diff mbox

[dpdk-dev,v2] ivshmem: fix race condition

Message ID 1459509732-22664-1-git-send-email-mauricio.vasquezbernal@studenti.polito.it (mailing list archive)
State Accepted, archived
Headers

Commit Message

Mauricio Vasquez B April 1, 2016, 11:22 a.m. UTC 
  The memory zone could be freed just after adding it to the metadata
file and just before marking it as not freeable.
This patch changes the locking logic in order to prevent it.

Fixes: cd10c42eb5bc ("mem: fix ivshmem freeing")

Signed-off-by: Mauricio Vasquez B <mauricio.vasquezbernal@studenti.polito.it>
---
 lib/librte_ivshmem/rte_ivshmem.c | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

Comments

Anatoly Burakov April 1, 2016, 11:30 a.m. UTC | #1 
> The memory zone could be freed just after adding it to the metadata
> file and just before marking it as not freeable.
> This patch changes the locking logic in order to prevent it.
> 
> Fixes: cd10c42eb5bc ("mem: fix ivshmem freeing")
> 
> Signed-off-by: Mauricio Vasquez B
> <mauricio.vasquezbernal@studenti.polito.it>
> ---
>  lib/librte_ivshmem/rte_ivshmem.c | 22 +++++++++++++---------
>  1 file changed, 13 insertions(+), 9 deletions(-)
> 
> diff --git a/lib/librte_ivshmem/rte_ivshmem.c
> b/lib/librte_ivshmem/rte_ivshmem.c
> index 8fc4b57..013c3eb 100644
> --- a/lib/librte_ivshmem/rte_ivshmem.c
> +++ b/lib/librte_ivshmem/rte_ivshmem.c
> @@ -471,10 +471,21 @@ add_memzone_to_metadata(const struct
> rte_memzone * mz,
>  		struct ivshmem_config * config)
>  {
>  	struct rte_ivshmem_metadata_entry * entry;
> -	unsigned i;
> +	unsigned i, idx;
> +	struct rte_mem_config *mcfg;
> +
> +	if(mz->len == 0) {
> +		RTE_LOG(ERR, EAL, "Trying to add an empty memzone\n");
> +		return -1;
> +	}
> 
>  	rte_spinlock_lock(&config->sl);
> 
> +	mcfg = rte_eal_get_configuration()->mem_config;
> +
> +	/* it prevents the memzone being freed while we add it to the
> metadata */
> +	rte_rwlock_write_lock(&mcfg->mlock);
> +
>  	/* find free slot in this config */
>  	for (i = 0; i < RTE_DIM(config->metadata->entry); i++) {
>  		entry = &config->metadata->entry[i];
> @@ -504,13 +515,6 @@ add_memzone_to_metadata(const struct
> rte_memzone * mz,
>  				config->metadata->name);
>  		goto fail;
>  	}
> -#ifdef RTE_LIBRTE_IVSHMEM
> -	struct rte_mem_config *mcfg;
> -	unsigned int idx;
> -
> -	mcfg = rte_eal_get_configuration()->mem_config;
> -
> -	rte_rwlock_write_lock(&mcfg->mlock);
> 
>  	idx = ((uintptr_t)mz - (uintptr_t)mcfg->memzone);
>  	idx = idx / sizeof(struct rte_memzone);
> @@ -519,10 +523,10 @@ add_memzone_to_metadata(const struct
> rte_memzone * mz,
>  	mcfg->memzone[idx].ioremap_addr = mz->phys_addr;
> 
>  	rte_rwlock_write_unlock(&mcfg->mlock);
> -#endif
>  	rte_spinlock_unlock(&config->sl);
>  	return 0;
>  fail:
> +	rte_rwlock_write_unlock(&mcfg->mlock);
>  	rte_spinlock_unlock(&config->sl);
>  	return -1;
>  }
> --
> 1.9.1

Acked-by: Anatoly  Burakov <anatoly.burakov@intel.com>
Thomas Monjalon April 1, 2016, 1:35 p.m. UTC | #2 
> > The memory zone could be freed just after adding it to the metadata
> > file and just before marking it as not freeable.
> > This patch changes the locking logic in order to prevent it.
> > 
> > Fixes: cd10c42eb5bc ("mem: fix ivshmem freeing")
> > 
> > Signed-off-by: Mauricio Vasquez B
> > <mauricio.vasquezbernal@studenti.polito.it>
> 
> Acked-by: Anatoly  Burakov <anatoly.burakov@intel.com>

Applied, thanks
diff mbox

Patch

diff --git a/lib/librte_ivshmem/rte_ivshmem.c b/lib/librte_ivshmem/rte_ivshmem.c
index 8fc4b57..013c3eb 100644
--- a/lib/librte_ivshmem/rte_ivshmem.c
+++ b/lib/librte_ivshmem/rte_ivshmem.c
@@ -471,10 +471,21 @@  add_memzone_to_metadata(const struct rte_memzone * mz,
 		struct ivshmem_config * config)
 {
 	struct rte_ivshmem_metadata_entry * entry;
-	unsigned i;
+	unsigned i, idx;
+	struct rte_mem_config *mcfg;
+
+	if(mz->len == 0) {
+		RTE_LOG(ERR, EAL, "Trying to add an empty memzone\n");
+		return -1;
+	}
 
 	rte_spinlock_lock(&config->sl);
 
+	mcfg = rte_eal_get_configuration()->mem_config;
+
+	/* it prevents the memzone being freed while we add it to the metadata */
+	rte_rwlock_write_lock(&mcfg->mlock);
+
 	/* find free slot in this config */
 	for (i = 0; i < RTE_DIM(config->metadata->entry); i++) {
 		entry = &config->metadata->entry[i];
@@ -504,13 +515,6 @@  add_memzone_to_metadata(const struct rte_memzone * mz,
 				config->metadata->name);
 		goto fail;
 	}
-#ifdef RTE_LIBRTE_IVSHMEM
-	struct rte_mem_config *mcfg;
-	unsigned int idx;
-
-	mcfg = rte_eal_get_configuration()->mem_config;
-
-	rte_rwlock_write_lock(&mcfg->mlock);
 
 	idx = ((uintptr_t)mz - (uintptr_t)mcfg->memzone);
 	idx = idx / sizeof(struct rte_memzone);
@@ -519,10 +523,10 @@  add_memzone_to_metadata(const struct rte_memzone * mz,
 	mcfg->memzone[idx].ioremap_addr = mz->phys_addr;
 
 	rte_rwlock_write_unlock(&mcfg->mlock);
-#endif
 	rte_spinlock_unlock(&config->sl);
 	return 0;
 fail:
+	rte_rwlock_write_unlock(&mcfg->mlock);
 	rte_spinlock_unlock(&config->sl);
 	return -1;
 }