panic in AcpiExReleaseMutex

Moore, Robert robert.moore at intel.com
Fri Dec 4 04:57:21 UTC 2009


>I am somewhat suspicious of recursive use of \_SB.PCI0.LPC0.EC0.MUT1

It is OK for AML code to acquire a mutex multiple times, so I don't think that is the problem.

>    PreviousSyncLevel =
>        WalkState->Thread->AcquiredMutexList->Mutex.OriginalSyncLevel;

Multiple pointers here, do you know which one is null?


>-----Original Message-----
>From: Andriy Gapon [mailto:avg at icyb.net.ua]
>Sent: Thursday, December 03, 2009 1:23 AM
>To: freebsd-acpi at freebsd.org; Moore, Robert
>Cc: Tarick
>Subject: panic in AcpiExReleaseMutex
>
>
>We are trying to resolve an issue reported in the following FreeBSD PR:
>http://www.freebsd.org/cgi/query-pr.cgi?pr=140979
>
>There is some additional information in:
>http://people.freebsd.org/~avg/pr140979/
>
>This is 8-stable, so ACPICA version is 20090521.
>
>It looks like a NULL-pointer issue in AcpiExReleaseMutex.
>The reported line where the trap happens is the following:
>
>    PreviousSyncLevel =
>        WalkState->Thread->AcquiredMutexList->Mutex.OriginalSyncLevel;
>
>Fault address is 0x40 which is exactly an offset of OriginalSyncLevel
>within
>ACPI_OBJECT_MUTEX on amd64 platform.
>
>My understanding of the stacktrace on the pictures is the following.
>From EC driver we call AcpiInstallAddressSpaceHandler to install
>EcSpaceHandler
>function for ACPI_ADR_SPACE_EC.  As I understand, that leads to execution
>of
>_REG method of EC device.  _REG method seems to access some registers in EC
>address space (with \_SB.PCI0.LPC0.EC0.MUT1 mutex locked).  That access
>triggers
>a call to EcSpaceHandler.  Now, we have a code in EcSpaceHandler that makes
>a
>direct call to EcGpeQueryHandler during a cold boot phase if SCI bit is set
>in
>CSR register.  EcGpeQueryHandler performs an EC query and executes _Qxx
>method
>if need.  Apparently, in our case that code path was taken and we got the
>NULL-pointer problem while evaluating AML Release function in either _Q20
>or
>_Q09.  Both of them acquire and release the already mentioned
>\_SB.PCI0.LPC0.EC0.MUT1 Mutex.
>
>Does my interpretation sound correct?
>Does this scenario ring any bells?
>Does our EC driver do everything correct?
>
>I am somewhat suspicious of recursive use of \_SB.PCI0.LPC0.EC0.MUT1 in
>this
>situation.  But I am not sure if it's an issue with AML or with our code.
>
>--
>Andriy Gapon


More information about the freebsd-acpi mailing list