ACPI!RestartCtxtCallback函数里面的ACPI!RestartContext到ACPI!DispatchCtxtQueue函数里面的ACPI!RunContext

1: kd> kc
#
00 ACPI!RestartCtxtCallback
01 ACPI!PciConfigSpaceHandlerWorker
02 ACPI!GetPciAddressWorker
03 ACPI!ACPIGetWorkerForInteger
04 ACPI!AsyncCallBack
05 ACPI!RunContext
06 ACPI!DispatchCtxtQueue
07 ACPI!StartTimeSlicePassive
08 ACPI!ACPIWorker
09 nt!PspSystemThreadStartup
0a nt!KiThreadStartup
1: kd> dv
pctxtdata = 0x8997c0ac

1: kd> dt CTXT 0x8997c0ac-ac
ACPI!CTXT
+0x000 dwSig : 0x54585443
+0x004 pbCtxtEnd : 0x8997e000 "TSER"
+0x008 listCtxt : _List
+0x010 listQueue : _List
+0x018 pplistCtxtQueue : (null)
+0x01c plistResources : 0x8997c198 _List
+0x020 dwfCtxt : 0x120
+0x024 pnsObj : 0x899b4938 _NSObj
+0x028 pnsScope : 0x899b40ac _NSObj
+0x02c powner : 0x8997c1ac _objowner
+0x030 pcall : 0x8997dd18 _call
+0x034 pnctxt : (null)
+0x038 dwSyncLevel : 0xf
+0x03c pbOp : 0x899b4122 ""
+0x040 Result : _ObjData
+0x054 pfnAsyncCallBack : 0xf7407364 void ACPI!ACPIGetWorkerForInteger+0
+0x058 pdataCallBack : 0x899c634c _ObjData
+0x05c pvContext : 0x899c6320 Void
+0x060 Timer : _KTIMER
+0x088 Dpc : _KDPC
+0x0a8 pheapCurrent : 0x8997c0bc _heap
+0x0ac CtxtData : _ctxtdata
+0x0bc LocalHeap : _heap
1: kd> dx -id 0,0,899a2278 -r1 (*((ACPI!_heap *)0x8997c0bc))
(*((ACPI!_heap *)0x8997c0bc)) [Type: _heap]
[+0x000] dwSig : 0x50414548 [Type: unsigned long]
[+0x004] pbHeapEnd : 0x8997dc08 : 0x57 [Type: unsigned char *]
[+0x008] pheapHead : 0x8997c0bc [Type: _heap *]
[+0x00c] pheapNext : 0x0 [Type: _heap *]
[+0x010] pbHeapTop : 0x8997c1f0 : 0x0 [Type: unsigned char *]
[+0x014] plistFreeHeap : 0x0 [Type: _List *]
[+0x018] Heap [Type: _heapobjhdr]
1: kd> db framehdr 0x8997dc08
Couldn't resolve error at 'framehdr 0x8997dc08'
1: kd> dt framehdr 0x8997dc08
ACPI!FRAMEHDR
+0x000 dwSig : 0x41435257
+0x004 dwLen : 0x30
+0x008 dwfFrame : 3
+0x00c pfnParse : 0xf7417c1d long ACPI!WriteCookAccess+0

1: kd> dt _WRCOOKACC 0x8997dc08
ACPI!_wrcookacc
+0x000 FrameHdr : _framehdr
+0x010 pnsBase : 0x899b0b50 _NSObj
+0x014 prsa : 0x89996d68 _rsaccess
+0x018 dwAddr : 0xd8
+0x01c dwSize : 4
+0x020 dwData : 0x40e98102
+0x024 dwDataMask : 0xffffffff
+0x028 dwDataTmp : 0
+0x02c fPreserve : 0 ''

