[v5] lib/eal: fix segfaults in exiting
Checks
Commit Message
The 'eal-intr-thread' is not closed before memory cleanup in the process of
exiting. There is a small chance that the 'eal-intr-thread' is about to use
some pointers, the memory was just cleaned, which causes segfaults
caught by ASan.
This patch closes the 'eal-intr-thread' before memory cleanup in
'rte_eal_cleanup' to avoid segfaults, and adds a flag to avoid executing
'rte_eal_cleanup' in the child process which is forked to execut some
test cases(e.g. debug_autotest of dpdk-test).
Bugzilla ID: 1006
Cc: stable@dpdk.org
Signed-off-by: Zhichao Zeng <zhichaox.zeng@intel.com>
---
v2: add same API for FreeBSD
---
v3: fix rte_eal_cleanup crash in debug_autotest
---
v4: shorten the prompt message and optimize the commit log
---
v5: simplify patch
---
lib/eal/common/eal_private.h | 7 +++++++
lib/eal/freebsd/eal.c | 13 +++++++++++++
lib/eal/freebsd/eal_interrupts.c | 12 ++++++++++++
lib/eal/linux/eal.c | 13 +++++++++++++
lib/eal/linux/eal_interrupts.c | 12 ++++++++++++
5 files changed, 57 insertions(+)
Comments
On Tue, 6 Sep 2022 10:51:31 +0800
Zhichao Zeng <zhichaox.zeng@intel.com> wrote:
>
> +static void mark_forked(void)
> +{
> + is_forked++;
> +}
> +
This will end up counting application threads as well.
Also, it would need to be atomic.
> /* Launch threads, called at application init(). */
> int
> rte_eal_init(int argc, char **argv)
> @@ -1324,6 +1331,8 @@ rte_eal_init(int argc, char **argv)
>
> eal_mcfg_complete();
>
> + pthread_atfork(NULL, NULL, mark_forked);
> +
> return fctret;
> }
> int
> rte_eal_cleanup(void)
> {
> + if (is_forked)
> + return 0;
> +
rte_eal_cleanup is supposed to be called only once by application.
Hi Stephen,
> >
> > +static void mark_forked(void)
> > +{
> > + is_forked++;
> > +}
> > +
>
> This will end up counting application threads as well.
>
I think it would be counted in the child process when 'fork()' is called,
and in the parent process, it would be zero.
> Also, it would need to be atomic.
>
Thanks for your advice.
> > /* Launch threads, called at application init(). */ int
> > rte_eal_init(int argc, char **argv) @@ -1324,6 +1331,8 @@
> > rte_eal_init(int argc, char **argv)
> >
> > eal_mcfg_complete();
> >
> > + pthread_atfork(NULL, NULL, mark_forked);
> > +
> > return fctret;
> > }
>
> > int
> > rte_eal_cleanup(void)
> > {
> > + if (is_forked)
> > + return 0;
> > +
>
> rte_eal_cleanup is supposed to be called only once by application.
Yes. But in some case(e.g. debug_autotest of dpdk-test), it would fork
a child process to test 'rte_exit()', then it would call 'rte_eal_cleanup()'.
So 'is_forked' is introduced to avoid this situation.
Regards
Zhichao
@@ -152,6 +152,13 @@ int rte_eal_tailqs_init(void);
*/
int rte_eal_intr_init(void);
+/**
+ * Destroy interrupt handling thread.
+ *
+ * This function is private to EAL.
+ */
+void rte_eal_intr_destroy(void);
+
/**
* Close the default log stream
*
@@ -72,6 +72,8 @@ struct lcore_config lcore_config[RTE_MAX_LCORE];
/* used by rte_rdtsc() */
int rte_cycles_vmware_tsc_map;
+/* used to judge if is forked */
+static int is_forked;
int
eal_clean_runtime_dir(void)
@@ -574,6 +576,11 @@ static void rte_eal_init_alert(const char *msg)
RTE_LOG(ERR, EAL, "%s\n", msg);
}
+static void mark_forked(void)
+{
+ is_forked++;
+}
+
/* Launch threads, called at application init(). */
int
rte_eal_init(int argc, char **argv)
@@ -883,16 +890,22 @@ rte_eal_init(int argc, char **argv)
eal_mcfg_complete();
+ pthread_atfork(NULL, NULL, mark_forked);
+
return fctret;
}
int
rte_eal_cleanup(void)
{
+ if (is_forked)
+ return 0;
+
struct internal_config *internal_conf =
eal_get_internal_configuration();
rte_service_finalize();
rte_mp_channel_cleanup();
+ rte_eal_intr_destroy();
rte_trace_save();
eal_trace_fini();
/* after this point, any DPDK pointers will become dangling */
@@ -648,6 +648,18 @@ rte_eal_intr_init(void)
return ret;
}
+void
+rte_eal_intr_destroy(void)
+{
+ /* cancel the host thread to wait/handle the interrupt */
+ pthread_cancel(intr_thread);
+ pthread_join(intr_thread, NULL);
+
+ /* close kqueue */
+ close(kq);
+ kq = -1;
+}
+
int
rte_intr_rx_ctl(struct rte_intr_handle *intr_handle,
int epfd, int op, unsigned int vec, void *data)
@@ -76,6 +76,8 @@ struct lcore_config lcore_config[RTE_MAX_LCORE];
/* used by rte_rdtsc() */
int rte_cycles_vmware_tsc_map;
+/* used to judge if is forked */
+static int is_forked;
int
eal_clean_runtime_dir(void)
@@ -954,6 +956,11 @@ eal_worker_thread_create(unsigned int lcore_id)
return ret;
}
+static void mark_forked(void)
+{
+ is_forked++;
+}
+
/* Launch threads, called at application init(). */
int
rte_eal_init(int argc, char **argv)
@@ -1324,6 +1331,8 @@ rte_eal_init(int argc, char **argv)
eal_mcfg_complete();
+ pthread_atfork(NULL, NULL, mark_forked);
+
return fctret;
}
@@ -1347,6 +1356,9 @@ mark_freeable(const struct rte_memseg_list *msl, const struct rte_memseg *ms,
int
rte_eal_cleanup(void)
{
+ if (is_forked)
+ return 0;
+
/* if we're in a primary process, we need to mark hugepages as freeable
* so that finalization can release them back to the system.
*/
@@ -1362,6 +1374,7 @@ rte_eal_cleanup(void)
vfio_mp_sync_cleanup();
#endif
rte_mp_channel_cleanup();
+ rte_eal_intr_destroy();
rte_trace_save();
eal_trace_fini();
/* after this point, any DPDK pointers will become dangling */
@@ -1199,6 +1199,18 @@ rte_eal_intr_init(void)
return ret;
}
+void
+rte_eal_intr_destroy(void)
+{
+ /* cancel the host thread to wait/handle the interrupt */
+ pthread_cancel(intr_thread);
+ pthread_join(intr_thread, NULL);
+
+ /* close the pipe used by epoll */
+ close(intr_pipe.writefd);
+ close(intr_pipe.readfd);
+}
+
static void
eal_intr_proc_rxtx_intr(int fd, const struct rte_intr_handle *intr_handle)
{