From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 02C4D455D7; Tue, 9 Jul 2024 09:26:29 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D68D742EA8; Tue, 9 Jul 2024 09:26:28 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id B466A4064C for ; Tue, 9 Jul 2024 09:26:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1720509987; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AHW5FmFKV5og77p2foVk4dlftWM/mu8kXXFAov12/2A=; b=gfOIsAfcy9/o6BPnwR7r6rRRFoJ60hMxGLGnYacePDPofLQ6eE+YSma7iN6x10GgkMw7yR jUqJJM1Y5edKGZihAnn7D5S0fQGTyQfiG88Smg1shuT2TnLZCjzA0B/KTdTbkQGMLOrn2Y 8XuPxdXSEbQ8oq6VZNHFW8VyrRyf1J8= Received: from mail-lj1-f198.google.com (mail-lj1-f198.google.com [209.85.208.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-397-Xcb3jUnmPludw5iQwl6sRg-1; Tue, 09 Jul 2024 03:26:25 -0400 X-MC-Unique: Xcb3jUnmPludw5iQwl6sRg-1 Received: by mail-lj1-f198.google.com with SMTP id 38308e7fff4ca-2ee92048377so48334161fa.2 for ; Tue, 09 Jul 2024 00:26:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720509984; x=1721114784; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AHW5FmFKV5og77p2foVk4dlftWM/mu8kXXFAov12/2A=; b=i8lqsDtAxA0LVMTcE+YTck3RoEo/fXal+VcNuAcdlz8rRyLWNwYwcZzqYvFiU64gI8 cFfSw+vD8a8y3eODygwsGmfXG1GDTsQVetQb8X12HkVM60wGdKE9UMj5JZ8wQVk9XCfS shFN2nxbIp6ariben42U/X44fbH3Y2bD69OREStrILVRSmENpDESGCE8J/J3zpewwYSc PxFaR63245u/Qz3joI3ERlLo4lKqTS7d5nCUbtG2ZJwLKgrwVkRJP7B/XAiNhvZ03b18 i470eUI3xgn3SO1IQwC8VF+8+W15nV+5aPwCZM8ZpBmuHJxANEOcp6WPE2Qga6TwLdn9 2UWw== X-Forwarded-Encrypted: i=1; AJvYcCUZxtLcRphuGiX9ZkJ9eCXB32boqMYvnCXQkiZFA16aeoETOGmfWUZ7jLeUA/pNEHIPEl5d1NhYNBG5Paw= X-Gm-Message-State: AOJu0YyKOSoa04+3gUyTHtGVR+AFGtbfBndN9jfvqPxB5PvXN2NUHNwW 5oDmnvzfAenSv112Jgfesp1CoSiQedJY89e1uk0MnyLZqECnNBeHHlczkeMrxaSAeBf8HjsHZtt 6ReUakOCNRy3gsyIyOoyeGIniLiRiMm5Wgrn7/5xpsds8k5O94qi2yRUrMHqnJURBlyU3BNrYi5 w/NFQ1bHz1J5FleGI= X-Received: by 2002:a05:651c:11c7:b0:2ee:4623:93e with SMTP id 38308e7fff4ca-2eeb30e398cmr12857431fa.20.1720509984246; Tue, 09 Jul 2024 00:26:24 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFDSLUSprmkwqfafiXayY+82RpRKNyM8vr+H23qpfo5tZmMQCP+E/JalkCJgbsNCG/mluOqPSfqkZc5Gzql5t8= X-Received: by 2002:a05:651c:11c7:b0:2ee:4623:93e with SMTP id 38308e7fff4ca-2eeb30e398cmr12857321fa.20.1720509983882; Tue, 09 Jul 2024 00:26:23 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: David Marchand Date: Tue, 9 Jul 2024 09:26:12 +0200 Message-ID: Subject: Re: [PATCH v4] vhost: fix crash caused by accessing a freed vsocket To: Gongming Chen Cc: maxime.coquelin@redhat.com, chenbox@nvidia.com, dev@dpdk.org, Gongming Chen , stable@dpdk.org, Thomas Monjalon X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Hello, On Mon, Jul 8, 2024 at 6:41=E2=80=AFAM Gongming Chen wrote: > > From: Gongming Chen > > When a vhost user message handling error in the event dispatch thread, > vsocket reconn is added to the reconnection list of the reconnection > thread. > Since the reconnection, event dispatching and app configuration thread > do not have common thread protection restrictions, the app config > thread freed vsocket in the rte_vhost_driver_unregister process, > but vsocket reconn can still exist in the reconn_list through this > mechanism. > Then in the reconnection thread, the vsocket is connected again and > conn is added to the dispatch thread. > Finally, the vsocket that has been freed by rte_vhost_driver_unregister > is accessed again in the event dispatch thread, resulting in a > use-after-free error. > > This patch adds a vhost threads read-write lock to restrict > reconnection, event dispatching and app configuration threads. > When the vhost driver unregisters, it exclusively holds the lock to > safely free the vsocket. > > #0 0x0000000000000025 in ?? () > #1 0x0000000003ed7ca0 in vhost_user_read_cb at lib/vhost/socket.c:323 > #2 0x0000000003ed625f in fdset_event_dispatch at lib/vhost/fd_man.c:365 > > Fixes: e623e0c6d8a5 ("vhost: add vhost-user client mode") > Cc: stable@dpdk.org > > Signed-off-by: Gongming Chen Maxime is off for the coming weeks. Adding one lock is risky at this point of the release, especially as it is mixed with other locks. I prefer not to take this fix without an in depth review, and ideally a ack from Maxime. I marked this patch as deferred to the next release. --=20 David Marchand