When memif CP processes the socket connection error, it may go through
the following code paths which may eventually cause double pool_put on a
clib_file
memif_master_conn_fd_error:633 -> memif_disconnect ->
memif_socket_close -> memif_file_del_by_index ->
clib_file_del_by_index -> clib_file_del -> pool_put
After memif_master_conn_fd_error:633, the code continues on
memif_maser_conn_fd_error:651 -> memif_file_del -> clib_file_del ->
pool_put
The fix is to skip calling memif_file_del in
memif_master_conn_fd_error:651 if uf->file_descriptor == ~0 to catch
problem from all possible paths in memif_master_conn_fd_error
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I0960998db1ff358a8ddd4a5e22188a244eccd270
memif_log_warn (0, "Error on unknown file descriptor %d",
uf->file_descriptor);
- memif_file_del (uf);
+ if (uf->file_descriptor != ~0)
+ memif_file_del (uf);
return 0;
}
Code Review / vpp.git / commitdiff