From 05dc895beaa57240c3157c878edc6d75f601cf53 Mon Sep 17 00:00:00 2001 From: Ziye Yang Date: Wed, 30 Jun 2021 19:52:49 +0800 Subject: [PATCH] sock/posix: Fix the coredump when removing the sock from socks_has_data list When entering the if case to order the list, there is bug should be fixed. The original code does not address this. The way this happens is when there is a connection left in the socks_with_data list between polls and there are enough new events detected that it would exceed the maximal number of events. A connection is left on this list between polls if it isn't fully drained via reads by the upper layer on each poll loop. Currently, the maximal socket event num is 32. Then we did not hit this issue in our normal test cases. But when you use NVMe-oF tcp target to test which is described in #2105, there are more than 32 active sockets, and it exceeeds the maximal num of events of polling (32), so we will trigger this issue. Fixes issue #2015 Change-Id: I9384476fdba8826f5fe55a5d2594e3f4ed3832ba Signed-off-by: Ziye Yang Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/8541 Community-CI: Mellanox Build Bot Reviewed-by: Changpeng Liu Reviewed-by: Ben Walker Tested-by: SPDK CI Jenkins --- module/sock/posix/posix.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/module/sock/posix/posix.c b/module/sock/posix/posix.c index bc060fcde..0652ec503 100644 --- a/module/sock/posix/posix.c +++ b/module/sock/posix/posix.c @@ -1499,7 +1499,6 @@ posix_sock_group_impl_poll(struct spdk_sock_group_impl *_group, int max_events, /* Break the link between C and D */ pc->link.tqe_next = NULL; - pd->link.tqe_prev = NULL; /* Connect F to A */ pf->link.tqe_next = pa; @@ -1508,6 +1507,9 @@ posix_sock_group_impl_poll(struct spdk_sock_group_impl *_group, int max_events, /* Fix up the list first/last pointers */ group->socks_with_data.tqh_first = pd; group->socks_with_data.tqh_last = &pc->link.tqe_next; + + /* D is in front of the list, make tqe prev pointer point to the head of list */ + pd->link.tqe_prev = &group->socks_with_data.tqh_first; } return num_events;