In the case of badframe, user struct is not unlocked here and may lead to deadlock:
In similar case, it in unlocked correctly:
Laurant replied that frame needs to be initialized with NULL in the second case indeed:
In fact, this case is a little bit different and wrong but to fix that
the solution is to set frame to NULL when it is declared:
linux-user/qemu.h:
* Unlock an area of guest memory. The first LEN bytes must be
flushed back to guest memory. host_ptr = NULL is explicitly
allowed and does nothing. */
static inline void unlock_user(void *host_ptr, abi_ulong guest_addr,
long len)
like for linux-user/aarch64/signal.c:
long do_rt_sigreturn(CPUARMState *env)
{
struct target_rt_sigframe *frame = NULL;
...
We have several targets with the same problem.