vhost: Fix the crash caused by accessing the released memory

Message ID 20240617033539.36949-1-15957197901@163.com (mailing list archive)
State Superseded
Delegated to: Maxime Coquelin
Series vhost: Fix the crash caused by accessing the released memory |


Context Check Description
ci/checkpatch warning coding style issues
ci/loongarch-compilation success Compilation OK
ci/loongarch-unit-testing success Unit Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-intel-Functional fail Functional Testing issues
ci/iol-abi-testing success Testing PASS
ci/iol-compile-amd64-testing success Testing PASS
ci/iol-unit-arm64-testing success Testing PASS
ci/iol-compile-arm64-testing success Testing PASS
ci/iol-unit-amd64-testing success Testing PASS
ci/iol-sample-apps-testing success Testing PASS
ci/Intel-compilation success Compilation OK
ci/intel-Testing success Testing PASS
ci/intel-Functional success Functional PASS

Commit Message

Xinxin Zhao June 17, 2024, 3:35 a.m. UTC
  The rte_vhost_driver_unregister() 、vhost_user_read_cb()、vhost_user_client_reconnect() can be called at the same time by 3 threads.
when memory of vsocket is freed in rte_vhost_driver_unregister(), then vhost_user_read_cb() maybe add vsocket to reconn_list, the invalid memory of vsocket is accessed in vhost_user_client_reconnect().
The core trace is:
    Program terminated with signal 11, Segmentation fault.
    The fix is to perform a delete operation again after releasing the memory

Signed-off-by: zhaoxinxin <15957197901@163.com>
 lib/vhost/socket.c | 2 ++
 1 file changed, 2 insertions(+)


diff --git a/lib/vhost/socket.c b/lib/vhost/socket.c
index a75728a2e4..01946096c4 100644
--- a/lib/vhost/socket.c
+++ b/lib/vhost/socket.c
@@ -1121,6 +1121,8 @@  rte_vhost_driver_unregister(const char *path)
 		if (vsocket->is_server) {
+		} else if (vsocket->reconnect) {
+			vhost_user_remove_reconnect(vsocket);