[dpdk-dev] [PATCH v2] bus/vmbus: Fix crash when handling packets in secondary process

Long Li longli at microsoft.com
Tue Jul 27 00:16:50 CEST 2021


> Subject: [PATCH v2] bus/vmbus: Fix crash when handling packets in
> secondary process
> 
> Have secondary processes construct their own copy of primary channel with
> own mappings.
> 
> Remove vmbus_channel primary ptr from struct mapped_vmbus_resource
> as its not used.
> 
> Populate virtual memory address "addr" in struct rte_mem_resource for
> secondary processes as netvsc will attempt to reference it thus causing a
> crash. It was initialized for primary processes but not for secondary.
> Cc: stable at dpdk.org
> 
> Signed-off-by: Jonathan Erb <jonathan.erb at banduracyber.com>
> ---
> v2:
> * Remove unnecessary check for NULL pointer before call to rte_free() per
> reviwer comment.
> 
>  drivers/bus/vmbus/private.h          |  1 -
>  drivers/bus/vmbus/vmbus_channel.c    |  4 +---
>  drivers/bus/vmbus/vmbus_common_uio.c | 14 +++++++++-----
>  3 files changed, 10 insertions(+), 9 deletions(-)
> 
> diff --git a/drivers/bus/vmbus/private.h b/drivers/bus/vmbus/private.h
> index 528d60a42f..746212bd5f 100644
> --- a/drivers/bus/vmbus/private.h
> +++ b/drivers/bus/vmbus/private.h
> @@ -42,7 +42,6 @@ struct mapped_vmbus_resource {
> 
>  	rte_uuid_t id;
>  	int nb_maps;
> -	struct vmbus_channel *primary;
>  	struct vmbus_map maps[VMBUS_MAX_RESOURCE];
>  	char path[PATH_MAX];
>  };
> diff --git a/drivers/bus/vmbus/vmbus_channel.c
> b/drivers/bus/vmbus/vmbus_channel.c
> index f67f1c438a..119b9b367e 100644
> --- a/drivers/bus/vmbus/vmbus_channel.c
> +++ b/drivers/bus/vmbus/vmbus_channel.c
> @@ -351,10 +351,8 @@ int rte_vmbus_chan_open(struct rte_vmbus_device
> *device,
> 
>  	err = vmbus_chan_create(device, device->relid, 0,
>  				device->monitor_id, new_chan);
> -	if (!err) {
> +	if (!err)
>  		device->primary = *new_chan;
> -		uio_res->primary = *new_chan;
> -	}
> 
>  	return err;
>  }
> diff --git a/drivers/bus/vmbus/vmbus_common_uio.c
> b/drivers/bus/vmbus/vmbus_common_uio.c
> index 8582e32c1d..83c56b6fa2 100644
> --- a/drivers/bus/vmbus/vmbus_common_uio.c
> +++ b/drivers/bus/vmbus/vmbus_common_uio.c
> @@ -69,8 +69,10 @@ vmbus_uio_map_secondary(struct rte_vmbus_device
> *dev)
>  					     fd, offset,
>  					     uio_res->maps[i].size, 0);
> 
> -		if (mapaddr == uio_res->maps[i].addr)
> +		if (mapaddr == uio_res->maps[i].addr) {
> +			dev->resource[i].addr = mapaddr;
>  			continue;	/* successful map */
> +		}
> 
>  		if (mapaddr == MAP_FAILED)
>  			VMBUS_LOG(ERR,
> @@ -88,9 +90,9 @@ vmbus_uio_map_secondary(struct rte_vmbus_device
> *dev)
>  	/* fd is not needed in secondary process, close it */
>  	close(fd);
> 
> -	dev->primary = uio_res->primary;
> -	if (!dev->primary) {
> -		VMBUS_LOG(ERR, "missing primary channel");
> +	if (vmbus_chan_create(dev, dev->relid, 0,
> +					dev->monitor_id, &dev->primary)) {
> +		VMBUS_LOG(ERR, "cannot create primary channel");
>  		return -1;
>  	}

Looking at this closer, I don't think it will work for subchannels in the secondary process.

The code after is: 

        STAILQ_FOREACH(chan, &dev->primary->subchannel_list, next) {
                if (vmbus_uio_map_secondary_subchan(dev, chan) != 0) {
                        VMBUS_LOG(ERR, "cannot map secondary subchan");
                        return -1;
                }
        }

Because at this time, the primary channel is just created, "subchannel_list" should be NULL. The secondary process ends up running without subchannels. In the primary process, "subchannel_list" are populated when it calls hn_dev_configure(), so it is good.

Sorry I didn't spot this earlier. The best way to fix this is to use rte memory functions for allocating vmbus device.  In this way they can be properly mapped to the secondary process. But rte memory functions are not available at the time vmbus device is probed. I haven't been able to find a good way to fix this. Will keep looking.

Thanks,
Long


> 
> @@ -211,8 +213,10 @@ vmbus_uio_unmap_resource(struct
> rte_vmbus_device *dev)
>  		return;
> 
>  	/* secondary processes - just free maps */
> -	if (rte_eal_process_type() != RTE_PROC_PRIMARY)
> +	if (rte_eal_process_type() != RTE_PROC_PRIMARY) {
> +		rte_free(dev->primary);
>  		return vmbus_uio_unmap(uio_res);
> +	}
> 
>  	TAILQ_REMOVE(uio_res_list, uio_res, next);
> 
> --
> 2.17.1



More information about the dev mailing list