diff options
author | Dave Barach <dave@barachs.net> | 2018-08-07 12:46:18 -0400 |
---|---|---|
committer | John Lo <loj@cisco.com> | 2018-08-07 18:10:35 +0000 |
commit | 21076e5d47ce294df4aa0e16cc92c183046f071e (patch) | |
tree | de123d38faf701c406da73206f6c705903afe623 /src | |
parent | ab955b1b44f3d606cef51a9471a6562a7135ab3e (diff) |
Fix dangling reference in l2fib_scan(...)
Deleting a bihash kvp frees the bucket's backing storage when the
bucket reference count reaches zero. l2fib_scan MUST check for that
condition, and stop scanning the bucket if it occurs. One of the L2
FIB extended "make test" vectors caused this issue 100% of the time.
Change-Id: I250bcc4c1518e16042120fbc4032227a759a602e
Signed-off-by: Dave Barach <dave@barachs.net>
(cherry picked from commit 28374cada08df61180044e24cb758fa570e73c9d)
Diffstat (limited to 'src')
-rw-r--r-- | src/vnet/l2/l2_fib.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/vnet/l2/l2_fib.c b/src/vnet/l2/l2_fib.c index 959cf4dea17..d891ced1080 100644 --- a/src/vnet/l2/l2_fib.c +++ b/src/vnet/l2/l2_fib.c @@ -1103,9 +1103,17 @@ l2fib_scan (vlib_main_t * vm, f64 start_time, u8 event_only) kv.key = key.raw; BV (clib_bihash_add_del) (&fm->mac_table, &kv, 0); learn_count--; + /* + * Note: we may have just freed the bucket's backing + * storage, so check right here... + */ + if (b->offset == 0) + goto doublebreak; } v++; } + doublebreak: + ; } /* keep learn count consistent */ |