Segmentation fault in free_io_mem

Christian Helmuth christian.helmuth at ...1...
Tue Mar 13 15:55:46 CET 2018


Hello Johannes,

On Tue, Mar 13, 2018 at 11:01:02AM +0100, Johannes Kliemann wrote:
> I have sent this mail before but it was timed unfortunately and got lost
> in the 18.02 release.

Sorry for leaving you in the lurch! I read your last posting but was
distracted in the middle of my investigation.

> While testing the IO_MEM session on Linux with ACPI I noticed that the
> acpi_drv segfaults when freeing its io memory on
> repos/os/src/drivers/acpi/acpi.cc:1304 [1]. The crash happens then in
> repos/base/include/base/allocator.h:319 [2] at
> 
> > operator delete (obj, dealloc);
> 
> I noticed that this is called many times without problems but not from
> free_io_mem. Unfortunately I have to admit that my C++ knowledge is
> insufficient to really grasp what happens in this expression.
> Is there any difference in how io memory is freed or should there be any
> (at least on Linux)?

The intention of free_io_mem() is to free all Io_mem objects which
were accumulated in previous calls to phys_to_virt(). Those objects
reside in the _heap and must therefore be delete'd, which means all
destructors are executed and memory is deallocated. The unanswered
question is: What is the reason for the segmentation fault as delete
should always work? Is it a dangling pointer in Io_mem (incl. its
members)?

Do you have any chance to run GDB on the target platform to produce a
backtrace or investigate online? Did you try to instrument the
destructors of Io_mem and its aggregated objects?

Sorry that I have more questions than answers but you see me in the
dark currently.

Greets
-- 
Christian Helmuth
Genode Labs

https://www.genode-labs.com/ · https://genode.org/
https://twitter.com/GenodeLabs · /ˈdʒiː.nəʊd/

Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth




More information about the users mailing list