On Fri, 6 Jan 2023 at 19:45, Richard Henderson <richard.hender...@linaro.org> wrote: > > Do not encode the pointer as a constant in the opcode stream. > This pointer is specific to the cpu that first generated the > translation, which runs into problems with both hot-pluggable > cpus and user-only threads, as cpus are removed. > > Perform the lookup in either helper_access_check_cp_reg, > or a new helper_lookup_cp_reg.
As well as the use-after-free, this is also a correctness bug, isn't it? If we hardwire in the cpregs pointer for CPU 0 into the TB, and then CPU 1 with a slightly different config executes the TB, it will get the cpregs of CPU 0, not its own, so it might see a register it should not or vice-versa. So I think we need this patch anyway, even if we're going to try to do something to improve sharing of cpreg hashtables across CPUs. Reviewed-by: Peter Maydell <peter.mayd...@linaro.org> thanks -- PMM
