From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D7073A034C for ; Mon, 28 Mar 2022 09:04:55 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D093741141; Mon, 28 Mar 2022 09:04:55 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id C484C4285A for ; Mon, 28 Mar 2022 09:04:54 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1648451094; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=5wuEpWgEzWEjYuCvoEtqzGZa5Bq/xIlcL+DdWFCNYDU=; b=BP3AFerWR76fVBGEPezEqvZLeHlug5SHac8mxTZP7bPfi2obI5Hk3oiOsTz8hyJB0a85PH 828ySlj9jQV+4SWyKSR+wc8gEtjeVeq81Ma2ICyX/C63zZjxBWPdoaGRFl8KdAq8cYnIgc 6jx+zF7bON1Ao8kJ5x843uorNZbiVrw= Received: from mail-lj1-f197.google.com (mail-lj1-f197.google.com [209.85.208.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-91-Kuso8o6nP_CiX714CzLvWw-1; Mon, 28 Mar 2022 03:04:52 -0400 X-MC-Unique: Kuso8o6nP_CiX714CzLvWw-1 Received: by mail-lj1-f197.google.com with SMTP id h4-20020a2ea484000000b002480c04898aso5571182lji.6 for ; Mon, 28 Mar 2022 00:04:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5wuEpWgEzWEjYuCvoEtqzGZa5Bq/xIlcL+DdWFCNYDU=; b=TZahTf1MC+NG1V2r/pt1e00v4iv8Ht5i3qCr9UK4D7D/rCGzMvuM1WM1gs3EPvDjJX /X330hn966X8Iz2zgmX/masC6O32P0+pXDPdjoYg40hQkdP8Ww1feSB2PP+UgDXD0L4o bX15aTBSbe1Jb68sScBn9IciuTLTu8uMcFZNDrO0F0BJ5s3QJZl1PJifXoD1TgGEXnan 79Vnjdb8FG7OAjIwkYBnAsSbGfCDWbvpphcpxalfYwJrKL6UMBa0iuv0p5DQFmvA4z5A SvCWPoUPvwxFIFbD+LgBcs3/yW2/hKnHOng5HCgRrciUQQG8rfPo4R2O0LMBbJZpThsv yvwA== X-Gm-Message-State: AOAM532mvbchXBELo1+59lHS51LPwyVdaTKkyd5nz+TXMnpJGQ53gakm LiPsAWTAyL4Qwsc1GFVNJy8+C9ph+cJgr3yThJeuUSdRdfvGeB5ahUCwZDj48IEtI3GG3f9vTV7 1+JJneEF963UsWJtlK+LW+L8= X-Received: by 2002:a05:651c:201e:b0:24a:c0b6:31a4 with SMTP id s30-20020a05651c201e00b0024ac0b631a4mr10809584ljo.159.1648451091498; Mon, 28 Mar 2022 00:04:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzvjtMqouJRuHWQElDbHBDrf66L2gfTlcHCkklx1yN3QRIYUGkVyz9G1FtI4WZB0mJgC+LJA5ZhxwLwwb8Dxx4= X-Received: by 2002:a05:651c:201e:b0:24a:c0b6:31a4 with SMTP id s30-20020a05651c201e00b0024ac0b631a4mr10809568ljo.159.1648451091277; Mon, 28 Mar 2022 00:04:51 -0700 (PDT) MIME-Version: 1.0 References: <20220328020754.1155063-1-jiayu.hu@intel.com> In-Reply-To: <20220328020754.1155063-1-jiayu.hu@intel.com> From: David Marchand Date: Mon, 28 Mar 2022 09:04:39 +0200 Message-ID: Subject: Re: [PATCH] vhost: fix null pointer dereference To: Jiayu Hu Cc: dev , Maxime Coquelin , dpdk stable Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dmarchan@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="UTF-8" X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org On Mon, Mar 28, 2022 at 4:08 AM Jiayu Hu wrote: > > NULL check for vq->async must be protected by lock. Otherwise, it is > possible that the data plane thread dereferences vq->async with NULL > value, since the control plane thread is freeing vq->async. > > Fixes: ee8024b3d4ad (vhost: move async data in dedicated structure) > Cc: stable@dpdk.org > > Signed-off-by: Jiayu Hu > --- > lib/vhost/vhost.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/lib/vhost/vhost.c b/lib/vhost/vhost.c > index bc88148347..7f60c2824f 100644 > --- a/lib/vhost/vhost.c > +++ b/lib/vhost/vhost.c > @@ -1887,9 +1887,6 @@ rte_vhost_async_get_inflight(int vid, uint16_t queue_id) > if (vq == NULL) > return ret; > > - if (!vq->async) > - return ret; > - > if (!rte_spinlock_trylock(&vq->access_lock)) { > VHOST_LOG_CONFIG(DEBUG, > "(%s) failed to check in-flight packets. virtqueue busy.\n", > @@ -1897,6 +1894,9 @@ rte_vhost_async_get_inflight(int vid, uint16_t queue_id) > return ret; > } > > + if (!vq->async) > + return ret; Lock is still taken at this point. FYI, I'll post a series to instrument locks in vhost, soon. > + > ret = vq->async->pkts_inflight_n; > rte_spinlock_unlock(&vq->access_lock); > -- David Marchand