From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 45E0D454F1
	for <public@inbox.dpdk.org>; Tue, 25 Jun 2024 15:54:00 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 396A941153;
	Tue, 25 Jun 2024 15:54:00 +0200 (CEST)
Received: from mail-oo1-f53.google.com (mail-oo1-f53.google.com
 [209.85.161.53]) by mails.dpdk.org (Postfix) with ESMTP id AD43A410EE
 for <stable@dpdk.org>; Tue, 25 Jun 2024 15:51:46 +0200 (CEST)
Received: by mail-oo1-f53.google.com with SMTP id
 006d021491bc7-5c21a17760fso197254eaf.1
 for <stable@dpdk.org>; Tue, 25 Jun 2024 06:51:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=iol.unh.edu; s=unh-iol; t=1719323506; x=1719928306; darn=dpdk.org;
 h=content-transfer-encoding:cc:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:from:to:cc:subject:date
 :message-id:reply-to;
 bh=H9PG3A7TxQAZAslJZi5onFxz+Aa9Ipnyrrdns4TWRNw=;
 b=eOlVkZ+U4xlVDyhObEjbWGgd4ngRi9yXFb5Tjz+gHFZtMhfPjievALPK/IIZJCbtrL
 foh1QXjpsdh06ETFe9J2QH8nkk4k2ssxa01dz05YvCUOotVPpQ8xoFh+V0MzB4BNIe8/
 KI6zUsEo8Swh5vsh/mWF2UbGAGDQWYr+RTQNA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1719323506; x=1719928306;
 h=content-transfer-encoding:cc:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=H9PG3A7TxQAZAslJZi5onFxz+Aa9Ipnyrrdns4TWRNw=;
 b=uhZIVtxMecz1mmgr65vMwX82FfmbNYS2k4/AqPqbOC0jGLFqBrQ6prdtiyr2vvv3tm
 LuD8D9nKvKLsoGVSFWgS8KKWu7ImrUyf5JUvfY9/QI9kArq/OmMZinj67pm4fE6MYmNc
 2ffB+eQmEXAxooYAiDtvyUzbTTBLk3skonQmprzpiEI5dcfv5YF4hE+ezovVMwr2hsaO
 Dp9M5qcRGyPKdSmgmk1wx7TUD59txlVyInuZEVXTdpZ8AtYU1XMidbiBwoRsUPFyCY8T
 zpZ9iieexML2HUX4VB27qDGK3mfw9+Pg+Msd/iMvKXb796rJHAhZBGIvrShIqYqke8Zp
 VLsQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCU97aqR1Yl5EjoANNANgXUwQe2xiixHHoSGjJYn/ybuDQ6m9m3WzwVPf67UjbOYLLWnSawSpaRq+O14xhnLnCw=
X-Gm-Message-State: AOJu0Yw+Mxc3JqrPk0WOYBRdzDT6kp+A2BaLXMyITsKSZA2A9Zs9KSqS
 mYL03EyizGekwpaUBVudv4Txl42mxlv76J8ITz+smQDKB6g26UjiaYa0lBUGtV35T0Y3tLb10Ff
 tolYG1LkKHAyX+QVYiNp3rtCOHcewsvDqHutwZw==
X-Google-Smtp-Source: AGHT+IEFWzTd9P7OPEy9cAYAOHd+4UTP2up0T0HIbApwg/3zoSHXjIZ2sGs7pe3efiRrCuSdfXkAjUZbBKdtu3yurFk=
X-Received: by 2002:a4a:8847:0:b0:5c2:ac6:935f with SMTP id
 006d021491bc7-5c20ac6948bmr4735451eaf.9.1719323505820; Tue, 25 Jun 2024
 06:51:45 -0700 (PDT)
MIME-Version: 1.0
References: <20240625021347.63978-1-15957197901@163.com>
In-Reply-To: <20240625021347.63978-1-15957197901@163.com>
From: Patrick Robb <probb@iol.unh.edu>
Date: Tue, 25 Jun 2024 09:51:34 -0400
Message-ID: <CAJvnSUA05v4b15Ha7FgUksWLChDkbS2XYad_rTQcL8TRo5eGtA@mail.gmail.com>
Subject: Re: [PATCH] vhost: Fix the crash caused by accessing the released
 memory
To: zhaoxinxin <15957197901@163.com>
Cc: dev@dpdk.org, stable@dpdk.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

rerunning the failing performance test in CI testing as it was a false fail=
ure.

On Tue, Jun 25, 2024 at 2:39=E2=80=AFAM zhaoxinxin <15957197901@163.com> wr=
ote:
>
> The rte_vhost_driver_unregister() vhost_user_read_cb()
> vhost_user_client_reconnect() can be called at the same time by 3 threads=
.
> when memory of vsocket is freed in rte_vhost_driver_unregister(),
> then vhost_user_read_cb() maybe add vsocket to reconn_list,
> the invalid memory of vsocket is accessed in vhost_user_client_reconnect(=
).
> It's a bug for vhost as client.
>
> E.g., vhostuser port is created as client.
> Thread 1 calls rte_vhost_driver_unregister() to remove
> the vsocket of reconn from the reconn list.
> Then =E2=80=9Cvhost-events=E2=80=9D thread calls vhost_user_read_cb() to
> add the vsocket of reconn back to the reconn list.
> At this time, after thread 1 releases the vsocket memory,
> the socket of vhostuser reconnects successfully,
> "vhost_reconn" thread will access the released memory.
>
> The core trace is:
> Program terminated with signal 11, Segmentation fault.
> The fix is to perform a delete operation again after releasing the memory
>
> Fixes: 451dc0f ("vhost: fix crash on port deletion")
> Cc: stable@dpdk.org
>
> Signed-off-by: Xinxin Zhao <15957197901@163.com>
> ---
>  lib/vhost/socket.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/lib/vhost/socket.c b/lib/vhost/socket.c
> index a75728a2e4..01946096c4 100644
> --- a/lib/vhost/socket.c
> +++ b/lib/vhost/socket.c
> @@ -1121,6 +1121,8 @@ rte_vhost_driver_unregister(const char *path)
>                 if (vsocket->is_server) {
>                         close(vsocket->socket_fd);
>                         unlink(path);
> +               } else if (vsocket->reconnect) {
> +                       vhost_user_remove_reconnect(vsocket);
>                 }
>
>                 pthread_mutex_destroy(&vsocket->conn_mutex);
> --
> 2.45.2
>