From 2211277f3af5a6f50fedb3c6ccf65d4e96b1192a Mon Sep 17 00:00:00 2001 From: Liangxing Wang Date: Fri, 13 May 2022 04:24:19 +0000 Subject: vcl: fix iperf3 server crash issue when it runs over vpp host stack. Issue: Let iperf3 server run via ldp and vcl on top of vpp's host stack. If iperf3 client connects this iperf3 server with tcp MSS setting option, iperf3 server will always crash. Root cause: When MSS option is specified by iperf3 client, iperf3 server will recreate the listening socket firstly, then call setsockopt() to set MSS immediately. Iperf3 code can be referred here: https://github.com/esnet/iperf/blob/58332f8154e2140e40a6e0ea060a418138291718/src/iperf_tcp.c#L186. However, in vcl layer vpp_evt_q of this recreated session is not allocated yet. So iperf3 server crashes with vpp_evt_q null pointer access. Fix: Add session vpp_evt_q null pointer check in vcl_session_transport_attr(). Add a vcl test case for this MSS option scenario. Type: fix Signed-off-by: Liangxing Wang Change-Id: I2863bd0cffbe6e60108ab333f97c00530c006ba7 --- src/vcl/vppcom.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'src/vcl') diff --git a/src/vcl/vppcom.c b/src/vcl/vppcom.c index 7fffc3bcbe2..3a9a7fdc1a9 100644 --- a/src/vcl/vppcom.c +++ b/src/vcl/vppcom.c @@ -289,10 +289,17 @@ vcl_session_transport_attr (vcl_worker_t *wrk, vcl_session_t *s, u8 is_get, f64 timeout; ASSERT (!wrk->session_attr_op); + mq = s->vpp_evt_q; + if (PREDICT_FALSE (!mq)) + { + /* FIXME: attribute should be stored and sent once session is + * bound/connected to vpp */ + return 0; + } + wrk->session_attr_op = 1; wrk->session_attr_op_rv = -1; - mq = s->vpp_evt_q; app_alloc_ctrl_evt_to_vpp (mq, app_evt, SESSION_CTRL_EVT_TRANSPORT_ATTR); mp = (session_transport_attr_msg_t *) app_evt->evt->data; memset (mp, 0, sizeof (*mp)); -- cgit 1.2.3-korg