fib: refresh adj pointer after fib_walk_sync due to possible realloc

fib_walk_sync may call adj_alloc which may cause adj_pool to expand. When that happens, any previous frame which still use the old adj pointer needs to refresh. Failure to do so may access or update to the old adj memory unintentionally and crash mysteriously. Type: fix Ticket: VPPSUPP-54 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ia7c6cb03c1ed9ddbbfb12dd42c8abc7f5b3f210c
author: Steven Luong <sluong@cisco.com> 2020-01-29 13:26:47 -0800
committer: Steven Luong <sluong@cisco.com> 2020-01-29 15:21:39 -0800
commit: dfad26986077ff26b471c008a0fd77a79f767a3c (patch)
tree: 6d7a2aa22a465f3b947a2d4a869f4749d14e3ba7 /src/vnet/adj
parent: 0d40954b42519994b6b8ae1769d7a628d5f839fb (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/vnet/adj/adj_nbr.c b/src/vnet/adj/adj_nbr.c
index c80317a67a5..758be3bfe9e 100644
--- a/src/vnet/adj/adj_nbr.c
+++ b/src/vnet/adj/adj_nbr.c
@@ -449,6 +449,12 @@ adj_nbr_update_rewrite_internal (ip_adjacency_t *adj,
 	};
 
 	fib_walk_sync(FIB_NODE_TYPE_ADJ, walk_ai, &bw_ctx);
+	/*
+	 * fib_walk_sync may allocate a new adjacency and potentially cuase a realloc
+	 * for adj_pool. When that happens, adj pointer is no longer valid here.
+	 * We refresh the adj pointer accordingly.
+	 */
+	adj = adj_get (ai);
     }
 
     /*
author	Steven Luong <sluong@cisco.com>	2020-01-29 13:26:47 -0800
committer	Steven Luong <sluong@cisco.com>	2020-01-29 15:21:39 -0800
commit	dfad26986077ff26b471c008a0fd77a79f767a3c (patch)
tree	6d7a2aa22a465f3b947a2d4a869f4749d14e3ba7 /src/vnet/adj
parent	0d40954b42519994b6b8ae1769d7a628d5f839fb (diff)