From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 23487567F for ; Fri, 21 Apr 2017 08:23:13 +0200 (CEST) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Apr 2017 23:23:12 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.37,229,1488873600"; d="scan'208";a="77100572" Received: from yliu-dev.sh.intel.com ([10.239.67.162]) by orsmga002.jf.intel.com with ESMTP; 20 Apr 2017 23:23:12 -0700 From: Yuanhan Liu To: Yuanhan Liu Cc: dpdk stable Date: Fri, 21 Apr 2017 14:19:39 +0800 Message-Id: <1492755587-28967-14-git-send-email-yuanhan.liu@linux.intel.com> X-Mailer: git-send-email 1.9.0 In-Reply-To: <1492755587-28967-1-git-send-email-yuanhan.liu@linux.intel.com> References: <1492755587-28967-1-git-send-email-yuanhan.liu@linux.intel.com> Subject: [dpdk-stable] patch 'vhost: fix dequeue zero copy' has been queued to LTS release 16.11.2 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 06:23:13 -0000 Hi, FYI, your patch has been queued to LTS release 16.11.2 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 04/26/17. So please shout if anyone has objections. Thanks. --yliu --- >>From 0b107b3d6023fb690a7dbd3e500a87807cfa9060 Mon Sep 17 00:00:00 2001 From: Yuanhan Liu Date: Wed, 19 Apr 2017 13:26:01 +0800 Subject: [PATCH] vhost: fix dequeue zero copy [ upstream commit 84ad6e44915a797cbab81c3042c600955ca75408 ] For zero copy mode, we need pin the mbuf to not let the underlaying PMD driver (or the app) free the mbuf. Currently, only the heading mbuf is pinned. However, the mbuf free function would try to free all mbufs in the mbuf chain (-1 to the refcnt). This may lead the head mbuf being still pinned, while the other subsequent mbufs are actually freed. Which is wrong. It becomes more fatal after the mbuf refactor, more specificly, after the commit 8f094a9ac5d7 ("mbuf: set mbuf fields while in pool"). The refcnt resets to 1 after the last real reference. OTOH, it leads to a situtation that we never know one mbuf is actually freed or not. This would result the mbuf __just__ after the heading mbuf being freed twice: it's firstly freed (and put back to mempool) when the underlaying PMD finishes the DMA. Later, it will then be freed again when vhost unpins it. Meaning, one mbuf may be returned to the mempool twice, while in turn, being allocated twice later. Something uncertain may happen then. For example, the VM2VM case becomes broken. Fixes: b0a985d1f340 ("vhost: add dequeue zero copy") Signed-off-by: Yuanhan Liu --- lib/librte_vhost/virtio_net.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c index d0a3b11..ea027f1 100644 --- a/lib/librte_vhost/virtio_net.c +++ b/lib/librte_vhost/virtio_net.c @@ -905,6 +905,8 @@ copy_desc_to_mbuf(struct virtio_net *dev, struct vring_desc *descs, "allocate memory for mbuf.\n"); return -1; } + if (unlikely(dev->dequeue_zero_copy)) + rte_mbuf_refcnt_update(cur, 1); prev->next = cur; prev->data_len = mbuf_offset; -- 1.9.0