Fix dangling reference in l2fib_scan(...)

Deleting a bihash kvp frees the bucket's backing storage when the
bucket reference count reaches zero. l2fib_scan MUST check for that
condition, and stop scanning the bucket if it occurs. One of the L2
FIB extended "make test" vectors caused this issue 100% of the time.

Change-Id: I250bcc4c1518e16042120fbc4032227a759a602e
Signed-off-by: Dave Barach <dave@barachs.net>

diff --git a/src/vnet/l2/l2_fib.c b/src/vnet/l2/l2_fib.c
index 959cf4d..d891ced 100644 (file)
--- a/src/vnet/l2/l2_fib.c
+++ b/src/vnet/l2/l2_fib.c
@@ -1103,9 +1103,17 @@ l2fib_scan (vlib_main_t * vm, f64 start_time, u8 event_only)
              kv.key = key.raw;
              BV (clib_bihash_add_del) (&fm->mac_table, &kv, 0);
              learn_count--;
+             /*
+              * Note: we may have just freed the bucket's backing
+              * storage, so check right here...
+              */
+             if (b->offset == 0)
+               goto doublebreak;
            }
          v++;
        }
+    doublebreak:
+      ;
     }
 
   /* keep learn count consistent */