backend may start poller when the first vq kick(like spdk), and access virtio_net in poller pthread(reactor thread). At the same time, another vq kick coming, then call numa_realloc to realloc virtio_net in numa node of this vq, although virtio_net is already consistent with the first vq. numa_realloc will free old virtio_net and set its member to 0, this causes the previous poller pthread to access NULL ptr(latest code is vhost_vring_inject_irq). Why dev->flags & VIRTIO_DEV_RUNNING doesn't prevent that happening? Because there is no lock protecting dev(virtio_net), only vq is protected by lock. So, it's no necessary to do dev_realloc for each vq kick when call numa_realloc.
Signed-off-by: YuanXin <[email protected]> Signed-off-by: yuanxin36 <[email protected]> --- lib/vhost/vhost_user.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c index 4bfb13fb98..1312f95cbc 100644 --- a/lib/vhost/vhost_user.c +++ b/lib/vhost/vhost_user.c @@ -681,6 +681,9 @@ numa_realloc(struct virtio_net **pdev, struct vhost_virtqueue **pvq) out_dev_realloc: + if (vq->index > 0) + return; + if (dev->flags & VIRTIO_DEV_RUNNING) return; -- 2.43.0
