On 8/19/22 01:37, Alex Bennée wrote:
This has caused a regression in arm/aarch64.We hard-code ARMCPRegInfo pointers into TranslationBlocks, for calling into helper_{get,set}cp_reg{,64}. So we have a race condition between whichever cpu thread translates the code first (encoding the pointer), and that cpu thread exiting, so that the next execution of the TB references a freed data structure.What is the test case that breaks this? I guess a multi-threaded sysregs.c would trigger it?
E.g. tests/tcg/aarch64-linux-user/signals. r~
