From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 09B2C1B2C6; Sun, 11 Feb 2018 02:54:20 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Feb 2018 17:54:18 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,493,1511856000"; d="scan'208";a="26403623" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by FMSMGA003.fm.intel.com with ESMTP; 10 Feb 2018 17:54:18 -0800 Received: from fmsmsx151.amr.corp.intel.com (10.18.125.4) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sat, 10 Feb 2018 17:54:18 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX151.amr.corp.intel.com (10.18.125.4) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sat, 10 Feb 2018 17:54:18 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.116]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.253]) with mapi id 14.03.0319.002; Sun, 11 Feb 2018 09:54:16 +0800 From: "Tan, Jianfeng" To: "Kulasek, TomaszX" , "yliu@fridaylinux.org" CC: "dev@dpdk.org" , "yuanhan.liu@linux.intel.com" , "stable@dpdk.org" , "Stojaczyk, DariuszX" Thread-Topic: [dpdk-dev] [PATCH] vhost: fix double free on shutdown Thread-Index: AQHTocm9E3MnwrIv30iqq/Lmx/WoCKOecnsg Date: Sun, 11 Feb 2018 01:54:15 +0000 Message-ID: References: <20180209171455.2904-1-tomaszx.kulasek@intel.com> In-Reply-To: <20180209171455.2904-1-tomaszx.kulasek@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] vhost: fix double free on shutdown X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Feb 2018 01:54:21 -0000 > -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Tomasz Kulasek > Sent: Saturday, February 10, 2018 1:15 AM > To: yliu@fridaylinux.org > Cc: dev@dpdk.org; yuanhan.liu@linux.intel.com; stable@dpdk.org; Stojaczyk= , > DariuszX > Subject: [dpdk-dev] [PATCH] vhost: fix double free on shutdown >=20 > The vhost connection can be closed concurrently from 2 places: > * the connection thread itself > * rte_vhost_driver_unregister >=20 > The connection thread will terminate the connection if any recv error > occurred. The unregister function will terminate the connection together > with the thread. However, there is no sychronization between those two. > The connection thread runs in the background without any mutex. Isn't it already protected by vsocket->conn_mutex? Thanks, Jianfeng >=20 > The rte_vhost_driver_unregister now signals the connection thread > to terminate itself and waits until it's killed. >=20 > Fixes: 65388b43f592 ("vhost: fix fd leaks for vhost-user server mode") > Cc: yuanhan.liu@linux.intel.com > Cc: stable@dpdk.org >=20 > Signed-off-by: Dariusz Stojaczyk > Signed-off-by: Tomasz Kulasek > --- > lib/librte_vhost/socket.c | 21 ++++++++------------- > 1 file changed, 8 insertions(+), 13 deletions(-) >=20 > diff --git a/lib/librte_vhost/socket.c b/lib/librte_vhost/socket.c > index 83befdced..46ac88efd 100644 > --- a/lib/librte_vhost/socket.c > +++ b/lib/librte_vhost/socket.c > @@ -735,7 +735,7 @@ rte_vhost_driver_unregister(const char *path) > { > int i; > int count; > - struct vhost_user_connection *conn, *next; > + struct vhost_user_connection *conn; >=20 > pthread_mutex_lock(&vhost_user.mutex); >=20 > @@ -752,22 +752,17 @@ rte_vhost_driver_unregister(const char *path) > } >=20 > pthread_mutex_lock(&vsocket->conn_mutex); > - for (conn =3D TAILQ_FIRST(&vsocket->conn_list); > - conn !=3D NULL; > - conn =3D next) { > - next =3D TAILQ_NEXT(conn, next); > - > - fdset_del(&vhost_user.fdset, conn->connfd); > - RTE_LOG(INFO, VHOST_CONFIG, > - "free connfd =3D %d for device '%s'\n", > - conn->connfd, path); > + TAILQ_FOREACH(conn, &vsocket->conn_list, next) { > close(conn->connfd); > - vhost_destroy_device(conn->vid); > - TAILQ_REMOVE(&vsocket->conn_list, conn, > next); > - free(conn); > } > pthread_mutex_unlock(&vsocket->conn_mutex); >=20 > + do { > + pthread_mutex_lock(&vsocket- > >conn_mutex); > + conn =3D TAILQ_FIRST(&vsocket->conn_list); > + pthread_mutex_unlock(&vsocket- > >conn_mutex); > + } while (conn !=3D NULL); > + > pthread_mutex_destroy(&vsocket->conn_mutex); > free(vsocket->path); > free(vsocket); > -- > 2.14.1