From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id ECBF6455D8 for ; Tue, 9 Jul 2024 09:26:29 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E736B42EAD; Tue, 9 Jul 2024 09:26:29 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id B81CA40DD6 for ; Tue, 9 Jul 2024 09:26:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1720509987; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AHW5FmFKV5og77p2foVk4dlftWM/mu8kXXFAov12/2A=; b=gfOIsAfcy9/o6BPnwR7r6rRRFoJ60hMxGLGnYacePDPofLQ6eE+YSma7iN6x10GgkMw7yR jUqJJM1Y5edKGZihAnn7D5S0fQGTyQfiG88Smg1shuT2TnLZCjzA0B/KTdTbkQGMLOrn2Y 8XuPxdXSEbQ8oq6VZNHFW8VyrRyf1J8= Received: from mail-lj1-f200.google.com (mail-lj1-f200.google.com [209.85.208.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-187-adngozqkPYuNudV78swyAQ-1; Tue, 09 Jul 2024 03:26:25 -0400 X-MC-Unique: adngozqkPYuNudV78swyAQ-1 Received: by mail-lj1-f200.google.com with SMTP id 38308e7fff4ca-2ee95497b77so37914901fa.1 for ; Tue, 09 Jul 2024 00:26:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720509984; x=1721114784; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AHW5FmFKV5og77p2foVk4dlftWM/mu8kXXFAov12/2A=; b=w+pb9F1bK1NsDeSKG43oOu/95wdRuW6GWIzbSAAu7mZEnti765HS3H91byvmdaUkV0 vt3oi53S2PMxmzHGrZI3xSi40rmIPG2nr3yVfRkgfY+42Tu92+1jyb77OO0BNwhGocQk Z/p8txw68U3s91C/OlUYlrjX4Jqnsy0v+wRFoo9YvAxiVugovmLmKKNnuB1yxUwfOak2 4w97lFc9FjXq0y4Z2VZppKiOL9ZLT4vwX4qiyx+34aKiDK+jz1OUnkZpDfZMsWWs6lxG 0MSUv6/d56U80DjwlLJUmtsTqznoOJlE4tzp7Jv8/o/DPveZwFNTDEVqkGsadD8vxxQm ggRA== X-Forwarded-Encrypted: i=1; AJvYcCXpBB7+L5WF1Yy03AG39PBpaN0LjAsUqO3j4rg25lwMz+jCVuK1e+BfO76y7hU4kIv/aJmwTC5CzivHwCCNbPY= X-Gm-Message-State: AOJu0YyoTKIxtWehGVCMTz7pfx5ViVs7tWY0T80QIL3x+Pf/rU1DaiQc AdY+0s9QdLiORFqfkx3wj+kiiZrpaswKLzNZ0Ak32Uy2ZvN2Hd/g+Yl8pVSabWHl+UG4tAu62zZ DHNveuUR4JNSTDl1YLc8xJ+FCqs6eqU7j714KqTq1wG1iQUh3d+b4ruhddyG/76R8tgNoJI2eD4 MXXEIngSUvnfo55p+mQOM= X-Received: by 2002:a05:651c:11c7:b0:2ee:4623:93e with SMTP id 38308e7fff4ca-2eeb30e398cmr12857451fa.20.1720509984249; Tue, 09 Jul 2024 00:26:24 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFDSLUSprmkwqfafiXayY+82RpRKNyM8vr+H23qpfo5tZmMQCP+E/JalkCJgbsNCG/mluOqPSfqkZc5Gzql5t8= X-Received: by 2002:a05:651c:11c7:b0:2ee:4623:93e with SMTP id 38308e7fff4ca-2eeb30e398cmr12857321fa.20.1720509983882; Tue, 09 Jul 2024 00:26:23 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: David Marchand Date: Tue, 9 Jul 2024 09:26:12 +0200 Message-ID: Subject: Re: [PATCH v4] vhost: fix crash caused by accessing a freed vsocket To: Gongming Chen Cc: maxime.coquelin@redhat.com, chenbox@nvidia.com, dev@dpdk.org, Gongming Chen , stable@dpdk.org, Thomas Monjalon X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hello, On Mon, Jul 8, 2024 at 6:41=E2=80=AFAM Gongming Chen wrote: > > From: Gongming Chen > > When a vhost user message handling error in the event dispatch thread, > vsocket reconn is added to the reconnection list of the reconnection > thread. > Since the reconnection, event dispatching and app configuration thread > do not have common thread protection restrictions, the app config > thread freed vsocket in the rte_vhost_driver_unregister process, > but vsocket reconn can still exist in the reconn_list through this > mechanism. > Then in the reconnection thread, the vsocket is connected again and > conn is added to the dispatch thread. > Finally, the vsocket that has been freed by rte_vhost_driver_unregister > is accessed again in the event dispatch thread, resulting in a > use-after-free error. > > This patch adds a vhost threads read-write lock to restrict > reconnection, event dispatching and app configuration threads. > When the vhost driver unregisters, it exclusively holds the lock to > safely free the vsocket. > > #0 0x0000000000000025 in ?? () > #1 0x0000000003ed7ca0 in vhost_user_read_cb at lib/vhost/socket.c:323 > #2 0x0000000003ed625f in fdset_event_dispatch at lib/vhost/fd_man.c:365 > > Fixes: e623e0c6d8a5 ("vhost: add vhost-user client mode") > Cc: stable@dpdk.org > > Signed-off-by: Gongming Chen Maxime is off for the coming weeks. Adding one lock is risky at this point of the release, especially as it is mixed with other locks. I prefer not to take this fix without an in depth review, and ideally a ack from Maxime. I marked this patch as deferred to the next release. --=20 David Marchand