|
| From: | Richard Henderson |
| Subject: | Re: [PULL 1/3] linux-user: un-parent OBJECT(cpu) when closing thread |
| Date: | Fri, 19 Aug 2022 07:36:41 -0700 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 |
On 8/19/22 01:37, Alex Bennée wrote:
This has caused a regression in arm/aarch64. We hard-code ARMCPRegInfo pointers into TranslationBlocks, for calling into helper_{get,set}cp_reg{,64}. So we have a race condition between whichever cpu thread translates the code first (encoding the pointer), and that cpu thread exiting, so that the next execution of the TB references a freed data structure.What is the test case that breaks this? I guess a multi-threaded sysregs.c would trigger it?
E.g. tests/tcg/aarch64-linux-user/signals. r~
| [Prev in Thread] | Current Thread | [Next in Thread] |