From 84d56507c2ab27a943a1dbf76e259c3a9437bb48 Mon Sep 17 00:00:00 2001 From: zhaoxinxin Date: Wed, 10 Apr 2024 16:18:47 +0800 Subject: [PATCH] vhost: Fix the crash caused by accessing the released memory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The rte_vhost_driver_unregister() 、vhost_user_read_cb()、vhost_user_client_reconnect() can be called at the same time by 3 threads. when memory of vsocket is freed in rte_vhost_driver_unregister(), then vhost_user_read_cb() maybe add vsocket to reconn_list, the invalid memory of vsocket is accessed in vhost_user_client_reconnect(). The core trace is: Program terminated with signal 11, Segmentation fault. The fix is to perform a delete operation again after releasing the memory --- lib/vhost/socket.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/vhost/socket.c b/lib/vhost/socket.c index 96b3ab55956..f3b5662d83a 100644 --- a/lib/vhost/socket.c +++ b/lib/vhost/socket.c @@ -1125,6 +1125,8 @@ rte_vhost_driver_unregister(const char *path) if (vsocket->is_server) { close(vsocket->socket_fd); unlink(path); + } else if (vsocket->reconnect) { + vhost_user_remove_reconnect(vsocket); } pthread_mutex_destroy(&vsocket->conn_mutex);