linux-user: Fix exit syscall with QOM CPU

Message ID	1334500796-25306-1-git-send-email-afaerber@suse.de
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de> To: qemu-devel@nongnu.org Date: Sun, 15 Apr 2012 16:39:56 +0200 Message-Id: <1334500796-25306-1-git-send-email-afaerber@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: Peter Maydell <peter.maydell@linaro.org>, Riku Voipio <riku.voipio@iki.fi>, =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de> Subject: [Qemu-devel] [PATCH] linux-user: Fix exit syscall with QOM CPU Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

1334500796-25306-1-git-send-email-afaerber@suse.de

State

New

Headers

From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
To: qemu-devel@nongnu.org
Date: Sun, 15 Apr 2012 16:39:56 +0200
Message-Id: <1334500796-25306-1-git-send-email-afaerber@suse.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: Peter Maydell <peter.maydell@linaro.org>,
	Riku Voipio <riku.voipio@iki.fi>, 
	=?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
Subject: [Qemu-devel] [PATCH] linux-user: Fix exit syscall with QOM CPU
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Andreas Färber April 15, 2012, 2:39 p.m. UTC

For QOM'ified CPUs we cannot g_free() CPUArchState, we must
object_delete() the object it is embedded into.

Should fix LP#982321 (invalid free() while executing pacman w/qemu-arm).

Reported-by: Serge Schneider <serge@xecdesign.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Peter Maydell <peter.maydell@linaro.org>
---
 linux-user/syscall.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

Comments

Peter Maydell April 15, 2012, 3:55 p.m. UTC | #1

On 15 April 2012 15:39, Andreas Färber <afaerber@suse.de> wrote:
> For QOM'ified CPUs we cannot g_free() CPUArchState, we must
> object_delete() the object it is embedded into.
>
> Should fix LP#982321 (invalid free() while executing pacman w/qemu-arm).
>
> Reported-by: Serge Schneider <serge@xecdesign.com>
> Signed-off-by: Andreas Färber <afaerber@suse.de>
> Cc: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Tested with a random simple multithreaded test program,
confirmed that this fixes the invalid-free problem.
(The program is still somewhat unreliable under qemu,
sometimes segfaulting, but I think that is just the
usual "multithreaded programs don't work reliably" issue
we've had since forever.)

-- PMM

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 8a92162..7128618 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5045,7 +5045,11 @@  abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
                         NULL, NULL, 0);
           }
           thread_env = NULL;
+#ifdef ENV_GET_CPU
+          object_delete(OBJECT(ENV_GET_CPU(cpu_env)));
+#else
           g_free(cpu_env);
+#endif
           g_free(ts);
           pthread_exit(NULL);
       }

linux-user: Fix exit syscall with QOM CPU

Commit Message

Comments

Patch