The translation code uses cpu_ld*_code which can trigger a tlb_fill
which if it fails will attempt a fault resolution. This never works
during translation as the TB being generated hasn't been added yet.
However with the new locking regime we end up double locking the
tb_lock(). As the tcg_ctx.cpu is only set during translation we use
this to short circuit the restore code and return with a fail.
Most front-ends seem to ignore the pass/fail result anyway but
tolerate not having the cpu environment updated. This is arguably ugly
but will do for now.
Signed-off-by: Alex Bennée <alex.ben...@linaro.org>
---
translate-all.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/translate-all.c b/translate-all.c
index 7ee273410d..956d54b882 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -333,6 +333,13 @@ bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr)
TranslationBlock *tb;
bool r = false;
+ /* Don't attempt to restore state if we are translating already */
+ if (tcg_ctx.cpu == cpu) {
+ qemu_log_mask(LOG_UNIMP, "Attempt to resolve CPU state @ 0x%" PRIxPTR
+ " while translating\n", retaddr);
+ return r;
+ }
+
tb_lock();
tb = tb_find_pc(retaddr);
if (tb) {
--
2.11.0
