When use the kv->v.memory_owner_thread_index as the index to get the
reass in pool, maybe this element is freed by the owner thread because
of timeout, too many fragments, and so on.
So we should check if do_handoff with kv->v.memory_owner_thread_index
before get the reass from pool.
Type: fix
Signed-off-by: Gao Feng <davidfgao@tencent.com>
Change-Id: Ie0f1dc368f86d0fd65292ca0c5e1908348015e09
(cherry picked from commit
9165e0365cc21575fd3e4a98be59317a839553f4)
if (!clib_bihash_search_16_8
(&rm->hash, (clib_bihash_kv_16_8_t *) kv, (clib_bihash_kv_16_8_t *) kv))
{
+ if (vm->thread_index != kv->v.memory_owner_thread_index)
+ {
+ *do_handoff = 1;
+ return NULL;
+ }
reass =
pool_elt_at_index (rm->per_thread_data
[kv->v.memory_owner_thread_index].pool,
kv->v.reass_index);
- if (vm->thread_index != reass->memory_owner_thread_index)
- {
- *do_handoff = 1;
- return reass;
- }
if (now > reass->last_heard + rm->timeout)
{
if (!clib_bihash_search_48_8
(&rm->hash, (clib_bihash_kv_48_8_t *) kv, (clib_bihash_kv_48_8_t *) kv))
{
- reass =
- pool_elt_at_index (rm->per_thread_data
- [kv->v.memory_owner_thread_index].pool,
- kv->v.reass_index);
if (vm->thread_index != kv->v.memory_owner_thread_index)
{
*do_handoff = 1;
- return reass;
+ return NULL;
}
+ reass =
+ pool_elt_at_index (rm->per_thread_data
+ [kv->v.memory_owner_thread_index].pool,
+ kv->v.reass_index);
+
if (now > reass->last_heard + rm->timeout)
{
ip6_full_reass_on_timeout (vm, node, rm, reass, icmp_bi);
Code Review / vpp.git / commitdiff