fridtjof/qemu-cr16
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

linux-user/syscall.c: Prevent acquiring clone_lock while fork()

Browse source 
By the spec, fork() copies only the thread which executes it.
So it may happen, what while one thread is doing a fork,
another thread is holding `clone_lock` mutex
(e.g. doing a `fork()` or `exit()`).
So the child process is born with the mutex being held,
and there are nobody to release it.

As the thread executing do_syscall() is not considered running,
start_exclusive() does not protect us from the case.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3226
Signed-off-by: Aleksandr Sergeev <sergeev0xef@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260126151612.2176451-1-sergeev0xef@gmail.com>
(cherry picked from commit d22e9aec572396836782e993cb18d598e6012688)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This commit is contained in:
Aleksandr Sergeev 2026-01-26 18:16:12 +03:00 committed by Michael Tokarev
parent ba31a6fca7
commit 1af5215667
3 changed files with 18 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
linux-user/main.c
View file

@ -145,6 +145,7 @@ unsigned long guest_stack_size = TARGET_DEFAULT_STACK_SIZE;
void fork_start(void) void fork_start(void)
{ {
start_exclusive(); start_exclusive();
clone_fork_start();
mmap_fork_start(); mmap_fork_start();
cpu_list_lock(); cpu_list_lock();
qemu_plugin_user_prefork_lock(); qemu_plugin_user_prefork_lock();
@ -174,6 +175,7 @@ void fork_end(pid_t pid)
cpu_list_unlock(); cpu_list_unlock();
} }
gdbserver_fork_end(thread_cpu, pid); gdbserver_fork_end(thread_cpu, pid);
clone_fork_end(child);
/* /*
* qemu_init_cpu_list() reinitialized the child exclusive state, but we * qemu_init_cpu_list() reinitialized the child exclusive state, but we
* also need to keep current_cpu consistent, so call end_exclusive() for * also need to keep current_cpu consistent, so call end_exclusive() for

14
linux-user/syscall.c
View file

@ -6853,6 +6853,20 @@ static void *clone_func(void *arg)
return NULL; return NULL;
} }
void clone_fork_start(void)
{
pthread_mutex_lock(&clone_lock);
}
void clone_fork_end(bool child)
{
if (child) {
pthread_mutex_init(&clone_lock, NULL);
} else {
pthread_mutex_unlock(&clone_lock);
}
}
/* do_fork() Must return host values and target errnos (unlike most /* do_fork() Must return host values and target errnos (unlike most
do_*() functions). */ do_*() functions). */
static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp, static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,

2
linux-user/user-internals.h
View file

@ -69,6 +69,8 @@ abi_long get_errno(abi_long ret);
const char *target_strerror(int err); const char *target_strerror(int err);
int get_osversion(void); int get_osversion(void);
void init_qemu_uname_release(void); void init_qemu_uname_release(void);
void clone_fork_start(void);
void clone_fork_end(bool child);
void fork_start(void); void fork_start(void);
void fork_end(pid_t pid); void fork_end(pid_t pid);