It looks like the reference count manipulations performed in
AcpiUtUpdateRefCount/AcpiUtUpdateObjectReference are not protected by any lock.
Although, it is possible that I am missing some implied locking in the higher
In particular, I am concerned about access to the ASL elements like Name(_HID,
2) via AcpiNsEvaluate -> AcpiExResolveNodeToValue. In this case multiple
threads can concurrently get or drop references to the value object.
The reason to inquire about this is that over the time several FreeBSD users has
reported some seldom occurring, non-reproducible, ACPI-related heisen-panics.
Their common element is a trap upon memory access in
AcpiOsAcquireObject(AcpiGbl_OperandCache). Which, in my opinion, strongly hints
at corruption of AcpiGbl_OperandCache via double-deallocation of an object.
Which I then connect to the reference counting.