1: kd> kc
#
00 ACPI!RestartContext
01 ACPI!RestartCtxtCallback
02 ACPI!PciConfigSpaceHandlerWorker
03 ACPI!GetPciAddressWorker
04 ACPI!ACPIGetWorkerForInteger
05 ACPI!AsyncCallBack
06 ACPI!RunContext
07 ACPI!DispatchCtxtQueue
08 ACPI!StartTimeSlicePassive
09 ACPI!ACPIWorker
0a nt!PspSystemThreadStartup
0b nt!KiThreadStartup
1: kd> dv
pctxt = 0x8997c000
fDelayExecute = 0x00 ''

1: kd> x ACPI!gReadyQueue
f743a928 ACPI!gReadyQueue = struct _ctxtq
1: kd> dx -r1 (*((ACPI!_ctxtq *)0xf743a928))
(*((ACPI!_ctxtq *)0xf743a928)) [Type: _ctxtq]
[+0x000] dwfCtxtQ : 0x0 [Type: unsigned long]
[+0x004] pkthCurrent : 0x89981ca0 [Type: _KTHREAD *]
[+0x008] pctxtCurrent : 0x89903000 [Type: _ctxt *]
[+0x00c] plistCtxtQ : 0x0 [Type: _List *]
[+0x010] dwmsTimeSliceLength : 0x64 [Type: unsigned long]
[+0x014] dwmsTimeSliceInterval : 0x64 [Type: unsigned long]
[+0x018] pfnPauseCallback : 0x0 [Type: void (__cdecl*)(void *)]
[+0x01c] PauseCBContext : 0x0 [Type: void *]
[+0x020] mutCtxtQ [Type: _mutex]
[+0x028] Timer [Type: _KTIMER]
[+0x050] DpcStartTimeSlice [Type: _KDPC]
[+0x070] DpcExpireTimeSlice [Type: _KDPC]
[+0x090] WorkItem [Type: _WORK_QUEUE_ITEM]

if (KeGetCurrentIrql() < DISPATCH_LEVEL)
{
AcquireMutex(&gReadyQueue.mutCtxtQ);
rc = InsertReadyQueue(pctxt, fDelayExecute);
ReleaseMutex(&gReadyQueue.mutCtxtQ);
}

1: kd> x ACPI!gReadyQueue
f743a928 ACPI!gReadyQueue = struct _ctxtq
1: kd> dx -r1 (*((ACPI!_ctxtq *)0xf743a928))
(*((ACPI!_ctxtq *)0xf743a928)) [Type: _ctxtq]
[+0x000] dwfCtxtQ : 0x0 [Type: unsigned long]
[+0x004] pkthCurrent : 0x89981ca0 [Type: _KTHREAD *]
[+0x008] pctxtCurrent : 0x89903000 [Type: _ctxt *]
[+0x00c] plistCtxtQ : 0x8997c010 [Type: _List *]
[+0x010] dwmsTimeSliceLength : 0x64 [Type: unsigned long]
[+0x014] dwmsTimeSliceInterval : 0x64 [Type: unsigned long]
[+0x018] pfnPauseCallback : 0x0 [Type: void (__cdecl*)(void *)]
[+0x01c] PauseCBContext : 0x0 [Type: void *]
[+0x020] mutCtxtQ [Type: _mutex]
[+0x028] Timer [Type: _KTIMER]
[+0x050] DpcStartTimeSlice [Type: _KDPC]
[+0x070] DpcExpireTimeSlice [Type: _KDPC]
[+0x090] WorkItem [Type: _WORK_QUEUE_ITEM]

第二部分：acpi!AcpiGetListEntry删除了一个节点

VOID
EXPORT
ACPIGetWorkerForInteger(
IN PNSOBJ AcpiObject,
IN NTSTATUS Status,
IN POBJDATA Result,
IN PVOID Context
)
{

if ( !(request->Flags & GET_PROP_SKIP_CALLBACK) ) {

//
// Is there a callback routine to call?
//
if (request->CallBackRoutine != NULL) {

(request->CallBackRoutine)(
AcpiObject,
status,
NULL,
request->CallBackContext
);

}

//
// Remove the request from the queue
//
KeAcquireSpinLock( &AcpiGetLock, &oldIrql );
RemoveEntryList( &(request->ListEntry) ); 这里会删除一个acpi!AcpiGetListEntry节点
KeReleaseSpinLock( &AcpiGetLock, oldIrql );

