From: Dave Barach Date: Tue, 7 Aug 2018 16:46:18 +0000 (-0400) Subject: Fix dangling reference in l2fib_scan(...) X-Git-Tag: v18.10-rc1~480 X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F28%2F14028%2F2;p=vpp.git Fix dangling reference in l2fib_scan(...) Deleting a bihash kvp frees the bucket's backing storage when the bucket reference count reaches zero. l2fib_scan MUST check for that condition, and stop scanning the bucket if it occurs. One of the L2 FIB extended "make test" vectors caused this issue 100% of the time. Change-Id: I250bcc4c1518e16042120fbc4032227a759a602e Signed-off-by: Dave Barach --- diff --git a/src/vnet/l2/l2_fib.c b/src/vnet/l2/l2_fib.c index 959cf4dea17..d891ced1080 100644 --- a/src/vnet/l2/l2_fib.c +++ b/src/vnet/l2/l2_fib.c @@ -1103,9 +1103,17 @@ l2fib_scan (vlib_main_t * vm, f64 start_time, u8 event_only) kv.key = key.raw; BV (clib_bihash_add_del) (&fm->mac_table, &kv, 0); learn_count--; + /* + * Note: we may have just freed the bucket's backing + * storage, so check right here... + */ + if (b->offset == 0) + goto doublebreak; } v++; } + doublebreak: + ; } /* keep learn count consistent */