ACPI panic
Andriy Gapon
avg at FreeBSD.org
Mon Nov 26 11:15:40 UTC 2012
on 26/11/2012 13:10 Stefan Farfeleder said the following:
> On Mon, Nov 26, 2012 at 01:06:18PM +0200, Andriy Gapon wrote:
>> on 26/11/2012 12:47 Stefan Farfeleder said the following:
>>> BTW, I noticed the ACPI_SET_DESCRIPTOR_TYPE code is pointless, because the
>>> DescriptorType is at offset 8 from the object start and gets immediately
>>> overwritten by the next pointer. However I don't think it's a problem.
>>
>> Thank you.
>> To make things more obvious could you please also examine the objects like this:
>> x/9a <addr>
>> ?
>
> (kgdb) x/9a 0xfffffe0006117600
> 0xfffffe0006117600: 0xcacacacacacacaca 0xfffffe0006117680
> 0xfffffe0006117610: 0xcacacacacacacaca 0xcacacacacacacaca
> 0xfffffe0006117620: 0xcacacacacacacaca 0xcacacacacacacaca
> 0xfffffe0006117630: 0xcacacacacacacaca 0xcacacacacacacaca
> 0xfffffe0006117640: 0xcacacacacacacaca
> (kgdb) x/9a 0xfffffe0006117680
> 0xfffffe0006117680: 0xcacacacacacacaca 0xfffffe0002a60080
> 0xfffffe0006117690: 0xcacacacacacacaca 0xcacacacacacacaca
> 0xfffffe00061176a0: 0xcacacacacacacaca 0xcacacacacacacaca
> 0xfffffe00061176b0: 0xcacacacacacacaca 0xcacacacacacacaca
> 0xfffffe00061176c0: 0xcacacacacacacaca
> (kgdb) x/9a 0xfffffe0002a60080
> 0xfffffe0002a60080: 0xcacacacacacacaca 0xfffffe0006117680
> 0xfffffe0002a60090: 0xcacacacacacacaca 0xcacacacacacacaca
> 0xfffffe0002a600a0: 0xcacacacacacacaca 0xcacacacacacacaca
> 0xfffffe0002a600b0: 0xcacacacacacacaca 0xcacacacacacacaca
> 0xfffffe0002a600c0: 0xcacacacacacacaca
So this looks like use after free is unlikely.
It's probably a double-free that was missed in the race which I've just realized.
--
Andriy Gapon
More information about the freebsd-acpi
mailing list