diff mbox series

vhost: fix passing destroyed device to destroy callback

Message ID	20190409133622.14729-1-i.maximets@samsung.com (mailing list archive)
State	Superseded, archived
Delegated to:	Maxime Coquelin
Headers	From: Ilya Maximets <i.maximets@samsung.com> To: dev@dpdk.org, Maxime Coquelin <maxime.coquelin@redhat.com> Cc: Tiwei Bie <tiwei.bie@intel.com>, Jens Freimann <jfreimann@redhat.com>, Dariusz Stojaczyk <dariuszx.stojaczyk@intel.com>, David Marchand <david.marchand@redhat.com>, Ilya Maximets <i.maximets@samsung.com>, stable@dpdk.org Date: Tue, 9 Apr 2019 16:36:22 +0300 Message-Id: <20190409133622.14729-1-i.maximets@samsung.com> Content-Type: text/plain; charset="utf-8" CMS-TYPE: 201P References: <CGME20190409133629eucas1p2ecfe7c4771bb6add694596cf75cf3e70@eucas1p2.samsung.com> Subject: [dpdk-dev] [PATCH] vhost: fix passing destroyed device to destroy callback Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	vhost: fix passing destroyed device to destroy callback \| vhost: fix passing destroyed device to destroy callback

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK
ci/mellanox-Performance-Testing	success	Performance Testing PASS
ci/intel-Performance-Testing	success	Performance Testing PASS

Commit Message

Ilya Maximets April 9, 2019, 1:36 p.m. UTC

  Application should be able to obtain information like 'ifname' from
the 'vid' passed to 'destroy_connection' callback. Currently, all the
API calls with passed 'vid' fails with 'device not found'.

Fixes: efba12a78ddf ("vhost: add user callbacks for socket open/close")
Cc: stable@dpdk.org

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
---
 lib/librte_vhost/socket.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Jens Freimann April 9, 2019, 2:25 p.m. UTC | #1

On Tue, Apr 09, 2019 at 04:36:22PM +0300, Ilya Maximets wrote:
>Application should be able to obtain information like 'ifname' from
>the 'vid' passed to 'destroy_connection' callback. Currently, all the
>API calls with passed 'vid' fails with 'device not found'.
>
>Fixes: efba12a78ddf ("vhost: add user callbacks for socket open/close")
>Cc: stable@dpdk.org
>
>Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
>---
> lib/librte_vhost/socket.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>

Because the device is destroyed before the callback is done, vid is
not a valid index to look up device information any more. So, yes we
should destroy the device after the callback.


Reviewed-by: Jens Freimann <jfreimann@redhat.com>

regards,
Jens

David Marchand April 10, 2019, 7:24 a.m. UTC | #2

On Tue, Apr 9, 2019 at 3:36 PM Ilya Maximets <i.maximets@samsung.com> wrote:

> Application should be able to obtain information like 'ifname' from
> the 'vid' passed to 'destroy_connection' callback. Currently, all the
> API calls with passed 'vid' fails with 'device not found'.
>
> Fixes: efba12a78ddf ("vhost: add user callbacks for socket open/close")
> Cc: stable@dpdk.org
>
> Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
> ---
>  lib/librte_vhost/socket.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/lib/librte_vhost/socket.c b/lib/librte_vhost/socket.c
> index 3da9de62c..43f091d10 100644
> --- a/lib/librte_vhost/socket.c
> +++ b/lib/librte_vhost/socket.c
> @@ -297,11 +297,12 @@ vhost_user_read_cb(int connfd, void *dat, int
> *remove)
>         if (ret < 0) {
>                 close(connfd);
>                 *remove = 1;
> -               vhost_destroy_device(conn->vid);
>
>                 if (vsocket->notify_ops->destroy_connection)
>                         vsocket->notify_ops->destroy_connection(conn->vid);
>
> +               vhost_destroy_device(conn->vid);
> +
>                 pthread_mutex_lock(&vsocket->conn_mutex);
>                 TAILQ_REMOVE(&vsocket->conn_list, conn, next);
>                 pthread_mutex_unlock(&vsocket->conn_mutex);
> --
> 2.17.1
>
>
Reviewed-by: David Marchand <david.marchand@redhat.com>

For vhost maintainers, looking at vhost_user_add_connection, aren't we
leaking a vid on errors ? either when new_connection notifier returns an
error, or after calling destroy_connection.

