By the spec, fork() copies only the thread which executes it.
So it may happen, what while one thread is doing a fork,
another thread is holding `clone_lock` mutex
(e.g. doing a `fork()` or `exit()`).
So the child process is born with the mutex being held,
and there are nobody to release it.
As the thread executing do_syscall() is not considered running,
start_exclusive() does not protect us from the case.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3226
Signed-off-by: Aleksandr Sergeev <sergeev0xef@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <
20260126151612.
2176451-1-sergeev0xef@gmail.com>
void fork_start(void)
{
start_exclusive();
+ clone_fork_start();
mmap_fork_start();
cpu_list_lock();
qemu_plugin_user_prefork_lock();
cpu_list_unlock();
}
gdbserver_fork_end(thread_cpu, pid);
+ clone_fork_end(child);
/*
* qemu_init_cpu_list() reinitialized the child exclusive state, but we
* also need to keep current_cpu consistent, so call end_exclusive() for
return NULL;
}
+void clone_fork_start(void)
+{
+ pthread_mutex_lock(&clone_lock);
+}
+
+void clone_fork_end(bool child)
+{
+ if (child) {
+ pthread_mutex_init(&clone_lock, NULL);
+ } else {
+ pthread_mutex_unlock(&clone_lock);
+ }
+}
+
/* do_fork() Must return host values and target errnos (unlike most
do_*() functions). */
static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
const char *target_strerror(int err);
int get_osversion(void);
void init_qemu_uname_release(void);
+void clone_fork_start(void);
+void clone_fork_end(bool child);
void fork_start(void);
void fork_end(pid_t pid);
projects / thirdparty / qemu.git / commitdiff
