On 2/2/23 09:06, Anton Johansson wrote:
Hi,
I was running check-tcg with ASan enabled on master, and ran into
the following use-after-free. There appears to be a race between
jump cache invalidation and thread destruction (?)
I thought I'd post here since I noticed some previous discussion on the
topic, and I'm not sure myself what a proper fix would look like.
Tested on arm/aarch64/x86_64-linux-user.
Here's a snippet of the ASan output:
=================================================================
==187529==ERROR: AddressSanitizer: heap-use-after-free on address 0x62d000f433b0 at pc
0x55cfefe00246 bp 0x7f4725f400b0 sp 0x7f4725f400a0
The fix for this was merged today:
4731f89b3b cpu: free cpu->tb_jmp_cache with RCU
I'd forgotten about this, since the pull request was pending for some time, while we
waited for CI minutes to refresh.
r~