Ilya Maximets April 10, 2019, 7:53 a.m. UTC | #3

On 10.04.2019 10:24, David Marchand wrote:
> 
> 
> On Tue, Apr 9, 2019 at 3:36 PM Ilya Maximets <i.maximets@samsung.com <mailto:i.maximets@samsung.com>> wrote:
> 
>     Application should be able to obtain information like 'ifname' from
>     the 'vid' passed to 'destroy_connection' callback. Currently, all the
>     API calls with passed 'vid' fails with 'device not found'.
> 
>     Fixes: efba12a78ddf ("vhost: add user callbacks for socket open/close")
>     Cc: stable@dpdk.org <mailto:stable@dpdk.org>
> 
>     Signed-off-by: Ilya Maximets <i.maximets@samsung.com <mailto:i.maximets@samsung.com>>
>     ---
>      lib/librte_vhost/socket.c | 3 ++-
>      1 file changed, 2 insertions(+), 1 deletion(-)
> 
>     diff --git a/lib/librte_vhost/socket.c b/lib/librte_vhost/socket.c
>     index 3da9de62c..43f091d10 100644
>     --- a/lib/librte_vhost/socket.c
>     +++ b/lib/librte_vhost/socket.c
>     @@ -297,11 +297,12 @@ vhost_user_read_cb(int connfd, void *dat, int *remove)
>             if (ret < 0) {
>                     close(connfd);
>                     *remove = 1;
>     -               vhost_destroy_device(conn->vid);
> 
>                     if (vsocket->notify_ops->destroy_connection)
>                             vsocket->notify_ops->destroy_connection(conn->vid);
> 
>     +               vhost_destroy_device(conn->vid);
>     +
>                     pthread_mutex_lock(&vsocket->conn_mutex);
>                     TAILQ_REMOVE(&vsocket->conn_list, conn, next);
>                     pthread_mutex_unlock(&vsocket->conn_mutex);
>     -- 
>     2.17.1
> 
> 
> Reviewed-by: David Marchand <david.marchand@redhat.com <mailto:david.marchand@redhat.com>>
> 
> For vhost maintainers, looking at vhost_user_add_connection, aren't we leaking a vid on errors ? either when new_connection notifier returns an error, or after calling destroy_connection.

I think that you're right.
I spotted that too yesterday while preparing this patch, just had no time to
check deeper. It should be safe to call 'vhost_destroy_device' in these cases.

Best regards, Ilya Maximets.

David Marchand April 10, 2019, 8:07 a.m. UTC | #4

On Wed, Apr 10, 2019 at 9:53 AM Ilya Maximets <i.maximets@samsung.com>
wrote:

> On 10.04.2019 10:24, David Marchand wrote:
> > For vhost maintainers, looking at vhost_user_add_connection, aren't we
> leaking a vid on errors ? either when new_connection notifier returns an
> error, or after calling destroy_connection.
>
> I think that you're right.
> I spotted that too yesterday while preparing this patch, just had no time
> to
> check deeper. It should be safe to call 'vhost_destroy_device' in these
> cases.
>

Yes, that's my understanding too.

Ilya Maximets April 11, 2019, 8:53 a.m. UTC | #5

On 10.04.2019 11:07, David Marchand wrote:
> On Wed, Apr 10, 2019 at 9:53 AM Ilya Maximets <i.maximets@samsung.com <mailto:i.maximets@samsung.com>> wrote:
> 
>     On 10.04.2019 10:24, David Marchand wrote:
>     > For vhost maintainers, looking at vhost_user_add_connection, aren't we leaking a vid on errors ? either when new_connection notifier returns an error, or after calling destroy_connection.
> 
>     I think that you're right.
>     I spotted that too yesterday while preparing this patch, just had no time to
>     check deeper. It should be safe to call 'vhost_destroy_device' in these cases.
> 
> 
> Yes, that's my understanding too.

I'll prepare the patch for this.

