From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 706EC4548D;
	Tue, 18 Jun 2024 15:06:10 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 5CF6C40E4F;
	Tue, 18 Jun 2024 15:06:10 +0200 (CEST)
Received: from m16.mail.163.com (m16.mail.163.com [117.135.210.3])
 by mails.dpdk.org (Postfix) with ESMTP id 09F8D4026B
 for <dev@dpdk.org>; Tue, 18 Jun 2024 07:59:37 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
 s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=GlDBV
 8U3U4+0B6uMPHZZ00xMMhxDWj5fz/1UK09x5ZA=; b=G/7oeAbJULTf48hDNNHE5
 8spSkGGLA2Gkk9FlE/yisny3Lit+NjiMR683BOaTDoYnkRQ/M7KlKhPwu5TmqBRo
 5RlIDDOUeJLm3qIMkQI5e2PP9V3Ez7HGTFcjD0aBj8Xw9Ak3KWxYAd7X6YsYPLvM
 Y9GQ02kOklDDkTGTN02ruc=
Received: from localhost.localdomain (unknown [115.193.35.154])
 by gzga-smtp-mta-g2-5 (Coremail) with SMTP id _____wDnT0tDInFmW0+MAg--.63575S2;
 Tue, 18 Jun 2024 13:59:32 +0800 (CST)
From: zhaoxinxin <15957197901@163.com>
To: dev@dpdk.org
Cc: zhaoxinxin <15957197901@163.com>
Subject: [PATCH] vhost: Fix the crash caused by accessing the released memory
Date: Tue, 18 Jun 2024 13:59:29 +0800
Message-ID: <20240618055929.40842-1-15957197901@163.com>
X-Mailer: git-send-email 2.45.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-CM-TRANSID: _____wDnT0tDInFmW0+MAg--.63575S2
X-Coremail-Antispam: 1Uf129KBjvdXoWrur4fZw1kGrW5Zw43Xw4kCrg_yoWDtFg_ur
 10vFy8Xa1DWrZIga47Cr1jqr4Skw4xtF1FqF40yryrG348K3s09as2yF93AF17ur4fZr1U
 Crn5CFs3Zr1IgjkaLaAFLSUrUUUUjb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT
 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7sRR75r5UUUUU==
X-Originating-IP: [115.193.35.154]
X-CM-SenderInfo: zprvmkyxrzlmmqrbiqqrwthudrp/1tbiYwgCxGV4Ix+jQgAAst
X-Mailman-Approved-At: Tue, 18 Jun 2024 15:06:08 +0200
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

The rte_vhost_driver_unregister() vhost_user_read_cb() vhost_user_client_reconnect() can be called at the same time by 3 threads.
when memory of vsocket is freed in rte_vhost_driver_unregister(),
then vhost_user_read_cb() maybe add vsocket to reconn_list,
the invalid memory of vsocket is accessed in vhost_user_client_reconnect().

The core trace is:
    Program terminated with signal 11, Segmentation fault.
    The fix is to perform a delete operation again after releasing the memory

Signed-off-by: zhaoxinxin <15957197901@163.com>
---
 lib/vhost/socket.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/vhost/socket.c b/lib/vhost/socket.c
index a75728a2e4..01946096c4 100644
--- a/lib/vhost/socket.c
+++ b/lib/vhost/socket.c
@@ -1121,6 +1121,8 @@ rte_vhost_driver_unregister(const char *path)
 		if (vsocket->is_server) {
 			close(vsocket->socket_fd);
 			unlink(path);
+		} else if (vsocket->reconnect) {
+			vhost_user_remove_reconnect(vsocket);
 		}
 
 		pthread_mutex_destroy(&vsocket->conn_mutex);
-- 
2.45.2