Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 39d6dec)
session: fix tx_fifo clear and incorrect bitmap invalidation 67/37567/6
authorDongya Zhang <fortitude.zhang@gmail.com>
Thu, 3 Nov 2022 07:22:34 +0000 (15:22 +0800)
committerDongya Zhang <fortitude.zhang@gmail.com>
Thu, 3 Nov 2022 08:22:54 +0000 (16:22 +0800)
The tx_fifo of session may not be set up yet, if app request to
disconnect the session, svm_fifo_dequeue_drop_all will crash.

In debug image, ho_session_alloc will do clib_bitmap_validate to
prevent race condition, however the input is not correct which
will make vpp crash.

Type: fix
Change-Id: Ia8bff325d238eacb671e6764ea2a4eecd3fca609
Signed-off-by: Dongya Zhang <fortitude.zhang@gmail.com>
src/vnet/session/session.c patch | blob | history
src/vnet/session/session.h patch | blob | history

diff --git a/src/vnet/session/session.c b/src/vnet/session/session.c
index a56ff9f..91e9ed5 100644 (file)
--- a/src/vnet/session/session.c
+++ b/src/vnet/session/session.c
@@ -1539,8 +1539,11 @@ session_close (session_t * s)
       return;
     }
 
-  /* App closed so stop propagating dequeue notifications */
-  svm_fifo_clear_deq_ntf (s->tx_fifo);
+  /* App closed so stop propagating dequeue notifications.
+   * App might disconnect session before connected, in this case,
+   * tx_fifo may not be setup yet, so clear only it's inited. */
+  if (s->tx_fifo)
+    svm_fifo_clear_deq_ntf (s->tx_fifo);
   session_set_state (s, SESSION_STATE_CLOSING);
   session_program_transport_ctrl_evt (s, SESSION_CTRL_EVT_CLOSE);
 }
@@ -1553,8 +1556,11 @@ session_reset (session_t * s)
 {
   if (s->session_state >= SESSION_STATE_CLOSING)
     return;
-  /* Drop all outstanding tx data */
-  svm_fifo_dequeue_drop_all (s->tx_fifo);
+  /* Drop all outstanding tx data
+   * App might disconnect session before connected, in this case,
+   * tx_fifo may not be setup yet, so clear only it's inited. */
+  if (s->tx_fifo)
+    svm_fifo_dequeue_drop_all (s->tx_fifo);
   session_set_state (s, SESSION_STATE_CLOSING);
   session_program_transport_ctrl_evt (s, SESSION_CTRL_EVT_RESET);
 }
diff --git a/src/vnet/session/session.h b/src/vnet/session/session.h
index 54740e6..0ccd3fb 100644 (file)
--- a/src/vnet/session/session.h
+++ b/src/vnet/session/session.h
@@ -681,7 +681,8 @@ ho_session_alloc (void)
   if (CLIB_DEBUG)
     {
       session_t *sp = session_main.wrk[0].sessions;
-      clib_bitmap_validate (pool_header (sp)->free_bitmap, s->session_index);
+      clib_bitmap_validate (pool_header (sp)->free_bitmap,
+                           s->session_index + 1);
     }
   return s;
 }
Vector Packet Processing