From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg0-f67.google.com (mail-pg0-f67.google.com [74.125.83.67]) by dpdk.org (Postfix) with ESMTP id 1B2D98E84 for ; Fri, 27 Apr 2018 16:49:06 +0200 (CEST) Received: by mail-pg0-f67.google.com with SMTP id j11-v6so1756254pgf.2 for ; Fri, 27 Apr 2018 07:49:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ZZEIVW954npgJ31V2XXTEesyu3oBve5yxDcma+qMY4U=; b=K1mx9GI7kLgcIIZThFcH6Z9EUs1G98OJOqXSfSSGMjGCu3k3DnE1VESaPyk7DHZdKC Jldl9ACBK4/RRMqotTvpxyWYiMfIPfJB67XUkvJ+e1L3ndNY6pLX+pj42h+oXpKRWgYU //zKU0vaUzK+yNPhR+Iu8KtP1Oir4zBrO5eeVzZg9Q5FmoJvWgNP2glu3i3Nyn2TgxGP z53l3geWyhv7NdqyPLCOyh0v2bg0PfvXt4ns0pCWhegZIBhLySuZ//EStpyg2idwyF9M mhold1azj8IjT7iAFajrzaHXF6bnC5Rt1biLSCLA+PfOpJ1Wo9MCO01oI1u3GL82Kv6O NPrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ZZEIVW954npgJ31V2XXTEesyu3oBve5yxDcma+qMY4U=; b=rvACBk5rynePHzwGDEa7FEL2Q8I3Y5vmxoSi3xJB/pZRJnCAecJ/sRm6svEdkH17jc wXcWbYJY2zg2wqzXo7Q75R59LRbdpvvbnz1iaeIh9hhR39Qyrm5MlL7IOS4Urq3u1A9M ADfHjr/Ag21gaWiKSa2Y1kV6KZahqrztPIeJW/z56ETaTkRUncnYKyBvGzkw0xnsudmT cWaI3RvC9kgwk1gQnk5zQPu9S7SG5G2X0X1nU/fZu8ijLvqjcmZ0wgabbEFTCcqPelQx tuMIDL/exmJc3ZfYEcSN5Pt27SPnfJ9iLufcmy3bnuIz0V3BG6psyOZTCS5oPhkq5GVa 89BQ== X-Gm-Message-State: ALQs6tCvOuDpbBfBNLyZ147czSllvNYRfiyggpSkyxScmTHOfILSvsj6 nXIdle7oiWMCwgGiUj6ojAE= X-Google-Smtp-Source: AB8JxZq+ziByPnrwaGAPAuKmJzBwk3Ukx0cUKKezJ8a1h3/UHsj7JChDdCFyiZS+pzJgF6GUujsoJg== X-Received: by 2002:a63:b008:: with SMTP id h8-v6mr2386313pgf.448.1524840545425; Fri, 27 Apr 2018 07:49:05 -0700 (PDT) Received: from local.opencloud.tech.localdomain ([36.102.208.99]) by smtp.gmail.com with ESMTPSA id v16sm5662845pfj.123.2018.04.27.07.49.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Apr 2018 07:49:04 -0700 (PDT) From: xiangxia.m.yue@gmail.com To: maxime.coquelin@redhat.com, jianfeng.tan@intel.com, yliu@fridaylinux.org Cc: Tonghao Zhang , stable@dpdk.org Date: Fri, 27 Apr 2018 07:48:57 -0700 Message-Id: <1524840538-3941-2-git-send-email-xiangxia.m.yue@gmail.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1524840538-3941-1-git-send-email-xiangxia.m.yue@gmail.com> References: <1524840538-3941-1-git-send-email-xiangxia.m.yue@gmail.com> Subject: [dpdk-stable] [PATCH 2/3] vhost: fix crash and fd leak due to vhostuser destroyed X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2018 14:49:06 -0000 From: Tonghao Zhang when rte_vhost_driver_unregister detstroy the vsocket, we should set it to NULL after freeing it, because in client mode, the conn may be added to reconnect thread while vsocket is destroyed. In one case, if qemu create vhostuser port as a server with the same unix path, the reconnect thread will reconnect to it while vsocket is destroyed. To fix this: 1. set vsocket to NULL after free it. 2. remove the reconnection from reconnection thread in suitable position. Cc: stable@dpdk.org Signed-off-by: Tonghao Zhang --- lib/librte_vhost/socket.c | 38 +++++++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/lib/librte_vhost/socket.c b/lib/librte_vhost/socket.c index 822db41..f388476 100644 --- a/lib/librte_vhost/socket.c +++ b/lib/librte_vhost/socket.c @@ -778,6 +778,20 @@ struct vhost_user_reconnect_list { return ret; } +static void +vhost_user_socket_mem_free(struct vhost_user_socket *vsocket) +{ + if (vsocket && vsocket->path) { + free(vsocket->path); + vsocket->path = NULL; + } + + if (vsocket) { + free(vsocket); + vsocket = NULL; + } +} + /* * Register a new vhost-user socket; here we could act as server * (the default case), or client (when RTE_VHOST_USER_CLIENT) flag @@ -808,7 +822,7 @@ struct vhost_user_reconnect_list { if (vsocket->path == NULL) { RTE_LOG(ERR, VHOST_CONFIG, "error: failed to copy socket path string\n"); - free(vsocket); + vhost_user_socket_mem_free(vsocket); goto out; } TAILQ_INIT(&vsocket->conn_list); @@ -866,8 +880,7 @@ struct vhost_user_reconnect_list { "error: failed to destroy connection mutex\n"); } out_free: - free(vsocket->path); - free(vsocket); + vhost_user_socket_mem_free(vsocket); out: pthread_mutex_unlock(&vhost_user.mutex); @@ -914,14 +927,6 @@ struct vhost_user_reconnect_list { struct vhost_user_socket *vsocket = vhost_user.vsockets[i]; if (!strcmp(vsocket->path, path)) { - if (vsocket->is_server) { - fdset_del(&vhost_user.fdset, vsocket->socket_fd); - close(vsocket->socket_fd); - unlink(path); - } else if (vsocket->reconnect) { - vhost_user_remove_reconnect(vsocket); - } - again: pthread_mutex_lock(&vsocket->conn_mutex); for (conn = TAILQ_FIRST(&vsocket->conn_list); @@ -950,9 +955,16 @@ struct vhost_user_reconnect_list { } pthread_mutex_unlock(&vsocket->conn_mutex); + if (vsocket->is_server) { + fdset_del(&vhost_user.fdset, vsocket->socket_fd); + close(vsocket->socket_fd); + unlink(path); + } else if (vsocket->reconnect) { + vhost_user_remove_reconnect(vsocket); + } + pthread_mutex_destroy(&vsocket->conn_mutex); - free(vsocket->path); - free(vsocket); + vhost_user_socket_mem_free(vsocket); count = --vhost_user.vsocket_cnt; vhost_user.vsockets[i] = vhost_user.vsockets[count]; -- 1.8.3.1