From 1e7d0509fe43b340f9a0e2f90b734825c6c2034b Mon Sep 17 00:00:00 2001 From: Mauricio Vasquez B Date: Fri, 1 Apr 2016 13:22:12 +0200 Subject: [PATCH] ivshmem: fix race condition The memory zone could be freed just after adding it to the metadata file and just before marking it as not freeable. This patch changes the locking logic in order to prevent it. Fixes: cd10c42eb5bc ("mem: fix ivshmem freeing") Signed-off-by: Mauricio Vasquez B Acked-by: Anatoly Burakov --- lib/librte_ivshmem/rte_ivshmem.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/lib/librte_ivshmem/rte_ivshmem.c b/lib/librte_ivshmem/rte_ivshmem.c index 8fc4b57b8c..c8b332ce68 100644 --- a/lib/librte_ivshmem/rte_ivshmem.c +++ b/lib/librte_ivshmem/rte_ivshmem.c @@ -471,10 +471,21 @@ add_memzone_to_metadata(const struct rte_memzone * mz, struct ivshmem_config * config) { struct rte_ivshmem_metadata_entry * entry; - unsigned i; + unsigned i, idx; + struct rte_mem_config *mcfg; + + if (mz->len == 0) { + RTE_LOG(ERR, EAL, "Trying to add an empty memzone\n"); + return -1; + } rte_spinlock_lock(&config->sl); + mcfg = rte_eal_get_configuration()->mem_config; + + /* it prevents the memzone being freed while we add it to the metadata */ + rte_rwlock_write_lock(&mcfg->mlock); + /* find free slot in this config */ for (i = 0; i < RTE_DIM(config->metadata->entry); i++) { entry = &config->metadata->entry[i]; @@ -504,13 +515,6 @@ add_memzone_to_metadata(const struct rte_memzone * mz, config->metadata->name); goto fail; } -#ifdef RTE_LIBRTE_IVSHMEM - struct rte_mem_config *mcfg; - unsigned int idx; - - mcfg = rte_eal_get_configuration()->mem_config; - - rte_rwlock_write_lock(&mcfg->mlock); idx = ((uintptr_t)mz - (uintptr_t)mcfg->memzone); idx = idx / sizeof(struct rte_memzone); @@ -519,10 +523,10 @@ add_memzone_to_metadata(const struct rte_memzone * mz, mcfg->memzone[idx].ioremap_addr = mz->phys_addr; rte_rwlock_write_unlock(&mcfg->mlock); -#endif rte_spinlock_unlock(&config->sl); return 0; fail: + rte_rwlock_write_unlock(&mcfg->mlock); rte_spinlock_unlock(&config->sl); return -1; } -- 2.20.1