From 499fd8e5b89c2ce65d57875d0a7d67f3a7f2fb6b Mon Sep 17 00:00:00 2001 From: Zhike Wang Date: Thu, 16 Jan 2020 10:07:37 +0800 Subject: [PATCH] vhost: fix crash on port deletion The vhost_user_read_cb() and rte_vhost_driver_unregister() can be called at the same time by 2 threads. Eg thread1 calls vhost_user_read_cb() and removes the vsocket from conn_list, then thread2 calls rte_vhost_driver_unregister() and frees the vsocket since it is NOT in the conn_list. So thread1 will access invalid memory when trying to reconnect. The fix is to move the "removing of vsocket from conn_list" to end of the vhost_user_read_cb(), then avoid the race condition. The core trace is: Program terminated with signal 11, Segmentation fault. Fixes: af1475918124 ("vhost: introduce API to start a specific driver") Cc: stable@dpdk.org Signed-off-by: Zhike Wang Reviewed-by: Maxime Coquelin --- lib/librte_vhost/socket.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/librte_vhost/socket.c b/lib/librte_vhost/socket.c index 9740fb3403..85c64485c2 100644 --- a/lib/librte_vhost/socket.c +++ b/lib/librte_vhost/socket.c @@ -318,16 +318,16 @@ vhost_user_read_cb(int connfd, void *dat, int *remove) vhost_destroy_device(conn->vid); + if (vsocket->reconnect) { + create_unix_socket(vsocket); + vhost_user_start_client(vsocket); + } + pthread_mutex_lock(&vsocket->conn_mutex); TAILQ_REMOVE(&vsocket->conn_list, conn, next); pthread_mutex_unlock(&vsocket->conn_mutex); free(conn); - - if (vsocket->reconnect) { - create_unix_socket(vsocket); - vhost_user_start_client(vsocket); - } } } -- 2.20.1