From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=55317 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PJVHP-0007g0-Iq for qemu-devel@nongnu.org; Fri, 19 Nov 2010 13:01:48 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PJVHN-0007vL-K2 for qemu-devel@nongnu.org; Fri, 19 Nov 2010 13:01:47 -0500 Received: from adelie.canonical.com ([91.189.90.139]:47999) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PJVHN-0007vE-8M for qemu-devel@nongnu.org; Fri, 19 Nov 2010 13:01:45 -0500 Received: from loganberry.canonical.com ([91.189.90.37]) by adelie.canonical.com with esmtp (Exim 4.69 #1 (Debian)) id 1PJVHK-0007k0-AB for ; Fri, 19 Nov 2010 18:01:42 +0000 Received: from loganberry.canonical.com (localhost [127.0.0.1]) by loganberry.canonical.com (Postfix) with ESMTP id F2E902E80DF for ; Fri, 19 Nov 2010 18:01:11 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Date: Fri, 19 Nov 2010 17:50:44 -0000 From: Peter Maydell Sender: bounces@canonical.com References: <20101030164240.14186.64841.malonedeb@wampee.canonical.com> Message-Id: <20101119175045.31464.28699.malone@wampee.canonical.com> Errors-To: bounces@canonical.com Subject: [Qemu-devel] [Bug 668799] Re: qemu-arm segfaults executing msgmerge (gettext) Reply-To: Bug 668799 <668799@bugs.launchpad.net> List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org The following patch stops the segfault (which happens because cpu_unlink_tb() is fiddling with the links between tbs without taking the tb_lock, so another thread can come in via eg tb_add_jump() and cause corruption of the linked lists). However, there are a number of comments in the TB handling code about things being non-thread-safe or not SMP safe, so I need to have a more careful think about the whole thing. diff --git a/exec.c b/exec.c index db9ff55..5f4a50b 100644 --- a/exec.c +++ b/exec.c @@ -1606,9 +1606,8 @@ static void cpu_unlink_tb(CPUState *env) emulation this often isn't actually as bad as it sounds. Often signals are used primarily to interrupt blocking syscalls. */ TranslationBlock *tb; - static spinlock_t interrupt_lock =3D SPIN_LOCK_UNLOCKED; = - spin_lock(&interrupt_lock); + spin_lock(&tb_lock); tb =3D env->current_tb; /* if the cpu is currently executing code, we must unlink it and all the potentially executing TB */ @@ -1616,7 +1615,7 @@ static void cpu_unlink_tb(CPUState *env) env->current_tb =3D NULL; tb_reset_jump_recursive(tb); } - spin_unlock(&interrupt_lock); + spin_unlock(&tb_lock); } = /* mask must never be zero, except for A20 change call */ -- = qemu-arm segfaults executing msgmerge (gettext) https://bugs.launchpad.net/bugs/668799 You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. Status in QEMU: New Bug description: upstream qemu.git revision b45e9c05dbacba8e992f0bffeca04c6379c3ad45 Starting program: /usr/bin/qemu-arm msgmerge-static ar.po anjuta.pot [Thread debugging using libthread_db enabled] [New Thread 0x7ffff4bc3ff0 (LWP 26108)] [New Thread 0x7ffff4b8aff0 (LWP 26109)] [New Thread 0x7ffff4b51ff0 (LWP 26110)] [New Thread 0x7ffff4b18ff0 (LWP 26111)] [New Thread 0x7ffff4adfff0 (LWP 26112)] [New Thread 0x7ffff4aa6ff0 (LWP 26113)] [New Thread 0x7ffff4a6dff0 (LWP 26114)] [New Thread 0x7ffff4a34ff0 (LWP 26115)] [New Thread 0x7ffff49fbff0 (LWP 26116)] [New Thread 0x7ffff49c2ff0 (LWP 26117)] [New Thread 0x7ffff4989ff0 (LWP 26118)] [New Thread 0x7ffff4950ff0 (LWP 26119)] [New Thread 0x7ffff4917ff0 (LWP 26120)] [New Thread 0x7ffff48deff0 (LWP 26121)] [New Thread 0x7ffff48a5ff0 (LWP 26122)] [New Thread 0x7ffff486cff0 (LWP 26123)] [New Thread 0x7ffff4833ff0 (LWP 26124)] [New Thread 0x7ffff47faff0 (LWP 26125)] [New Thread 0x7ffff47c1ff0 (LWP 26126)] [New Thread 0x7ffff4788ff0 (LWP 26127)] [New Thread 0x7ffff474fff0 (LWP 26128)] [New Thread 0x7ffff4716ff0 (LWP 26129)] [New Thread 0x7ffff46ddff0 (LWP 26130)] ......................... Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff4aa6ff0 (LWP 26113)] 0x00000000600480d4 in tb_reset_jump_recursive2 (tb=3D0x7ffff4c63540, n=3D0) at /home/user/git/qemu/exec.c:1333 1333 tb1 =3D tb1->jmp_next[n1]; (gdb) bt #0 0x00000000600480d4 in tb_reset_jump_recursive2 (tb=3D0x7ffff4c63540, n= =3D0) at /home/user/git/qemu/exec.c:1333 #1 0x00000000600481c0 in tb_reset_jump_recursive (tb=3D0x7ffff4c63540) at /home/user/git/qemu/exec.c:1361 #2 0x0000000060048160 in tb_reset_jump_recursive2 (tb=3D0x7ffff4c634d8, n= =3D0) at /home/user/git/qemu/exec.c:1355 #3 0x00000000600481c0 in tb_reset_jump_recursive (tb=3D0x7ffff4c634d8) at /home/user/git/qemu/exec.c:1361 #4 0x0000000060048160 in tb_reset_jump_recursive2 (tb=3D0x7ffff4c63470, n= =3D0) at /home/user/git/qemu/exec.c:1355 #5 0x00000000600481c0 in tb_reset_jump_recursive (tb=3D0x7ffff4c63470) at /home/user/git/qemu/exec.c:1361 #6 0x0000000060048160 in tb_reset_jump_recursive2 (tb=3D0x7ffff4c63408, n= =3D1) at /home/user/git/qemu/exec.c:1355 #7 0x00000000600481d1 in tb_reset_jump_recursive (tb=3D0x7ffff4c63408) at /home/user/git/qemu/exec.c:1362 #8 0x0000000060048160 in tb_reset_jump_recursive2 (tb=3D0x7ffff4c633a0, n= =3D0) at /home/user/git/qemu/exec.c:1355 #9 0x00000000600481c0 in tb_reset_jump_recursive (tb=3D0x7ffff4c633a0) at /home/user/git/qemu/exec.c:1361 #10 0x0000000060048160 in tb_reset_jump_recursive2 (tb=3D0x7ffff4c63338, n= =3D0) at /home/user/git/qemu/exec.c:1355 #11 0x00000000600481c0 in tb_reset_jump_recursive (tb=3D0x7ffff4c63338) at /home/user/git/qemu/exec.c:1361 #12 0x0000000060048160 in tb_reset_jump_recursive2 (tb=3D0x7ffff4c632d0, n= =3D0) at /home/user/git/qemu/exec.c:1355 ---Type to continue, or q to quit--- #13 0x00000000600481c0 in tb_reset_jump_recursive (tb=3D0x7ffff4c632d0) at /home/user/git/qemu/exec.c:1361 #14 0x0000000060048160 in tb_reset_jump_recursive2 (tb=3D0x7ffff4c63268, n= =3D1) at /home/user/git/qemu/exec.c:1355 #15 0x00000000600481d1 in tb_reset_jump_recursive (tb=3D0x7ffff4c63268) at /home/user/git/qemu/exec.c:1362 #16 0x0000000060048160 in tb_reset_jump_recursive2 (tb=3D0x7ffff4c63200, n= =3D0) at /home/user/git/qemu/exec.c:1355 #17 0x00000000600481c0 in tb_reset_jump_recursive (tb=3D0x7ffff4c63200) at /home/user/git/qemu/exec.c:1361 #18 0x00000000600487c5 in cpu_unlink_tb (env=3D0x62385400) at /home/user/gi= t/qemu/exec.c:1617 #19 0x00000000600488e8 in cpu_exit (env=3D0x62385400) at /home/user/git/qem= u/exec.c:1662 #20 0x0000000060000798 in start_exclusive () at /home/user/git/qemu/linux-u= ser/main.c:152 #21 0x0000000060000a4b in do_kernel_trap (env=3D0x62359940) at /home/user/git/qemu/linux-user/main.c:493 #22 0x00000000600023f3 in cpu_loop (env=3D0x62359940) at /home/user/git/qem= u/linux-user/main.c:797 #23 0x00000000600123df in clone_func (arg=3D0x7ffffffd76e0) at /home/user/git/qemu/linux-user/syscall.c:3561 #24 0x00000000600b382d in start_thread (arg=3D) at pth= read_create.c:297 #25 0x00000000600f1809 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clo= ne.S:112 #26 0x0000000000000000 in ?? () (gdb) = Its interesting to see this : #0 0x00000000600480d4 in tb_reset_jump_recursive2 (tb=3D0x7ffff4c63540, n= =3D0) at /home/user/git/qemu/exec.c:1333 tb1 =3D 0x0 <<<<<<<<<< tb_next =3D 0xf4c63610 <<<<<<<<<< ptb =3D 0x60341c91 <<<<<<<<<< n1 =3D 0 #1 0x00000000600481c0 in tb_reset_jump_recursive (tb=3D0x7ffff4c63540) at /home/user/git/qemu/exec.c:1361 No locals. #2 0x0000000060048160 in tb_reset_jump_recursive2 (tb=3D0x7ffff4c634d8, n= =3D0) at /home/user/git/qemu/exec.c:1355 tb1 =3D 0x7ffff4c634d8 <<<<<<<<<<< tb_next =3D 0x7ffff4c63540 <<<<<<<<<<< ptb =3D 0x7ffff4c63860 <<<<<<<<<<< n1 =3D 0 #3 0x00000000600481c0 in tb_reset_jump_recursive (tb=3D0x7ffff4c634d8) at /home/user/git/qemu/exec.c:1361 No locals. #4 0x0000000060048160 in tb_reset_jump_recursive2 (tb=3D0x7ffff4c63470, n= =3D0) at /home/user/git/qemu/exec.c:1355 tb1 =3D 0x7ffff4c63470 tb_next =3D 0x7ffff4c634d8 ptb =3D 0x7ffff4c63530 n1 =3D 0 #5 0x00000000600481c0 in tb_reset_jump_recursive (tb=3D0x7ffff4c63470) at /home/user/git/qemu/exec.c:1361