[PATCH] vhost: fix rte_vhost_vring_call coredump caused by numa_realloc free virtio_net

YuanXin yuanxin123456 at 126.com
Thu Mar 26 11:18:12 CET 2026

Previous message (by thread): [PATCH] vhost: fix rte_vhost_vring_call coredump caused by numa_realloc free virtio_net
Next message (by thread): [DPDK/ethdev Bug 1914] Inconsistent dpaa2 driver remove callback error reporting
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

backend may start poller when the first vq kick(like spdk), and access virtio_net
in poller pthread(reactor thread). At the same time, another vq kick
coming, then call numa_realloc to realloc virtio_net in numa node of
this vq, although virtio_net is already consistent with the first vq.
numa_realloc will free old virtio_net and set its member to 0, this
causes the previous poller pthread to access NULL ptr(latest code is
vhost_vring_inject_irq).
Why dev->flags & VIRTIO_DEV_RUNNING doesn't prevent that happening?
Because there is no lock protecting dev(virtio_net), only vq is protected
by lock.
So, it's no necessary to do dev_realloc for each vq kick when call numa_realloc.

Signed-off-by: YuanXin <yuanxin123456 at 126.com>
Signed-off-by: yuanxin36 <yuanxin36 at jd.com>
---
 lib/vhost/vhost_user.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c
index 4bfb13fb98..1312f95cbc 100644
--- a/lib/vhost/vhost_user.c
+++ b/lib/vhost/vhost_user.c
@@ -681,6 +681,9 @@ numa_realloc(struct virtio_net **pdev, struct vhost_virtqueue **pvq)
 
 out_dev_realloc:
 
+	if (vq->index > 0)
+		return;
+
 	if (dev->flags & VIRTIO_DEV_RUNNING)
 		return;
 
-- 
2.43.0

Previous message (by thread): [PATCH] vhost: fix rte_vhost_vring_call coredump caused by numa_realloc free virtio_net
Next message (by thread): [DPDK/ethdev Bug 1914] Inconsistent dpaa2 driver remove callback error reporting
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list