1: kd> x acpi!AcpiGetListEntry
f743b940 ACPI!AcpiGetListEntry = struct _LIST_ENTRY [ 0x899c6328 - 0x899c6328 ]
1: kd> dx -r1 (*((ACPI!_LIST_ENTRY *)0xf743b940))
(*((ACPI!_LIST_ENTRY *)0xf743b940)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0x899c6328 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0x899c6328 [Type: _LIST_ENTRY *]
1: kd> dx -r1 ((ACPI!_LIST_ENTRY *)0x899c6328)
((ACPI!_LIST_ENTRY *)0x899c6328) : 0x899c6328 [Type: _LIST_ENTRY *]
[+0x000] Flink : 0xf743b940 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0xf743b940 [Type: _LIST_ENTRY *]

第三部分：

1: kd> gu
eax=00000000 ebx=f743a948 ecx=00050001 edx=00040000 esi=89903000 edi=00008004
eip=f741d905 esp=f791ad18 ebp=f791ad34 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!RunContext+0x1f5:
f741d905 f6462101 test byte ptr [esi+21h],1 ds:0023:89903021=01
1: kd> gu
eax=00008004 ebx=89903000 ecx=8997e000 edx=00002707 esi=f743a928 edi=f743a934
eip=f742042d esp=f791ad3c ebp=f791ad4c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!DispatchCtxtQueue+0xaf:
f742042d 57 push edi

VOID LOCAL DispatchCtxtQueue(PCTXTQ pctxtq)
{

while ((plist = ListRemoveHead(&pctxtq->plistCtxtQ)) != NULL)
{
pctxt = CONTAINING_RECORD(plist, CTXT, listQueue);

ASSERT(pctxt->pplistCtxtQueue == &pctxtq->plistCtxtQ);

pctxt->pplistCtxtQueue = NULL;
pctxt->dwfCtxt &= ~CTXTF_IN_READYQ;
RunContext(pctxt);
}

1: kd> x ACPI!gReadyQueue
f743a928 ACPI!gReadyQueue = struct _ctxtq
1: kd> dx -r1 (*((ACPI!_ctxtq *)0xf743a928))
(*((ACPI!_ctxtq *)0xf743a928)) [Type: _ctxtq]
[+0x000] dwfCtxtQ : 0x0 [Type: unsigned long]
[+0x004] pkthCurrent : 0x0 [Type: _KTHREAD *]
[+0x008] pctxtCurrent : 0x0 [Type: _ctxt *]
[+0x00c] plistCtxtQ : 0x8997c010 [Type: _List *]
[+0x010] dwmsTimeSliceLength : 0x64 [Type: unsigned long]
[+0x014] dwmsTimeSliceInterval : 0x64 [Type: unsigned long]
[+0x018] pfnPauseCallback : 0x0 [Type: void (__cdecl*)(void *)]
[+0x01c] PauseCBContext : 0x0 [Type: void *]
[+0x020] mutCtxtQ [Type: _mutex]
[+0x028] Timer [Type: _KTIMER]
[+0x050] DpcStartTimeSlice [Type: _KDPC]
[+0x070] DpcExpireTimeSlice [Type: _KDPC]
[+0x090] WorkItem [Type: _WORK_QUEUE_ITEM]

1: kd> g
Breakpoint 39 hit
eax=8997c010 ebx=8997c000 ecx=00008004 edx=00002707 esi=f743a928 edi=f743a934
eip=f741d710 esp=f791ad38 ebp=f791ad4c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
ACPI!RunContext:
f741d710 55 push ebp
1: kd> kc
#
00 ACPI!RunContext
01 ACPI!DispatchCtxtQueue
02 ACPI!StartTimeSlicePassive
03 ACPI!ACPIWorker
04 nt!PspSystemThreadStartup
05 nt!KiThreadStartup
1: kd> dv
pctxt = 0x8997c000
pctxtSave = 0xf741d711
pkthSave = 0x00000008
rc = 0n-1986543616