From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 78B0E454EF;
	Tue, 25 Jun 2024 15:53:59 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 5907C410EE;
	Tue, 25 Jun 2024 15:53:59 +0200 (CEST)
Received: from mail-oo1-f50.google.com (mail-oo1-f50.google.com
 [209.85.161.50]) by mails.dpdk.org (Postfix) with ESMTP id ABF0B40668
 for <dev@dpdk.org>; Tue, 25 Jun 2024 15:51:46 +0200 (CEST)
Received: by mail-oo1-f50.google.com with SMTP id
 006d021491bc7-5b970e90ab8so3137395eaf.3
 for <dev@dpdk.org>; Tue, 25 Jun 2024 06:51:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=iol.unh.edu; s=unh-iol; t=1719323506; x=1719928306; darn=dpdk.org;
 h=content-transfer-encoding:cc:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:from:to:cc:subject:date
 :message-id:reply-to;
 bh=H9PG3A7TxQAZAslJZi5onFxz+Aa9Ipnyrrdns4TWRNw=;
 b=eOlVkZ+U4xlVDyhObEjbWGgd4ngRi9yXFb5Tjz+gHFZtMhfPjievALPK/IIZJCbtrL
 foh1QXjpsdh06ETFe9J2QH8nkk4k2ssxa01dz05YvCUOotVPpQ8xoFh+V0MzB4BNIe8/
 KI6zUsEo8Swh5vsh/mWF2UbGAGDQWYr+RTQNA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1719323506; x=1719928306;
 h=content-transfer-encoding:cc:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=H9PG3A7TxQAZAslJZi5onFxz+Aa9Ipnyrrdns4TWRNw=;
 b=qK+3LS/BLrcxS5AtOlFPhf/oTbyEWQn6xNmIgm0aHfu/Ia1i6fNxLAVei69YqFaocL
 PavZEsBgBggajC7UQCXHOXjNIX0ssAqVzgr3+WhQoR5X4Rht+UEaGE0Z72HlghsDnYx3
 XsNtZBDkEB4qcpS4wHSAz+wlvshB8Ac5CddUc9ddD1NDlFJ/RDe2Zbyrb9oYHjQOKeFP
 ZDhXILW5BM13QyKfT4md8lB/VoKaSXgODER3tRyhwIeYHvxUnFINsrnqwpCPG38ZdGvM
 t+4AIfAoINd3AxbclzKiGMVMrYUIUngEVOi/KtjB9rCGprHgAnjGNhuXMInCSv77/3/g
 VAeA==
X-Gm-Message-State: AOJu0YzYozTctky8gMnxC8qSBTGQIvoiFKRII6uzrAQHkQjprjsVWkXk
 rFWzn8Qcfq+tLQ7mLlBz9kGU23D0uLz1o0WJvFV1Lkq0vLJhA7okB7NWZyg/qYrN4JeBuWI58Qb
 T5WFE03LBDZZhsoO5YPTYUwdzopTey/6fm2RzMA==
X-Google-Smtp-Source: AGHT+IEFWzTd9P7OPEy9cAYAOHd+4UTP2up0T0HIbApwg/3zoSHXjIZ2sGs7pe3efiRrCuSdfXkAjUZbBKdtu3yurFk=
X-Received: by 2002:a4a:8847:0:b0:5c2:ac6:935f with SMTP id
 006d021491bc7-5c20ac6948bmr4735451eaf.9.1719323505820; Tue, 25 Jun 2024
 06:51:45 -0700 (PDT)
MIME-Version: 1.0
References: <20240625021347.63978-1-15957197901@163.com>
In-Reply-To: <20240625021347.63978-1-15957197901@163.com>
From: Patrick Robb <probb@iol.unh.edu>
Date: Tue, 25 Jun 2024 09:51:34 -0400
Message-ID: <CAJvnSUA05v4b15Ha7FgUksWLChDkbS2XYad_rTQcL8TRo5eGtA@mail.gmail.com>
Subject: Re: [PATCH] vhost: Fix the crash caused by accessing the released
 memory
To: zhaoxinxin <15957197901@163.com>
Cc: dev@dpdk.org, stable@dpdk.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

rerunning the failing performance test in CI testing as it was a false fail=
ure.

On Tue, Jun 25, 2024 at 2:39=E2=80=AFAM zhaoxinxin <15957197901@163.com> wr=
ote:
>
> The rte_vhost_driver_unregister() vhost_user_read_cb()
> vhost_user_client_reconnect() can be called at the same time by 3 threads=
.
> when memory of vsocket is freed in rte_vhost_driver_unregister(),
> then vhost_user_read_cb() maybe add vsocket to reconn_list,
> the invalid memory of vsocket is accessed in vhost_user_client_reconnect(=
).
> It's a bug for vhost as client.
>
> E.g., vhostuser port is created as client.
> Thread 1 calls rte_vhost_driver_unregister() to remove
> the vsocket of reconn from the reconn list.
> Then =E2=80=9Cvhost-events=E2=80=9D thread calls vhost_user_read_cb() to
> add the vsocket of reconn back to the reconn list.
> At this time, after thread 1 releases the vsocket memory,
> the socket of vhostuser reconnects successfully,
> "vhost_reconn" thread will access the released memory.
>
> The core trace is:
> Program terminated with signal 11, Segmentation fault.
> The fix is to perform a delete operation again after releasing the memory
>
> Fixes: 451dc0f ("vhost: fix crash on port deletion")
> Cc: stable@dpdk.org
>
> Signed-off-by: Xinxin Zhao <15957197901@163.com>
> ---
>  lib/vhost/socket.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/lib/vhost/socket.c b/lib/vhost/socket.c
> index a75728a2e4..01946096c4 100644
> --- a/lib/vhost/socket.c
> +++ b/lib/vhost/socket.c
> @@ -1121,6 +1121,8 @@ rte_vhost_driver_unregister(const char *path)
>                 if (vsocket->is_server) {
>                         close(vsocket->socket_fd);
>                         unlink(path);
> +               } else if (vsocket->reconnect) {
> +                       vhost_user_remove_reconnect(vsocket);
>                 }
>
>                 pthread_mutex_destroy(&vsocket->conn_mutex);
> --
> 2.45.2
>