> Which I then connect to the reference counting.
>>
>> Some links:
>> http://lists.freebsd.org/pipermail/freebsd-current/2012-March/032637.html
>> http://lists.freebsd.org/pipermail/freebsd-acpi/2012-January/007406.html
>> http://thread.gmane.org/gmane.os.freebsd.stable/83262/focus=83445
>> https://bugs.dragonflybsd.org/issues/568
>>
>>
>> --
>> Andriy Gapon
--
Andriy Gapon
next reply other threads:[~2012-11-09 14:41 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-09 14:41 Andriy Gapon [this message]
-- strict thread matches above, loose matches on Subject: below --
2013-03-24 11:10 [Devel] ref-counting races? Andriy Gapon
2013-03-24 10:54 Andriy Gapon
2013-03-22 20:23 Moore, Robert
2013-03-22 4:28 Zheng, Lv
2013-03-21 19:46 Moore, Robert
2013-03-21 18:07 Andriy Gapon
2012-11-21 15:18 Moore, Robert
2012-11-20 23:08 Andriy Gapon
2012-11-13 16:50 Moore, Robert
2012-11-13 1:51 Moore, Robert
2012-11-10 15:04 Andriy Gapon
2012-11-09 16:03 Andriy Gapon
2012-11-09 15:59 Andriy Gapon
2012-11-09 15:50 Moore, Robert
2012-11-09 15:42 Moore, Robert
2012-11-09 14:28 Moore, Robert
2012-11-09 7:33 Andriy Gapon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=509D1628.6060707@FreeBSD.org \
--to=devel@acpica.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.