vhost: fix zmbufs array leak after NUMA realloc
Checks
Commit Message
'numa_realloc()' allocates 'zmbufs' even if zero copy mode
is not configured. This leads to memory leak, because array
is freed only for zero copy case.
Fixes: 2651726defb7 ("vhost: do deep copy while reallocating queue")
CC: stable@dpdk.org
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
---
lib/librte_vhost/vhost_user.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
Comments
On Wed, Aug 15, 2018 at 05:54:39PM +0300, Ilya Maximets wrote:
> 'numa_realloc()' allocates 'zmbufs' even if zero copy mode
> is not configured. This leads to memory leak, because array
> is freed only for zero copy case.
>
> Fixes: 2651726defb7 ("vhost: do deep copy while reallocating queue")
> CC: stable@dpdk.org
>
> Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
> ---
> lib/librte_vhost/vhost_user.c | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
> index a2d4c9ffc..9aa1ce118 100644
> --- a/lib/librte_vhost/vhost_user.c
> +++ b/lib/librte_vhost/vhost_user.c
> @@ -357,11 +357,13 @@ numa_realloc(struct virtio_net *dev, int index)
> memcpy(vq, old_vq, sizeof(*vq));
> TAILQ_INIT(&vq->zmbuf_list);
>
> - new_zmbuf = rte_malloc_socket(NULL, vq->zmbuf_size *
> - sizeof(struct zcopy_mbuf), 0, newnode);
> - if (new_zmbuf) {
> - rte_free(vq->zmbufs);
> - vq->zmbufs = new_zmbuf;
> + if (dev->dequeue_zero_copy) {
> + new_zmbuf = rte_malloc_socket(NULL, vq->zmbuf_size *
> + sizeof(struct zcopy_mbuf), 0, newnode);
> + if (new_zmbuf) {
> + rte_free(vq->zmbufs);
> + vq->zmbufs = new_zmbuf;
> + }
> }
>
> if (vq_is_packed(dev)) {
> --
> 2.17.1
>
Reviewed-by: Tiwei Bie <tiwei.bie@intel.com>
Thanks!
On 08/15/2018 04:54 PM, Ilya Maximets wrote:
> 'numa_realloc()' allocates 'zmbufs' even if zero copy mode
> is not configured. This leads to memory leak, because array
> is freed only for zero copy case.
>
> Fixes: 2651726defb7 ("vhost: do deep copy while reallocating queue")
> CC: stable@dpdk.org
>
> Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
> ---
> lib/librte_vhost/vhost_user.c | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
> index a2d4c9ffc..9aa1ce118 100644
> --- a/lib/librte_vhost/vhost_user.c
> +++ b/lib/librte_vhost/vhost_user.c
> @@ -357,11 +357,13 @@ numa_realloc(struct virtio_net *dev, int index)
> memcpy(vq, old_vq, sizeof(*vq));
> TAILQ_INIT(&vq->zmbuf_list);
>
> - new_zmbuf = rte_malloc_socket(NULL, vq->zmbuf_size *
> - sizeof(struct zcopy_mbuf), 0, newnode);
> - if (new_zmbuf) {
> - rte_free(vq->zmbufs);
> - vq->zmbufs = new_zmbuf;
> + if (dev->dequeue_zero_copy) {
> + new_zmbuf = rte_malloc_socket(NULL, vq->zmbuf_size *
> + sizeof(struct zcopy_mbuf), 0, newnode);
> + if (new_zmbuf) {
> + rte_free(vq->zmbufs);
> + vq->zmbufs = new_zmbuf;
> + }
> }
>
> if (vq_is_packed(dev)) {
>
Applied to dpdk-next-virtio/master.
Thanks!
Maxime
@@ -357,11 +357,13 @@ numa_realloc(struct virtio_net *dev, int index)
memcpy(vq, old_vq, sizeof(*vq));
TAILQ_INIT(&vq->zmbuf_list);
- new_zmbuf = rte_malloc_socket(NULL, vq->zmbuf_size *
- sizeof(struct zcopy_mbuf), 0, newnode);
- if (new_zmbuf) {
- rte_free(vq->zmbufs);
- vq->zmbufs = new_zmbuf;
+ if (dev->dequeue_zero_copy) {
+ new_zmbuf = rte_malloc_socket(NULL, vq->zmbuf_size *
+ sizeof(struct zcopy_mbuf), 0, newnode);
+ if (new_zmbuf) {
+ rte_free(vq->zmbufs);
+ vq->zmbufs = new_zmbuf;
+ }
}
if (vq_is_packed(dev)) {