From 329280c53e6d09002b67e4d052fe27a952bd19cf Mon Sep 17 00:00:00 2001 From: Erik Gabriel Carrillo Date: Thu, 20 Oct 2022 14:00:41 -0500 Subject: [PATCH] service: fix early move to inactive status Assume thread T2 is a service lcore that is in the middle of executing a service function. Also, assume thread T1 concurrently calls rte_service_lcore_stop(), which will set the "service_active_on_lcore" state to false. If thread T1 then calls rte_service_may_be_active(), it can return zero even though T2 is still running the service function. If T1 then proceeds to free data being used by T2, a crash can ensue. Move the logic that clears the "service_active_on_lcore" state from the rte_service_lcore_stop() function to the service_runner_func() to ensure that we: - don't let the "service_active_on_lcore" state linger as 1 - don't clear the state early Fixes: 6550113be62d ("service: fix lingering active status") Cc: stable@dpdk.org Signed-off-by: Erik Gabriel Carrillo Acked-by: Harry van Haaren --- lib/eal/common/rte_service.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/eal/common/rte_service.c b/lib/eal/common/rte_service.c index 81c9514149..bcc2e19077 100644 --- a/lib/eal/common/rte_service.c +++ b/lib/eal/common/rte_service.c @@ -479,6 +479,7 @@ static int32_t service_runner_func(void *arg) { RTE_SET_USED(arg); + uint8_t i; const int lcore = rte_lcore_id(); struct core_state *cs = &lcore_states[lcore]; @@ -494,7 +495,6 @@ service_runner_func(void *arg) const uint64_t service_mask = cs->service_mask; uint8_t start_id; uint8_t end_id; - uint8_t i; if (service_mask == 0) continue; @@ -510,6 +510,12 @@ service_runner_func(void *arg) __atomic_store_n(&cs->loops, cs->loops + 1, __ATOMIC_RELAXED); } + /* Switch off this core for all services, to ensure that future + * calls to may_be_active() know this core is switched off. + */ + for (i = 0; i < RTE_SERVICE_NUM_MAX; i++) + cs->service_active_on_lcore[i] = 0; + /* Use SEQ CST memory ordering to avoid any re-ordering around * this store, ensuring that once this store is visible, the service * lcore thread really is done in service cores code. @@ -806,11 +812,6 @@ rte_service_lcore_stop(uint32_t lcore) __atomic_load_n(&rte_services[i].num_mapped_cores, __ATOMIC_RELAXED)); - /* Switch off this core for all services, to ensure that future - * calls to may_be_active() know this core is switched off. - */ - cs->service_active_on_lcore[i] = 0; - /* if the core is mapped, and the service is running, and this * is the only core that is mapped, the service would cease to * run if this core stopped, so fail instead.