> This issue was reported by OVS-DPDK project, and the fix should go to > upstream DPDK. This is not memnic-related - this is to do with > DPDK's rte_ivshmem library. > > Every DPDK data structure has a corresponding TAILQ reserved for it in > the runtime config file. Those TAILQs are fully local to the process, > however most data structures contain pointers to next entry in the > TAILQ. > > Since the data structures such as rings are shared in their entirety, > those TAILQ pointers are shared as well. Meaning that, after a > successful rte_ring creation, the tailq_next pointer of the last > ring in the TAILQ will be updated with a pointer to a ring which may > not be present in the address space of another process (i.e. a ring > that may be host-local or guest-local, and not shared over IVSHMEM). > Any successive ring create/lookup on the other side of IVSHMEM will > result in trying to dereference an invalid pointer. > > This patchset fixes this problem by creating a default tailq entry > that may be used by any data structure that chooses to use TAILQs. > This default TAILQ entry will consist of a tailq_next/tailq_prev > pointers, and an opaque pointer to arbitrary data. All TAILQ > pointers from data structures themselves will be removed and > replaced by those generic TAILQ entries, thus fixing the problem > of potentially exposing local address space to shared structures. > > Technically, only rte_ring structure require modification, because > IVSHMEM is only using memzones (which aren't in TAILQs) and rings, > but for consistency's sake other TAILQ-based data structures were > adapted as well. > > v2 changes: > * fixed race conditions in *_free operations > * fixed multiprocess support for malloc heaps > * added similar changes for acl > * rebased on top of e88b42f818bc1a6d4ce6cb70371b66e37fa34f7d > > v3 changes: > * fixed race reported by Konstantin Ananyev (introduced in v2) > > Anatoly Burakov (9): > eal: map shared config into exact same address as primary process > rte_tailq: change rte_dummy to rte_tailq_entry, add data pointer > rte_ring: make ring tailq fully local > rte_hash: make rte_hash tailq fully local > rte_fbk_hash: make rte_fbk_hash tailq fully local > rte_mempool: make mempool tailq fully local > rte_lpm: make lpm tailq fully local > rte_lpm6: make lpm6 tailq fully local > rte_acl: make acl tailq fully local > > app/test/test_tailq.c | 33 +++++----- > lib/librte_acl/acl.h | 1 - > lib/librte_acl/rte_acl.c | 74 > ++++++++++++++++++----- > lib/librte_eal/common/eal_common_tailqs.c | 2 +- > lib/librte_eal/common/include/rte_eal_memconfig.h | 5 ++ > lib/librte_eal/common/include/rte_tailq.h | 9 +-- > lib/librte_eal/linuxapp/eal/eal.c | 44 ++++++++++++-- > lib/librte_eal/linuxapp/eal/eal_ivshmem.c | 17 +++++- > lib/librte_hash/rte_fbk_hash.c | 73 +++++++++++++++++----- > lib/librte_hash/rte_fbk_hash.h | 3 - > lib/librte_hash/rte_hash.c | 61 ++++++++++++++++--- > lib/librte_hash/rte_hash.h | 2 - > lib/librte_lpm/rte_lpm.c | 65 ++++++++++++++++---- > lib/librte_lpm/rte_lpm.h | 2 - > lib/librte_lpm/rte_lpm6.c | 62 +++++++++++++++---- > lib/librte_mempool/Makefile | 3 +- > lib/librte_mempool/rte_mempool.c | 37 +++++++++--- > lib/librte_mempool/rte_mempool.h | 2 - > lib/librte_ring/Makefile | 4 +- > lib/librte_ring/rte_ring.c | 33 +++++++--- > lib/librte_ring/rte_ring.h | 2 - > 21 files changed, 415 insertions(+), 119 deletions(-) > > --
Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>