From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg0-f68.google.com (mail-pg0-f68.google.com [74.125.83.68]) by dpdk.org (Postfix) with ESMTP id 518925F3B; Fri, 27 Apr 2018 17:20:40 +0200 (CEST) Received: by mail-pg0-f68.google.com with SMTP id l2-v6so1808588pgc.7; Fri, 27 Apr 2018 08:20:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=mVhavFVaeQedJLeGvtH99aaQRGCJhJ0TRQxBWJYo3Dk=; b=Fl84IFReN7csTXBTJpYqWwJiqBFuAShZs4JPetD78+yTfTrJCyQ8Ym6uVcCX/ue6xA jIir4c9YbL1d+b4esF6WBmjpnOaGJz3xjO/33rrCsZAxcA/pRvsyiwxj11sE23rGNmpQ qoq53yhdCb5lTUEjHU+4jz/+7UHgxd7v92AknzDjRF0KJfm48+8OHyz6fhaQeGN7oF8E ur4E/o8ecC/vKfA3dj4BoFohmAS+iJ88ej28SGr82Hg+IaWsu8TZgGaPDR8sIAe0V2Qe 2SON94VqLJW6lafWeYNWiY6+YynsZcoz1oeG+D/khwIgrCZzOJRomzwGXQyoywRabGUN 2ijg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=mVhavFVaeQedJLeGvtH99aaQRGCJhJ0TRQxBWJYo3Dk=; b=U6Ttx/TIyrNqinZrYxNHsZJKYdwKVDCsl2MF/RQPKUpmAhRbDvaVFPHUBGGb10GTdX sGedWiIK2eKFzEsbv3D9+lZk78HprOJ34w5hZ4qxkuhOsFwyujF2fR5Io4xtnt5910WM 1qszgJ9dMHYP69d5uDMy0upsrV/p1VI1yJiQM1tAPkHlwSBh1aYca1nhJx/GQVGen9Hh XqWMmnyajFgtAVNbFgtrOk6ZS8EyBIXJuh3LX7TbC/pofMQhkzBxzPy75vQzHUdo3fKR itsidVx8vVkwK2eoK2rOQ4pnPjtxSogPnLrA1eASgM+canTsvJlq0dbwpPj933lJakVt ucgA== X-Gm-Message-State: ALQs6tDlspxb4bnN71vlO86HvUuUeE/y7qKZP2W653p1en1UDTHT1Kjo 6dDQbiI2FTWVbhjdTb9JrYpPgoo2 X-Google-Smtp-Source: AB8JxZq58fDNSzVO/MCui5a+0FRnWsmN+YeIl0Nc8Xx5SbYEDhQlCBLA9ZfF9/6V/FI8M5WhPKPvCA== X-Received: by 2002:a17:902:8a:: with SMTP id a10-v6mr2643020pla.89.1524842439647; Fri, 27 Apr 2018 08:20:39 -0700 (PDT) Received: from local.opencloud.tech.localdomain ([183.240.196.59]) by smtp.gmail.com with ESMTPSA id c18-v6sm2887897pgu.63.2018.04.27.08.20.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Apr 2018 08:20:39 -0700 (PDT) From: xiangxia.m.yue@gmail.com To: maxime.coquelin@redhat.com, jianfeng.tan@intel.com, yliu@fridaylinux.org Cc: dev@dpdk.org, Tonghao Zhang , stable@dpdk.org Date: Fri, 27 Apr 2018 08:19:44 -0700 Message-Id: <1524842385-61707-2-git-send-email-xiangxia.m.yue@gmail.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1524842385-61707-1-git-send-email-xiangxia.m.yue@gmail.com> References: <1524842385-61707-1-git-send-email-xiangxia.m.yue@gmail.com> Subject: [dpdk-dev] [PATCH 2/3] vhost: fix crash and fd leak due to vhostuser destroyed X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2018 15:20:40 -0000 From: Tonghao Zhang when rte_vhost_driver_unregister detstroy the vsocket, we should set it to NULL after freeing it, because in client mode, the conn may be added to reconnect thread while vsocket is destroyed. In one case, if qemu create vhostuser port as a server with the same unix path, the reconnect thread will reconnect to it while vsocket is destroyed. To fix this: 1. set vsocket to NULL after free it. 2. remove the reconnection from reconnection thread in suitable position. Cc: stable@dpdk.org Signed-off-by: Tonghao Zhang --- lib/librte_vhost/socket.c | 41 ++++++++++++++++++++++++++++------------- 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/lib/librte_vhost/socket.c b/lib/librte_vhost/socket.c index 822db41..d5a6ac8 100644 --- a/lib/librte_vhost/socket.c +++ b/lib/librte_vhost/socket.c @@ -199,6 +199,9 @@ struct vhost_user { struct vhost_user_connection *conn; int ret; + if (vsocket == NULL) + return; + conn = malloc(sizeof(*conn)); if (conn == NULL) { close(fd); @@ -778,6 +781,20 @@ struct vhost_user_reconnect_list { return ret; } +static void +vhost_user_socket_mem_free(struct vhost_user_socket *vsocket) +{ + if (vsocket && vsocket->path) { + free(vsocket->path); + vsocket->path = NULL; + } + + if (vsocket) { + free(vsocket); + vsocket = NULL; + } +} + /* * Register a new vhost-user socket; here we could act as server * (the default case), or client (when RTE_VHOST_USER_CLIENT) flag @@ -808,7 +825,7 @@ struct vhost_user_reconnect_list { if (vsocket->path == NULL) { RTE_LOG(ERR, VHOST_CONFIG, "error: failed to copy socket path string\n"); - free(vsocket); + vhost_user_socket_mem_free(vsocket); goto out; } TAILQ_INIT(&vsocket->conn_list); @@ -866,8 +883,7 @@ struct vhost_user_reconnect_list { "error: failed to destroy connection mutex\n"); } out_free: - free(vsocket->path); - free(vsocket); + vhost_user_socket_mem_free(vsocket); out: pthread_mutex_unlock(&vhost_user.mutex); @@ -914,14 +930,6 @@ struct vhost_user_reconnect_list { struct vhost_user_socket *vsocket = vhost_user.vsockets[i]; if (!strcmp(vsocket->path, path)) { - if (vsocket->is_server) { - fdset_del(&vhost_user.fdset, vsocket->socket_fd); - close(vsocket->socket_fd); - unlink(path); - } else if (vsocket->reconnect) { - vhost_user_remove_reconnect(vsocket); - } - again: pthread_mutex_lock(&vsocket->conn_mutex); for (conn = TAILQ_FIRST(&vsocket->conn_list); @@ -950,9 +958,16 @@ struct vhost_user_reconnect_list { } pthread_mutex_unlock(&vsocket->conn_mutex); + if (vsocket->is_server) { + fdset_del(&vhost_user.fdset, vsocket->socket_fd); + close(vsocket->socket_fd); + unlink(path); + } else if (vsocket->reconnect) { + vhost_user_remove_reconnect(vsocket); + } + pthread_mutex_destroy(&vsocket->conn_mutex); - free(vsocket->path); - free(vsocket); + vhost_user_socket_mem_free(vsocket); count = --vhost_user.vsocket_cnt; vhost_user.vsockets[i] = vhost_user.vsockets[count]; -- 1.8.3.1