Hi, On 4/12/23 19:57, Stefan Hajnoczi wrote:
On Mon, 4 Dec 2023 at 13:37, Michal Suchánek <[email protected]> wrote:
Looking at tcg.c line 784 is here: ster_thread(void) { TCGContext *s = g_malloc(sizeof(*s)); unsigned int i, n; *s = tcg_init_ctx; /* Relink mem_base. */ for (i = 0, n = tcg_init_ctx.nb_globals; i < n; ++i) { if (tcg_init_ctx.temps[i].mem_base) { ptrdiff_t b = tcg_init_ctx.temps[i].mem_base - tcg_init_ctx.temps; tcg_debug_assert(b >= 0 && b < n); s->temps[i].mem_base = &s->temps[b]; } } /* Claim an entry in tcg_ctxs */ n = qatomic_fetch_inc(&tcg_cur_ctxs);g_assert(n < tcg_max_ctxs); <<<qatomic_set(&tcg_ctxs[n], s); if (n > 0) { alloc_tcg_plugin_context(s); tcg_region_initial_alloc(s); } tcg_ctx = s; } Any idea why qemu would be crashing here?Hi Michal, $ git grep tcg_cur_ctxs tcg/region.c:409: unsigned int n_ctxs = qatomic_read(&tcg_cur_ctxs); tcg/region.c:889: unsigned int n_ctxs = qatomic_read(&tcg_cur_ctxs); tcg/tcg-internal.h:34:extern unsigned int tcg_cur_ctxs; tcg/tcg.c:241:unsigned int tcg_cur_ctxs; tcg/tcg.c:806: n = qatomic_fetch_inc(&tcg_cur_ctxs); tcg/tcg.c:1369: tcg_cur_ctxs = 1; I don't see a qatomic_dec(&tcg_cur_ctxs) anywhere, so it seems hot unplugging a vcpu doesn't release the tcg_cur_ctxs refcount. Do we need a tcg_unregister_thread() function?
Suggested fix posted as RFC patch: https://lore.kernel.org/qemu-devel/[email protected]/
