Fix crypto session deletion crash

When using a DPDK cryptodev with IPsec, deleting a
session often results in a SEGV. A bad pointer
is being passed to rte_cryptodev_sym_session_free().

Put the correct value on the crypto disposal list and
add a check to determine whether the call to free the
session is going to result in a crash before doing
it.

Change-Id: I8a6b0a594585ebcfa56b555ede7ef7d67e5e2b33
Signed-off-by: Matthew Smith <mgsmith@netgate.com>

diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c
index 3dce075..dbb069c 100644 (file)
--- a/src/plugins/dpdk/ipsec/ipsec.c
+++ b/src/plugins/dpdk/ipsec/ipsec.c
@@ -457,8 +457,11 @@ dpdk_crypto_session_disposal (crypto_session_disposal_t * v, u64 ts)
          set_session_private_data (s->session, drv_id, NULL);
        }
 
-      ret = rte_cryptodev_sym_session_free (s->session);
-      ASSERT (!ret);
+      if (rte_mempool_from_obj(s->session))
+       {
+         ret = rte_cryptodev_sym_session_free (s->session);
+         ASSERT (!ret);
+       }
     }
   /* *INDENT-ON* */
 
@@ -505,18 +508,18 @@ add_del_sa_session (u32 sa_index, u8 is_add)
   vec_foreach (data, dcm->data)
     {
       val = hash_get (data->session_by_sa_index, sa_index);
-      s = (struct rte_cryptodev_sym_session *) val;
 
-      if (!s)
+      if (!val)
        continue;
 
+      s = (struct rte_cryptodev_sym_session *) val[0];
+
       vec_foreach_index (drv_id, dcm->drv)
        {
          key.drv_id = drv_id;
          val = hash_get (data->session_by_drv_id_and_sa_index, key.val);
-         s = (struct rte_cryptodev_sym_session *) val;
 
-         if (!s)
+         if (!val)
            continue;
 
          hash_unset (data->session_by_drv_id_and_sa_index, key.val);