summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteven Luong <sluong@cisco.com>2021-04-02 22:42:26 -0700
committerMatthew Smith <mgsmith@netgate.com>2021-04-05 20:26:28 +0000
commite2daada1d58368b7e77c2990e680bf58e4d94f2e (patch)
treef911bc22d79490a930743f7f30358049231590b9
parent42c5c207e7e62f82c34103f4207f3da3915732c4 (diff)
vhost: Crash upon disconnect
Patch 24601 introduced description into template. In vhost_user_process, template is reused inside the while loop to call clib_file_add. But description is allocated outside of the loop only once. As a result, the same storage for description is being referenced by all instances of call to clib_file_add. As long as we don't call clib_file_del, we may be good with multiple fds sharing the same storage for the description. When one of the fds disconnects and frees the description, the other fds is holding onto the free memory pointer. Bad news eventually happens when another fd disconnects and frees the description that was already free previously. The fix is to move the allocation of description inside the loop to avoid sharing. Type: fix Fixes: gerrit.fd.io/r/c/vpp/+/24601 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ie670931acdc2c7b851982d98fd0d837284a19036
-rw-r--r--src/vnet/devices/virtio/vhost_user.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/vnet/devices/virtio/vhost_user.c b/src/vnet/devices/virtio/vhost_user.c
index 5f04db09395..0ecc2ffb2ee 100644
--- a/src/vnet/devices/virtio/vhost_user.c
+++ b/src/vnet/devices/virtio/vhost_user.c
@@ -1271,7 +1271,6 @@ vhost_user_process (vlib_main_t * vm,
sun.sun_family = AF_UNIX;
template.read_function = vhost_user_socket_read;
template.error_function = vhost_user_socket_error;
- template.description = format (0, "vhost user process");
while (1)
{
@@ -1324,6 +1323,7 @@ vhost_user_process (vlib_main_t * vm,
template.file_descriptor = sockfd;
template.private_data =
vui - vhost_user_main.vhost_user_interfaces;
+ template.description = format (0, "vhost user process");
vui->clib_file_index = clib_file_add (&file_main, &template);
vui->num_qid = 2;