On Sun, Nov 25, 2012 at 06:17:37PM +0200, Andriy Gapon wrote:
> @@ -238,6 +240,10 @@ AcpiOsReleaseObject (
> if (Object == Curr) {
> panic("freeing a free object %p", Object);
> }
> + Depth--;
> + if (Depth < 0) {
> + panic("cycle in a cache list");
> + }
> }
> (void) AcpiUtReleaseMutex (ACPI_MTX_CACHES);
I can easily trigger this panic. At the time of the panic, the cache
list has ~30 entries and somewhere in the middle there's a 2-item cycle
A -> B -> A. I don't think release is called twice on A as your patch
checks that and the cycle is not at the beginning of the loop. So this
means "someone" changes the next pointer while the object is in the
cache.
Stefan
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-acpi
To unsubscribe, send any mail to "[email protected]"
