FEXCore: Fixes circular dependency with thunk callback

Sonicadvance1 · Sonicadvance1 · commit 817a927e317b · 2026-01-07T12:03:19.000-08:00
Fixes crash in thunks that use callbacks, introduced in FEX-Emu#5148. The dispatcher would call the syscallhandler to get the VDSO thunk callback. But due to reordering initialization, the VDSO thunk would have not been loaded at that point. This would cause thunks that use callbacks to crash with a nullptr exception. Instead, defer the thunk callback pointer loading until the thread starts executing, and load the pointer in to our thread state's pointer struct instead. Didn't get caught in my initial test sweep since I didn't run a Wine game with thunks.
diff --git a/FEXCore/Source/Interface/Core/Core.cpp b/FEXCore/Source/Interface/Core/Core.cpp
@@ -363,6 +363,9 @@ void ContextImpl::HandleCallback(FEXCore::Core::InternalThreadState* Thread, uin
 }
 
 void ContextImpl::ExecuteThread(FEXCore::Core::InternalThreadState* Thread) {
+  // Update the thread pointer for Thunk return to the latest.
+  Thread->CurrentFrame->Pointers.AArch64.ThunkCallbackRet = SignalDelegation->GetThunkCallbackRET();
+
   Dispatcher->ExecuteDispatch(Thread->CurrentFrame);
 
   // If it is the parent thread that died then just leave
diff --git a/FEXCore/Source/Interface/Core/Dispatcher/Dispatcher.cpp b/FEXCore/Source/Interface/Core/Dispatcher/Dispatcher.cpp
@@ -488,7 +488,7 @@ void Dispatcher::EmitDispatcher() {
 
     // Now push the callback return trampoline to the guest stack
     // Guest will be misaligned because calling a thunk won't correct the guest's stack once we call the callback from the host
-    LoadConstant(ARMEmitter::Size::i64Bit, ARMEmitter::Reg::r0, CTX->SignalDelegation->GetThunkCallbackRET());
+    ldr(ARMEmitter::XReg::x0, STATE_PTR(CpuStateFrame, Pointers.AArch64.ThunkCallbackRet));
 
     ldr(ARMEmitter::XReg::x2, STATE_PTR(CpuStateFrame, State.gregs[X86State::REG_RSP]));
     sub(ARMEmitter::Size::i64Bit, ARMEmitter::Reg::r2, ARMEmitter::Reg::r2, CTX->Config.Is64BitMode ? 16 : 12);
diff --git a/FEXCore/include/FEXCore/Core/CoreState.h b/FEXCore/include/FEXCore/Core/CoreState.h
@@ -370,6 +370,7 @@ struct JITPointers {
       // Process specific
       uint64_t LUDIV {};
       uint64_t LDIV {};
+      uint64_t ThunkCallbackRet {};
 
       // Thread Specific
 

Original file line number	Diff line number	Diff line change
`@@ -363,6 +363,9 @@ void ContextImpl::HandleCallback(FEXCore::Core::InternalThreadState* Thread, uin`
`363`	`363`	`}`
`364`	`364`
`365`	`365`	`void ContextImpl::ExecuteThread(FEXCore::Core::InternalThreadState* Thread) {`
	`366`	`+ // Update the thread pointer for Thunk return to the latest.`
	`367`	`+ Thread->CurrentFrame->Pointers.AArch64.ThunkCallbackRet = SignalDelegation->GetThunkCallbackRET();`
	`368`	`+`
`366`	`369`	`Dispatcher->ExecuteDispatch(Thread->CurrentFrame);`
`367`	`370`
`368`	`371`	`// If it is the parent thread that died then just leave`