From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 42EDAA0513; Thu, 16 Jan 2020 03:08:15 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 7C6F61C194; Thu, 16 Jan 2020 03:08:14 +0100 (CET) Received: from m12-11.163.com (m12-11.163.com [220.181.12.11]) by dpdk.org (Postfix) with ESMTP id 285061C130; Thu, 16 Jan 2020 03:08:11 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=HBssOeYyzY1zuGXlfo 5aGdSqmU6WA/KQrBiGUzZ1gH8=; b=M6KynUi6aGeyRFkdZ33z18SDalieZfROf1 X46HTTq+q1IF98de4klcbVEv59Eiax97tnvQIXL+Y4UkSYYEGXIJudmgbfjMohr2 YbrqY41KAfouhXzDTQK6R9iWjKwFSEx9PO6o44d3toawLSPz5/kDeEDDhfP/+xYN 0bGQ/tkUE= Received: from localhost.localdomain (unknown [106.38.115.16]) by smtp7 (Coremail) with SMTP id C8CowABHQ0ODxR9enceIHQ--.61685S2; Thu, 16 Jan 2020 10:08:07 +0800 (CST) From: Zhike Wang To: dev@dpdk.org Cc: maxime.coquelin@redhat.com, tiwei.bie@intel.com, zhihong.wang@intel.com, stable@dpdk.org, Zhike Wang Date: Thu, 16 Jan 2020 10:07:37 +0800 Message-Id: <1579140457-14805-1-git-send-email-wangzhike@jd.com> X-Mailer: git-send-email 1.8.3.1 X-CM-TRANSID: C8CowABHQ0ODxR9enceIHQ--.61685S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7WFyrWr43AFW7GF47Xry5Jwb_yoW8GF1UpF yUtFy3Jr97JwnYvFZxua15X340k3Wku3W7G3s7G3W8Aw4DGw4Yq39Y93W09r17JFWkAFyU AF4jgw4a9F4jk3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jfUUUUUUUU= X-Originating-IP: [106.38.115.16] X-CM-SenderInfo: pzdqw6bntsiqqrwthudrp/1tbiTgesulUDB8FKWgAAsf Subject: [dpdk-dev] [PATCH] vhost:fix crash on port deletion and VM shutdown at same time X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" The vhost_user_read_cb() and rte_vhost_driver_unregister() can be called at the same time by 2 threads. Eg thread1 calls vhost_user_read_cb() and removes the vsocket from conn_list, then thread2 calls rte_vhost_driver_unregister() and frees the vsocket since it is NOT in the conn_list. So thread1 will access invalid memory when trying to reconnect. The fix is to move the "removing of vsocket from conn_list" to end of the vhost_user_read_cb(), then avoid the race condition. The core trace is Program terminated with signal 11, Segmentation fault. Signed-off-by: Zhike Wang --- lib/librte_vhost/socket.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/librte_vhost/socket.c b/lib/librte_vhost/socket.c index ebb2ff6..01a9dec 100644 --- a/lib/librte_vhost/socket.c +++ b/lib/librte_vhost/socket.c @@ -318,16 +318,16 @@ struct vhost_user { vhost_destroy_device(conn->vid); + if (vsocket->reconnect) { + create_unix_socket(vsocket); + vhost_user_start_client(vsocket); + } + pthread_mutex_lock(&vsocket->conn_mutex); TAILQ_REMOVE(&vsocket->conn_list, conn, next); pthread_mutex_unlock(&vsocket->conn_mutex); free(conn); - - if (vsocket->reconnect) { - create_unix_socket(vsocket); - vhost_user_start_client(vsocket); - } } } -- 1.8.3.1