[v5] examples/vm_power_manager: use safe version of list iterator
Checks
Commit Message
From: Hamza Khan <hamza.khan@intel.com>
Currently, when vm_power_manager exits, we are using a LIST_FOREACH
macro to iterate over VM info structures while freeing them. This
leads to use-after-free error. To address this, replace all usages of
LIST_* with TAILQ_* macros, and use the RTE_TAILQ_FOREACH_SAFE macro
to iterate and delete VM info structures.
Fixes: e8ae9b662506 ("examples/vm_power: channel manager and monitor in host")
Cc: alan.carew@intel.com
Cc: stable@dpdk.org
Signed-off-by: Hamza Khan <hamza.khan@intel.com>
Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
Acked-by: David Hunt <david.hunt@intel.com>
---
examples/vm_power_manager/channel_manager.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
Comments
05/10/2022 00:09, Reshma Pattan:
> From: Hamza Khan <hamza.khan@intel.com>
>
> Currently, when vm_power_manager exits, we are using a LIST_FOREACH
> macro to iterate over VM info structures while freeing them. This
> leads to use-after-free error. To address this, replace all usages of
> LIST_* with TAILQ_* macros, and use the RTE_TAILQ_FOREACH_SAFE macro
> to iterate and delete VM info structures.
>
> Fixes: e8ae9b662506 ("examples/vm_power: channel manager and monitor in host")
> Cc: alan.carew@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Hamza Khan <hamza.khan@intel.com>
> Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
> Acked-by: David Hunt <david.hunt@intel.com>
> ---
> examples/vm_power_manager/channel_manager.c | 20 +++++++++++---------
> 1 file changed, 11 insertions(+), 9 deletions(-)
>
> diff --git a/examples/vm_power_manager/channel_manager.c b/examples/vm_power_manager/channel_manager.c
> index 838465ab4b..cb872ad2d5 100644
> --- a/examples/vm_power_manager/channel_manager.c
> +++ b/examples/vm_power_manager/channel_manager.c
> @@ -22,6 +22,7 @@
> #include <rte_mempool.h>
> #include <rte_log.h>
> #include <rte_spinlock.h>
> +#include <rte_tailq.h>
>
> #include <libvirt/libvirt.h>
>
> @@ -30,6 +31,7 @@
> #include "power_manager.h"
>
>
> +
> #define RTE_LOGTYPE_CHANNEL_MANAGER RTE_LOGTYPE_USER1
I suppose we don't need a third blank line here.
Removing.
[...]
> - LIST_FOREACH(vm_info, &vm_list_head, vms_info) {
> + RTE_TAILQ_FOREACH_SAFE(vm_info, &vm_list_head, vms_info, tmp) {
Applied, thanks.
@@ -22,6 +22,7 @@
#include <rte_mempool.h>
#include <rte_log.h>
#include <rte_spinlock.h>
+#include <rte_tailq.h>
#include <libvirt/libvirt.h>
@@ -30,6 +31,7 @@
#include "power_manager.h"
+
#define RTE_LOGTYPE_CHANNEL_MANAGER RTE_LOGTYPE_USER1
struct libvirt_vm_info lvm_info[MAX_CLIENTS];
@@ -58,16 +60,16 @@ struct virtual_machine_info {
virDomainInfo info;
rte_spinlock_t config_spinlock;
int allow_query;
- LIST_ENTRY(virtual_machine_info) vms_info;
+ RTE_TAILQ_ENTRY(virtual_machine_info) vms_info;
};
-LIST_HEAD(, virtual_machine_info) vm_list_head;
+RTE_TAILQ_HEAD(, virtual_machine_info) vm_list_head;
static struct virtual_machine_info *
find_domain_by_name(const char *name)
{
struct virtual_machine_info *info;
- LIST_FOREACH(info, &vm_list_head, vms_info) {
+ RTE_TAILQ_FOREACH(info, &vm_list_head, vms_info) {
if (!strncmp(info->name, name, CHANNEL_MGR_MAX_NAME_LEN-1))
return info;
}
@@ -878,7 +880,7 @@ add_vm(const char *vm_name)
new_domain->allow_query = 0;
rte_spinlock_init(&(new_domain->config_spinlock));
- LIST_INSERT_HEAD(&vm_list_head, new_domain, vms_info);
+ TAILQ_INSERT_HEAD(&vm_list_head, new_domain, vms_info);
return 0;
}
@@ -900,7 +902,7 @@ remove_vm(const char *vm_name)
rte_spinlock_unlock(&vm_info->config_spinlock);
return -1;
}
- LIST_REMOVE(vm_info, vms_info);
+ TAILQ_REMOVE(&vm_list_head, vm_info, vms_info);
rte_spinlock_unlock(&vm_info->config_spinlock);
rte_free(vm_info);
return 0;
@@ -953,7 +955,7 @@ channel_manager_init(const char *path __rte_unused)
{
virNodeInfo info;
- LIST_INIT(&vm_list_head);
+ TAILQ_INIT(&vm_list_head);
if (connect_hypervisor(path) < 0) {
global_n_host_cpus = 64;
global_hypervisor_available = 0;
@@ -1005,9 +1007,9 @@ channel_manager_exit(void)
{
unsigned i;
char mask[RTE_MAX_LCORE];
- struct virtual_machine_info *vm_info;
+ struct virtual_machine_info *vm_info, *tmp;
- LIST_FOREACH(vm_info, &vm_list_head, vms_info) {
+ RTE_TAILQ_FOREACH_SAFE(vm_info, &vm_list_head, vms_info, tmp) {
rte_spinlock_lock(&(vm_info->config_spinlock));
@@ -1022,7 +1024,7 @@ channel_manager_exit(void)
}
rte_spinlock_unlock(&(vm_info->config_spinlock));
- LIST_REMOVE(vm_info, vms_info);
+ TAILQ_REMOVE(&vm_list_head, vm_info, vms_info);
rte_free(vm_info);
}