From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id CC73F3777; Wed, 19 Apr 2017 10:46:37 +0200 (CEST) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Apr 2017 01:46:36 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.37,220,1488873600"; d="scan'208";a="1137564539" Received: from yliu-dev.sh.intel.com (HELO yliu-dev) ([10.239.67.162]) by fmsmga001.fm.intel.com with ESMTP; 19 Apr 2017 01:46:35 -0700 Date: Wed, 19 Apr 2017 16:43:10 +0800 From: Yuanhan Liu To: dev@dpdk.org Cc: Maxime Coquelin , stable@dpdk.org Message-ID: <20170419084310.GD31523@yliu-dev.sh.intel.com> References: <1492579561-19619-1-git-send-email-yuanhan.liu@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1492579561-19619-1-git-send-email-yuanhan.liu@linux.intel.com> User-Agent: Mutt/1.5.23 (2014-03-12) Subject: Re: [dpdk-stable] [PATCH] vhost: fix dequeue zero copy X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 08:46:38 -0000 On Wed, Apr 19, 2017 at 01:26:01PM +0800, Yuanhan Liu wrote: > For zero copy mode, we need pin the mbuf to not let the underlaying PMD > driver (or the app) free the mbuf. Currently, only the heading mbuf is > pinned. However, the mbuf free function would try to free all mbufs > in the mbuf chain (-1 to the refcnt). This may lead the head mbuf being > still pinned, while the other subsequent mbufs are actually freed. Which > is wrong. > > It becomes more fatal after the mbuf refactor, more specificly, after > the commit 8f094a9ac5d7 ("mbuf: set mbuf fields while in pool"). The > refcnt resets to 1 after the last real reference. OTOH, it leads to a > situtation that we never know one mbuf is actually freed or not. This > would result the mbuf __just__ after the heading mbuf being freed twice: > it's firstly freed (and put back to mempool) when the underlaying PMD > finishes the DMA. Later, it will then be freed again when vhost unpins > it. Meaning, one mbuf may be returned to the mempool twice, while in > turn, being allocated twice later. Something uncertain may happen then. > For example, the VM2VM case becomes broken. > > Fixes: b0a985d1f340 ("vhost: add dequeue zero copy") > > Cc: stable@dpdk.org > Signed-off-by: Yuanhan Liu Applied to dpdk-next-virtio. --yliu