[PATCH 19.11] service: fix early move to inactive status

patches for DPDK stable branches
 help / color / mirror / Atom feed

* [PATCH 19.11] service: fix early move to inactive status
@ 2022-11-16 18:34 Erik Gabriel Carrillo
  2022-11-17  7:40 ` Christian Ehrhardt
  0 siblings, 1 reply; 2+ messages in thread
From: Erik Gabriel Carrillo @ 2022-11-16 18:34 UTC (permalink / raw)
  To: harry.van.haaren; +Cc: stable

[ upstream commit 329280c53e6d09002b67e4d052fe27a952bd19cf ]

Assume thread T2 is a service lcore that is in the middle of executing
a service function.  Also, assume thread T1 concurrently calls
rte_service_lcore_stop(), which will set the "service_active_on_lcore"
state to false.  If thread T1 then calls rte_service_may_be_active(),
it can return zero even though T2 is still running the service function.
If T1 then proceeds to free data being used by T2, a crash can ensue.

Move the logic that clears the "service_active_on_lcore" state from the
rte_service_lcore_stop() function to the service_runner_func() to
ensure that we:
- don't let the "service_active_on_lcore" state linger as 1
- don't clear the state early

Fixes: 3d3bcdcee4 ("service: fix lingering active status")

Signed-off-by: Erik Gabriel Carrillo <erik.g.carrillo@intel.com>
---
 lib/librte_eal/common/rte_service.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/librte_eal/common/rte_service.c b/lib/librte_eal/common/rte_service.c
index d11027fcb..11cd5a538 100644
--- a/lib/librte_eal/common/rte_service.c
+++ b/lib/librte_eal/common/rte_service.c
@@ -447,6 +447,12 @@ service_runner_func(void *arg)
 		rte_smp_rmb();
 	}
 
+	/* Switch off this core for all services, to ensure that future
+	 * calls to may_be_active() know this core is switched off.
+	 */
+	for (i = 0; i < RTE_SERVICE_NUM_MAX; i++)
+		cs->service_active_on_lcore[i] = 0;
+
 	return 0;
 }
 
@@ -717,11 +723,6 @@ rte_service_lcore_stop(uint32_t lcore)
 		int32_t only_core = (1 ==
 			rte_atomic32_read(&rte_services[i].num_mapped_cores));
 
-		/* Switch off this core for all services, to ensure that future
-		 * calls to may_be_active() know this core is switched off.
-		 */
-		cs->service_active_on_lcore[i] = 0;
-
 		/* if the core is mapped, and the service is running, and this
 		 * is the only core that is mapped, the service would cease to
 		 * run if this core stopped, so fail instead.
-- 
2.23.0


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH 19.11] service: fix early move to inactive status
  2022-11-16 18:34 [PATCH 19.11] service: fix early move to inactive status Erik Gabriel Carrillo
@ 2022-11-17  7:40 ` Christian Ehrhardt
  0 siblings, 0 replies; 2+ messages in thread
From: Christian Ehrhardt @ 2022-11-17  7:40 UTC (permalink / raw)
  To: Erik Gabriel Carrillo; +Cc: harry.van.haaren, stable

On Wed, Nov 16, 2022 at 7:34 PM Erik Gabriel Carrillo
<erik.g.carrillo@intel.com> wrote:
>
> [ upstream commit 329280c53e6d09002b67e4d052fe27a952bd19cf ]

Applied, thanks!

> Assume thread T2 is a service lcore that is in the middle of executing
> a service function.  Also, assume thread T1 concurrently calls
> rte_service_lcore_stop(), which will set the "service_active_on_lcore"
> state to false.  If thread T1 then calls rte_service_may_be_active(),
> it can return zero even though T2 is still running the service function.
> If T1 then proceeds to free data being used by T2, a crash can ensue.
>
> Move the logic that clears the "service_active_on_lcore" state from the
> rte_service_lcore_stop() function to the service_runner_func() to
> ensure that we:
> - don't let the "service_active_on_lcore" state linger as 1
> - don't clear the state early
>
> Fixes: 3d3bcdcee4 ("service: fix lingering active status")
>
> Signed-off-by: Erik Gabriel Carrillo <erik.g.carrillo@intel.com>
> ---
>  lib/librte_eal/common/rte_service.c | 11 ++++++-----
>  1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/lib/librte_eal/common/rte_service.c b/lib/librte_eal/common/rte_service.c
> index d11027fcb..11cd5a538 100644
> --- a/lib/librte_eal/common/rte_service.c
> +++ b/lib/librte_eal/common/rte_service.c
> @@ -447,6 +447,12 @@ service_runner_func(void *arg)
>                 rte_smp_rmb();
>         }
>
> +       /* Switch off this core for all services, to ensure that future
> +        * calls to may_be_active() know this core is switched off.
> +        */
> +       for (i = 0; i < RTE_SERVICE_NUM_MAX; i++)
> +               cs->service_active_on_lcore[i] = 0;
> +
>         return 0;
>  }
>
> @@ -717,11 +723,6 @@ rte_service_lcore_stop(uint32_t lcore)
>                 int32_t only_core = (1 ==
>                         rte_atomic32_read(&rte_services[i].num_mapped_cores));
>
> -               /* Switch off this core for all services, to ensure that future
> -                * calls to may_be_active() know this core is switched off.
> -                */
> -               cs->service_active_on_lcore[i] = 0;
> -
>                 /* if the core is mapped, and the service is running, and this
>                  * is the only core that is mapped, the service would cease to
>                  * run if this core stopped, so fail instead.
> --
> 2.23.0
>


-- 
Christian Ehrhardt
Senior Staff Engineer, Ubuntu Server
Canonical Ltd

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2022-11-17  7:40 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-16 18:34 [PATCH 19.11] service: fix early move to inactive status Erik Gabriel Carrillo
2022-11-17  7:40 ` Christian Ehrhardt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).