Hi Chenbon On 10/21/20 1:10 PM, Xia, Chenbo wrote: > Hi Maxime, > >> -----Original Message----- >> From: Maxime Coquelin <maxime.coque...@redhat.com> >> Sent: Tuesday, October 20, 2020 1:34 AM >> To: dev@dpdk.org; Xia, Chenbo <chenbo....@intel.com>; amore...@redhat.com >> Cc: Maxime Coquelin <maxime.coque...@redhat.com>; sta...@dpdk.org >> Subject: [PATCH 1/7] vhost: fix virtqueues metadata allocation >> >> The Vhost-user backend implementation assumes there will be >> no holes in the device's array of virtqueues metadata >> pointers. >> >> It can happen though, and would cause segmentation faults, >> memory leaks or undefined behaviour. > > Could I ask when will this happen? > > When QEMU does not configure all virtqueues? I'm not very sure. > Could you point that out for me?
It has been reported by our QE when doing reconnect with multiqueue with vIOMMU enabled: https://bugzilla.redhat.com/show_bug.cgi?id=1880299 Regards, Maxime > Thanks! > Chenbo > >> >> This patch keep the assumption that there is no holes in this >> array, and allocate all uninitialized virtqueues metadata up >> to requested index. >> >> Fixes: 160cbc815b41 ("vhost: remove a hack on queue allocation") >> Cc: sta...@dpdk.org >> >> Suggested-by: Adrian Moreno <amore...@redhat.com> >> Signed-off-by: Maxime Coquelin <maxime.coque...@redhat.com> >> --- >> lib/librte_vhost/vhost.c | 33 ++++++++++++++++++++------------- >> 1 file changed, 20 insertions(+), 13 deletions(-) >> >> diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c >> index 6068c38ec6..0c9ba3b3af 100644 >> --- a/lib/librte_vhost/vhost.c >> +++ b/lib/librte_vhost/vhost.c >> @@ -579,22 +579,29 @@ int >> alloc_vring_queue(struct virtio_net *dev, uint32_t vring_idx) >> { >> struct vhost_virtqueue *vq; >> + uint32_t i; >> >> - vq = rte_malloc(NULL, sizeof(struct vhost_virtqueue), 0); >> - if (vq == NULL) { >> - VHOST_LOG_CONFIG(ERR, >> - "Failed to allocate memory for vring:%u.\n", vring_idx); >> - return -1; >> - } >> + /* Also allocate holes, if any, up to requested vring index. */ >> + for (i = 0; i <= vring_idx; i++) { >> + if (dev->virtqueue[i]) >> + continue; >> >> - dev->virtqueue[vring_idx] = vq; >> - init_vring_queue(dev, vring_idx); >> - rte_spinlock_init(&vq->access_lock); >> - vq->avail_wrap_counter = 1; >> - vq->used_wrap_counter = 1; >> - vq->signalled_used_valid = false; >> + vq = rte_malloc(NULL, sizeof(struct vhost_virtqueue), 0); >> + if (vq == NULL) { >> + VHOST_LOG_CONFIG(ERR, >> + "Failed to allocate memory for vring:%u.\n", i); >> + return -1; >> + } >> + >> + dev->virtqueue[i] = vq; >> + init_vring_queue(dev, vring_idx); >> + rte_spinlock_init(&vq->access_lock); >> + vq->avail_wrap_counter = 1; >> + vq->used_wrap_counter = 1; >> + vq->signalled_used_valid = false; >> + } >> >> - dev->nr_vring += 1; >> + dev->nr_vring = RTE_MAX(dev->nr_vring, vring_idx + 1); >> >> return 0; >> } >> -- >> 2.26.2 >
