Hi Maxime, The scenario where I encountered coredump was ovs-dpdk,
similar to patch: https://github.com/DPDK/dpdk/commit/52d874dc67055a943867456d3e5c730168bfba18. Only one thread called rte_vhost_driver_unregister(), but at the same time, two other threads called vhost_user_read_cb() and vhost_user_client_reconnect() respectively. The specific reasons for coredump are as follows: vhostuser port is created as client. Thread 1 calls rte_vhost_driver_unregister() to remove the vsocket of reconn from the reconn list. then “vhost-events” thread calls vhost_user_read_cb() to add the vsocket of reconn back to the reconn list. At this time, after thread 1 releases the vsocket memory, the socket of vhostuser reconnects successfully, "vhost_reconn" thread will access the released memory. Therefore, The fix is to perform a delete operation again after releasing the memory. >We need a Fixes tag and Cc sta...@dpdk.org so that it is backported. >The format is Firstname Lastname <email> I will modify and resubmit the patch, thank you. At 2024-06-24 17:20:00, "Maxime Coquelin" <maxime.coque...@redhat.com> wrote: >Hi, > >On 6/19/24 14:27, zhaoxinxin wrote: >> The rte_vhost_driver_unregister() vhost_user_read_cb() >> vhost_user_client_reconnect() can be called at the same time by 3 threads. >> when memory of vsocket is freed in rte_vhost_driver_unregister(), >> then vhost_user_read_cb() maybe add vsocket to reconn_list, >> the invalid memory of vsocket is accessed in vhost_user_client_reconnect(). > >It is not clear to me why 3 threads are calling >rte_vhost_driver_unregister() at the same time, isn't it an application >issue? > >> The core trace is: >> Program terminated with signal 11, Segmentation fault. >> The fix is to perform a delete operation again after releasing the memory >> > >We need a Fixes tag and Cc sta...@dpdk.org so that it is backported. > >> Signed-off-by: zhaoxinxin <15957197...@163.com> > >The format is Firstname Lastname <email> > > >> --- >> lib/vhost/socket.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/lib/vhost/socket.c b/lib/vhost/socket.c >> index a75728a2e4..01946096c4 100644 >> --- a/lib/vhost/socket.c >> +++ b/lib/vhost/socket.c >> @@ -1121,6 +1121,8 @@ rte_vhost_driver_unregister(const char *path) >> if (vsocket->is_server) { >> close(vsocket->socket_fd); >> unlink(path); >> + } else if (vsocket->reconnect) { >> + vhost_user_remove_reconnect(vsocket); >> } >> >> pthread_mutex_destroy(&vsocket->conn_mutex);
