From: Richard Henderson <richard.henderson@linaro.org>
To: "Alex Bennée" <alex.bennee@linaro.org>, peter.maydell@linaro.org
Cc: qemu-devel@nongnu.org, Laurent Vivier <laurent@vivier.eu>
Subject: Re: [PULL 1/3] linux-user: un-parent OBJECT(cpu) when closing thread
Date: Thu, 18 Aug 2022 18:02:16 -0700 [thread overview]
Message-ID: <3402017d-7088-6902-61b8-4e61cea6db58@linaro.org> (raw)
In-Reply-To: <20220816122621.2066292-2-alex.bennee@linaro.org>
On 8/16/22 05:26, Alex Bennée wrote:
> While forcing the CPU to unrealize by hand does trigger the clean-up
> code we never fully free resources because refcount never reaches
> zero. This is because QOM automatically added objects without an
> explicit parent to /unattached/, incrementing the refcount.
>
> Instead of manually triggering unrealization just unparent the object
> and let the device machinery deal with that for us.
>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/866
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> Reviewed-by: Laurent Vivier <laurent@vivier.eu>
> Message-Id: <20220811151413.3350684-2-alex.bennee@linaro.org>
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index f409121202..bfdd60136b 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -8594,7 +8594,13 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
> if (CPU_NEXT(first_cpu)) {
> TaskState *ts = cpu->opaque;
>
> - object_property_set_bool(OBJECT(cpu), "realized", false, NULL);
> + if (ts->child_tidptr) {
> + put_user_u32(0, ts->child_tidptr);
> + do_sys_futex(g2h(cpu, ts->child_tidptr),
> + FUTEX_WAKE, INT_MAX, NULL, NULL, 0);
> + }
> +
> + object_unparent(OBJECT(cpu));
This has caused a regression in arm/aarch64.
We hard-code ARMCPRegInfo pointers into TranslationBlocks, for calling into
helper_{get,set}cp_reg{,64}. So we have a race condition between whichever cpu thread
translates the code first (encoding the pointer), and that cpu thread exiting, so that the
next execution of the TB references a freed data structure.
We shouldn't have N copies of these pointers in the first place. This seems like
something that ought to be placed on the ARMCPUClass, so that it could be shared by each cpu.
But that's going to be a complex fix, so I'm reverting this for rc4.
r~
next prev parent reply other threads:[~2022-08-19 1:04 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-16 12:26 [PULL for 7.1 0/3] memory leak and testing tweaks Alex Bennée
2022-08-16 12:26 ` [PULL 1/3] linux-user: un-parent OBJECT(cpu) when closing thread Alex Bennée
2022-08-19 1:02 ` Richard Henderson [this message]
2022-08-19 8:37 ` Alex Bennée
2022-08-19 14:36 ` Richard Henderson
2022-08-16 12:26 ` [PULL 2/3] tests/avocado: add timeout to the aspeed tests Alex Bennée
2022-08-16 12:32 ` Peter Maydell
2022-08-16 13:31 ` Alex Bennée
2022-08-16 13:40 ` Peter Maydell
2022-08-16 12:26 ` [PULL 3/3] tests/avocado: apply a band aid to aspeed-evb login Alex Bennée
2022-08-16 15:58 ` [PULL for 7.1 0/3] memory leak and testing tweaks Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3402017d-7088-6902-61b8-4e61cea6db58@linaro.org \
--to=richard.henderson@linaro.org \
--cc=alex.bennee@linaro.org \
--cc=laurent@vivier.eu \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).