Looking at tcg.c line 784 is here:
ster_thread(void)
{
TCGContext *s = g_malloc(sizeof(*s));
unsigned int i, n;
*s = tcg_init_ctx;
/* Relink mem_base. */
for (i = 0, n = tcg_init_ctx.nb_globals; i < n; ++i) {
if (tcg_init_ctx.temps[i].mem_base) {
ptrdiff_t b = tcg_init_ctx.temps[i].mem_base - tcg_init_ctx.temps;
tcg_debug_assert(b >= 0 && b < n);
s->temps[i].mem_base = &s->temps[b];
}
}
/* Claim an entry in tcg_ctxs */
n = qatomic_fetch_inc(&tcg_cur_ctxs);
g_assert(n < tcg_max_ctxs); <<<
qatomic_set(&tcg_ctxs[n], s);
if (n > 0) {
alloc_tcg_plugin_context(s);
tcg_region_initial_alloc(s);
}
tcg_ctx = s;
}
Any idea why qemu would be crashing here?
Hi Michal,
$ git grep tcg_cur_ctxs
tcg/region.c:409: unsigned int n_ctxs = qatomic_read(&tcg_cur_ctxs);
tcg/region.c:889: unsigned int n_ctxs = qatomic_read(&tcg_cur_ctxs);
tcg/tcg-internal.h:34:extern unsigned int tcg_cur_ctxs;
tcg/tcg.c:241:unsigned int tcg_cur_ctxs;
tcg/tcg.c:806: n = qatomic_fetch_inc(&tcg_cur_ctxs);
tcg/tcg.c:1369: tcg_cur_ctxs = 1;
I don't see a qatomic_dec(&tcg_cur_ctxs) anywhere, so it seems hot
unplugging a vcpu doesn't release the tcg_cur_ctxs refcount. Do we
need a tcg_unregister_thread() function?