qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] target/arm: Look up ARMCPRegInfo at runtime

From: Richard Henderson
Subject: Re: [PATCH 2/2] target/arm: Look up ARMCPRegInfo at runtime
Date: Mon, 23 Jan 2023 14:20:11 -1000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 
On 1/23/23 02:53, Peter Maydell wrote:

On Fri, 6 Jan 2023 at 19:45, Richard Henderson
<richard.henderson@linaro.org> wrote:


Do not encode the pointer as a constant in the opcode stream.
This pointer is specific to the cpu that first generated the
translation, which runs into problems with both hot-pluggable
cpus and user-only threads, as cpus are removed.

Perform the lookup in either helper_access_check_cp_reg,
or a new helper_lookup_cp_reg.


As well as the use-after-free, this is also a correctness
bug, isn't it? If we hardwire in the cpregs pointer for
CPU 0 into the TB, and then CPU 1 with a slightly different
config executes the TB, it will get the cpregs of CPU 0,
not its own, so it might see a register it should not or
vice-versa.
Existing assumption was that each cpu configuration would have its own cluster_index, which gets encoded into cpu->tcg_cflags, which is part of the comparison used when hashing TBs. 

But including this patch allows relaxation of what constitutes a "cpu 
configuration".


r~
reply via email to
[Prev in Thread] Current Thread [Next in Thread]