[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 06/27] tcg: Manage splitwx in tc_ptr_to_region_tree by hand
From: |
Richard Henderson |
Subject: |
[PULL 06/27] tcg: Manage splitwx in tc_ptr_to_region_tree by hand |
Date: |
Sat, 6 Mar 2021 13:35:52 -0800 |
The use in tcg_tb_lookup is given a random pc that comes from the pc
of a signal handler. Do not assert that the pointer is already within
the code gen buffer at all, much less the writable mirror of it.
Fixes: db0c51a3803
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
tcg/tcg.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/tcg/tcg.c b/tcg/tcg.c
index bbe3dcee03..2991112829 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -513,11 +513,21 @@ static void tcg_region_trees_init(void)
}
}
-static struct tcg_region_tree *tc_ptr_to_region_tree(const void *cp)
+static struct tcg_region_tree *tc_ptr_to_region_tree(const void *p)
{
- void *p = tcg_splitwx_to_rw(cp);
size_t region_idx;
+ /*
+ * Like tcg_splitwx_to_rw, with no assert. The pc may come from
+ * a signal handler over which the caller has no control.
+ */
+ if (!in_code_gen_buffer(p)) {
+ p -= tcg_splitwx_diff;
+ if (!in_code_gen_buffer(p)) {
+ return NULL;
+ }
+ }
+
if (p < region.start_aligned) {
region_idx = 0;
} else {
@@ -536,6 +546,7 @@ void tcg_tb_insert(TranslationBlock *tb)
{
struct tcg_region_tree *rt = tc_ptr_to_region_tree(tb->tc.ptr);
+ g_assert(rt != NULL);
qemu_mutex_lock(&rt->lock);
g_tree_insert(rt->tree, &tb->tc, tb);
qemu_mutex_unlock(&rt->lock);
@@ -545,6 +556,7 @@ void tcg_tb_remove(TranslationBlock *tb)
{
struct tcg_region_tree *rt = tc_ptr_to_region_tree(tb->tc.ptr);
+ g_assert(rt != NULL);
qemu_mutex_lock(&rt->lock);
g_tree_remove(rt->tree, &tb->tc);
qemu_mutex_unlock(&rt->lock);
@@ -561,6 +573,10 @@ TranslationBlock *tcg_tb_lookup(uintptr_t tc_ptr)
TranslationBlock *tb;
struct tb_tc s = { .ptr = (void *)tc_ptr };
+ if (rt == NULL) {
+ return NULL;
+ }
+
qemu_mutex_lock(&rt->lock);
tb = g_tree_lookup(rt->tree, &s);
qemu_mutex_unlock(&rt->lock);
--
2.25.1
- [PULL 09/27] tcg/tci: Merge identical cases in generation (deposit opcode), (continued)
- [PULL 09/27] tcg/tci: Merge identical cases in generation (deposit opcode), Richard Henderson, 2021/03/06
- [PULL 04/27] tcg/tci: Use exec/cpu_ldst.h interfaces, Richard Henderson, 2021/03/06
- [PULL 12/27] tcg/tci: Remove tci_read_r8, Richard Henderson, 2021/03/06
- [PULL 08/27] tcg/tci: Merge identical cases in generation (exchange opcodes), Richard Henderson, 2021/03/06
- [PULL 11/27] tcg/tci: Merge identical cases in generation (load/store opcodes), Richard Henderson, 2021/03/06
- [PULL 13/27] tcg/tci: Remove tci_read_r8s, Richard Henderson, 2021/03/06
- [PULL 14/27] tcg/tci: Remove tci_read_r16, Richard Henderson, 2021/03/06
- [PULL 15/27] tcg/tci: Remove tci_read_r16s, Richard Henderson, 2021/03/06
- [PULL 05/27] tcg: Split out tcg_raise_tb_overflow, Richard Henderson, 2021/03/06
- [PULL 07/27] tcg/tci: Merge identical cases in generation (arithmetic opcodes), Richard Henderson, 2021/03/06
- [PULL 06/27] tcg: Manage splitwx in tc_ptr_to_region_tree by hand,
Richard Henderson <=
- [PULL 17/27] tcg/tci: Remove tci_read_r32s, Richard Henderson, 2021/03/06
- [PULL 18/27] tcg/tci: Reduce use of tci_read_r64, Richard Henderson, 2021/03/06
- [PULL 10/27] tcg/tci: Merge identical cases in generation (conditional opcodes), Richard Henderson, 2021/03/06
- [PULL 16/27] tcg/tci: Remove tci_read_r32, Richard Henderson, 2021/03/06
- [PULL 21/27] tcg/tci: Merge bswap operations, Richard Henderson, 2021/03/06
- [PULL 20/27] tcg/tci: Merge extension operations, Richard Henderson, 2021/03/06
- [PULL 19/27] tcg/tci: Merge basic arithmetic operations, Richard Henderson, 2021/03/06
- [PULL 22/27] tcg/tci: Merge mov, not and neg operations, Richard Henderson, 2021/03/06
- [PULL 25/27] accel/tcg: drop the use of CF_HASH_MASK and rename params, Richard Henderson, 2021/03/06
- [PULL 26/27] include/exec: lightly re-arrange TranslationBlock, Richard Henderson, 2021/03/06