From: Richard Henderson <richard.henderson@linaro.org>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org
Subject: Re: [PATCH 2/2] target/arm: Look up ARMCPRegInfo at runtime
Date: Mon, 23 Jan 2023 14:20:11 -1000 [thread overview]
Message-ID: <3443cf40-4013-6ac6-895d-08f86c229809@linaro.org> (raw)
In-Reply-To: <CAFEAcA9mh+eS8rHwqmyjOAmcnPDJ7K54QbJPd7itKZskQeox5g@mail.gmail.com>
On 1/23/23 02:53, Peter Maydell wrote:
> On Fri, 6 Jan 2023 at 19:45, Richard Henderson
> <richard.henderson@linaro.org> wrote:
>>
>> Do not encode the pointer as a constant in the opcode stream.
>> This pointer is specific to the cpu that first generated the
>> translation, which runs into problems with both hot-pluggable
>> cpus and user-only threads, as cpus are removed.
>>
>> Perform the lookup in either helper_access_check_cp_reg,
>> or a new helper_lookup_cp_reg.
>
> As well as the use-after-free, this is also a correctness
> bug, isn't it? If we hardwire in the cpregs pointer for
> CPU 0 into the TB, and then CPU 1 with a slightly different
> config executes the TB, it will get the cpregs of CPU 0,
> not its own, so it might see a register it should not or
> vice-versa.
Existing assumption was that each cpu configuration would have its own cluster_index,
which gets encoded into cpu->tcg_cflags, which is part of the comparison used when hashing
TBs.
But including this patch allows relaxation of what constitutes a "cpu configuration".
r~
next prev parent reply other threads:[~2023-01-24 0:21 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-06 19:44 [PATCH 0/2] target/arm: Look up ARMCPRegInfo at runtime Richard Henderson
2023-01-06 19:44 ` [PATCH 1/2] target/arm: Reorg do_coproc_insn Richard Henderson
2023-01-17 15:42 ` Alex Bennée
2023-01-06 19:44 ` [PATCH 2/2] target/arm: Look up ARMCPRegInfo at runtime Richard Henderson
2023-01-23 12:53 ` Peter Maydell
2023-01-24 0:20 ` Richard Henderson [this message]
2023-01-24 9:48 ` Peter Maydell
2023-01-24 10:39 ` Alex Bennée
2023-01-16 20:16 ` [PATCH 0/2] " Richard Henderson
2023-01-17 10:28 ` Peter Maydell
2023-01-17 15:20 ` Richard Henderson
2023-01-23 12:55 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3443cf40-4013-6ac6-895d-08f86c229809@linaro.org \
--to=richard.henderson@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.