On Mon, Jul 25, 2016 at 11:59:20AM +0200, Igor Mammedov wrote: > Instead use QTAIL's tqe_prev field to detect if cpu's been > placed in list by cpu_exec_init() which is always set if > QTAIL element is in list. > > Fixes SIGSEGV on failure path in case cpu_index is assigned > by board and cpu.relalize() fails before cpu_exec_init() is called. > > In follow up patches, cpu_index will be assigned by boards that > support cpu hot(un)plug and need stable cpu_index that doesn't > depend on order cpus are created/removed. > > Signed-off-by: Igor Mammedov <imamm...@redhat.com> > Reported-by: David Gibson <da...@gibson.dropbear.id.au>
Reviewed-by: David Gibson <da...@gibson.dropbear.id.au>
> ---
> v2:
> replace setting tqe_prev to NULL in generic QTAIL_REMOVE
> with a check and cleanup in cpu_exec_exit() to be on safe side.
> And delay QTAIL_REMOVE() change to 2.8.
> ---
> exec.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/exec.c b/exec.c
> index 2f57c62..ae45a70 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -643,13 +643,14 @@ void cpu_exec_exit(CPUState *cpu)
> CPUClass *cc = CPU_GET_CLASS(cpu);
>
> cpu_list_lock();
> - if (cpu->cpu_index == -1) {
> - /* cpu_index was never allocated by this @cpu or was already freed.
> */
> + if (cpu->node.tqe_prev == NULL) {
> + /* there is nothing to undo since cpu_exec_init() hasn't been called
> */
> cpu_list_unlock();
> return;
> }
>
> QTAILQ_REMOVE(&cpus, cpu, node);
> + cpu->node.tqe_prev = NULL;
> cpu_release_index(cpu);
> cpu->cpu_index = -1;
> cpu_list_unlock();
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
