At the moment the linux-user cpu_copy() implementation assumes that it can clone a CPU object for a new guest thread by first creating and resetting a fresh CPU object and then doing a shallow copy with memcpy() of the CPU's env struct. This is obviously a very dubious assumption, but for the most part it works.
One place where it doesn't currently work is MIPS, where we have a few pointer fields at the end of the CPU struct. Currently we don't ever try to free the objects we point to when the CPU is destroyed, so this is a leak but not incorrect behaviour. However, we can't fix the leak by freeing memory in CPU unrealize, because then we would get a double-free because both old and new thread point to the same memory. In the long term we should really reimplement cpu_copy by having CPU objects have a method for doing this, rather than accumulating architecture-specific hacks. But since in practice I only see leaks in 'make check-tcg' for MIPS, this series takes the simpler approach of moving the fields of CPUMIPSState that cannot be shallow-copied and that are used in user-only mode out to the MIPSCPU struct. There are only two to move: mvp_init and count_clock. The remaining pointer fields in CPUMIPSState are: * several fields inside the !defined(CONFIG_USER_ONLY) block * cpu_model, which is always equal to MIPSCPUClass::cpu_def and so can be shallow-copied * timer, which is only set in system-emulation and is NULL in user-only mode This patchset does the two moves of fields out of the env struct, and adds an unrealize method where we can free the mvp struct that we would otherwise leak. thanks -- PMM Peter Maydell (3): target/mips: Move 'mvp' field from CPUMIPSState to MIPSCPU target/mips: Free mvp in unrealize target/mips: Move count_clock to MIPSCPU struct hw/mips/malta.c | 4 ++-- target/mips/cpu-defs.c.inc | 10 +++++---- target/mips/cpu.c | 18 ++++++++++++--- target/mips/cpu.h | 6 +++-- target/mips/internal.h | 3 ++- target/mips/system/cp0_timer.c | 12 ++++++---- target/mips/system/machine.c | 2 +- target/mips/tcg/system/cp0_helper.c | 35 ++++++++++++++++++----------- target/mips/tcg/translate.c | 6 +++-- 9 files changed, 64 insertions(+), 32 deletions(-) -- 2.43.0