> 
> 
> -- 
> David Marchand

Tiwei Bie April 12, 2019, 4:39 a.m. UTC | #6

On Tue, Apr 09, 2019 at 04:36:22PM +0300, Ilya Maximets wrote:
> Application should be able to obtain information like 'ifname' from
> the 'vid' passed to 'destroy_connection' callback. Currently, all the
> API calls with passed 'vid' fails with 'device not found'.
> 
> Fixes: efba12a78ddf ("vhost: add user callbacks for socket open/close")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
> ---
>  lib/librte_vhost/socket.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/librte_vhost/socket.c b/lib/librte_vhost/socket.c
> index 3da9de62c..43f091d10 100644
> --- a/lib/librte_vhost/socket.c
> +++ b/lib/librte_vhost/socket.c
> @@ -297,11 +297,12 @@ vhost_user_read_cb(int connfd, void *dat, int *remove)
>  	if (ret < 0) {
>  		close(connfd);
>  		*remove = 1;
> -		vhost_destroy_device(conn->vid);
>  
>  		if (vsocket->notify_ops->destroy_connection)
>  			vsocket->notify_ops->destroy_connection(conn->vid);
>  
> +		vhost_destroy_device(conn->vid);

By design, notify_ops->destroy_device() should be called before
notify_ops->destroy_connection(). I.e. something like:

	vhost_destroy_device_notify(...); // device stop

	if (vsocket->notify_ops->destroy_connection) // socket close
		vsocket->notify_ops->destroy_connection(conn->vid);

	vhost_destroy_device(conn->vid); // free

As destroy_device() callback means device stop (which also
happens in e.g. GET_VRING_BASE).


> +
>  		pthread_mutex_lock(&vsocket->conn_mutex);
>  		TAILQ_REMOVE(&vsocket->conn_list, conn, next);
>  		pthread_mutex_unlock(&vsocket->conn_mutex);
> -- 
> 2.17.1
>

Ilya Maximets April 12, 2019, 8:11 a.m. UTC | #7

On 12.04.2019 7:39, Tiwei Bie wrote:
> On Tue, Apr 09, 2019 at 04:36:22PM +0300, Ilya Maximets wrote:
>> Application should be able to obtain information like 'ifname' from
>> the 'vid' passed to 'destroy_connection' callback. Currently, all the
>> API calls with passed 'vid' fails with 'device not found'.
>>
>> Fixes: efba12a78ddf ("vhost: add user callbacks for socket open/close")
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
>> ---
>>  lib/librte_vhost/socket.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/librte_vhost/socket.c b/lib/librte_vhost/socket.c
>> index 3da9de62c..43f091d10 100644
>> --- a/lib/librte_vhost/socket.c
>> +++ b/lib/librte_vhost/socket.c
>> @@ -297,11 +297,12 @@ vhost_user_read_cb(int connfd, void *dat, int *remove)
>>  	if (ret < 0) {
>>  		close(connfd);
>>  		*remove = 1;
>> -		vhost_destroy_device(conn->vid);
>>  
>>  		if (vsocket->notify_ops->destroy_connection)
>>  			vsocket->notify_ops->destroy_connection(conn->vid);
>>  
>> +		vhost_destroy_device(conn->vid);
> 
> By design, notify_ops->destroy_device() should be called before
> notify_ops->destroy_connection(). I.e. something like:
> 
> 	vhost_destroy_device_notify(...); // device stop
> 
> 	if (vsocket->notify_ops->destroy_connection) // socket close
> 		vsocket->notify_ops->destroy_connection(conn->vid);
> 
> 	vhost_destroy_device(conn->vid); // free
> 
> As destroy_device() callback means device stop (which also
> happens in e.g. GET_VRING_BASE).

Agree. Thanks. Will send v2.

> 
> 
>> +
>>  		pthread_mutex_lock(&vsocket->conn_mutex);
>>  		TAILQ_REMOVE(&vsocket->conn_list, conn, next);
>>  		pthread_mutex_unlock(&vsocket->conn_mutex);
>> -- 
>> 2.17.1
>>
> 
>

diff mbox series

Patch

diff --git a/lib/librte_vhost/socket.c b/lib/librte_vhost/socket.c
index 3da9de62c..43f091d10 100644
--- a/lib/librte_vhost/socket.c
+++ b/lib/librte_vhost/socket.c
@@ -297,11 +297,12 @@  vhost_user_read_cb(int connfd, void *dat, int *remove)
 	if (ret < 0) {
 		close(connfd);
 		*remove = 1;
-		vhost_destroy_device(conn->vid);
 
 		if (vsocket->notify_ops->destroy_connection)
 			vsocket->notify_ops->destroy_connection(conn->vid);
 
+		vhost_destroy_device(conn->vid);
+
 		pthread_mutex_lock(&vsocket->conn_mutex);
 		TAILQ_REMOVE(&vsocket->conn_list, conn, next);
 		pthread_mutex_unlock(&vsocket->conn_mutex);