From ec2c4c494db7eb2115421730ce6b20299f3f5714 Mon Sep 17 00:00:00 2001 From: wanghanlin Date: Tue, 2 Mar 2021 17:18:06 +0800 Subject: api: fix crash when cf removed cf may be removed when: 1. linux_epoll_input_inline process two EPOLLIN events, firstly a normal message, secondly reading 0 bytes because of socket client crash, then cf removed without clear message added to pending event data vectors before 2. clib_file_write called Type: fix Signed-off-by: wanghanlin Change-Id: I4523e9bb322e98357575925f3113f710d70dd679 --- src/vlibmemory/socket_api.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'src/vlibmemory') diff --git a/src/vlibmemory/socket_api.c b/src/vlibmemory/socket_api.c index 546791bb5c6..d85339b4dff 100644 --- a/src/vlibmemory/socket_api.c +++ b/src/vlibmemory/socket_api.c @@ -148,6 +148,15 @@ vl_socket_api_send (vl_api_registration_t * rp, u8 * elem) error = clib_file_write (cf); unix_save_error (&unix_main, error); + /* Make sure cf not removed in clib_file_write */ + cf = vl_api_registration_file (rp); + if (!cf) + { + clib_warning ("cf removed"); + vl_msg_api_free ((void *) elem); + return; + } + /* If we didn't finish sending everything, wait for tx space */ if (vec_len (sock_rp->output_vector) > 0 && !(cf->flags & UNIX_FILE_DATA_AVAILABLE_TO_WRITE)) @@ -629,8 +638,8 @@ vl_api_sock_init_shm_t_handler (vl_api_sock_init_shm_t * mp) } if (regp->registration_type != REGISTRATION_TYPE_SOCKET_SERVER) { - rv = -31; /* VNET_API_ERROR_INVALID_REGISTRATION */ - goto reply; + clib_warning ("Invalid registration"); + return; } /* @@ -704,6 +713,11 @@ reply: /* Send the magic "here's your sign (aka fd)" socket message */ cf = vl_api_registration_file (regp); + if (!cf) + { + clib_warning ("cf removed"); + return; + } /* Wait for reply to be consumed before sending the fd */ while (tries-- > 0) -- cgit 1.2.3-korg