From 7a87c71542ae42626e4bc4f5b9a1e98b8a8e400a Mon Sep 17 00:00:00 2001
From: Dongya Zhang <fortitude.zhang@gmail.com>
Date: Thu, 3 Nov 2022 15:22:34 +0800
Subject: session: fix tx_fifo clear and incorrect bitmap invalidation

The tx_fifo of session may not be set up yet, if app request to
disconnect the session, svm_fifo_dequeue_drop_all will crash.

In debug image, ho_session_alloc will do clib_bitmap_validate to
prevent race condition, however the input is not correct which
will make vpp crash.

Type: fix
Change-Id: Ia8bff325d238eacb671e6764ea2a4eecd3fca609
Signed-off-by: Dongya Zhang <fortitude.zhang@gmail.com>
---
 src/vnet/session/session.c | 14 ++++++++++----
 src/vnet/session/session.h |  3 ++-
 2 files changed, 12 insertions(+), 5 deletions(-)

(limited to 'src/vnet')

diff --git a/src/vnet/session/session.c b/src/vnet/session/session.c
index a56ff9fe800..91e9ed5451d 100644
--- a/src/vnet/session/session.c
+++ b/src/vnet/session/session.c
@@ -1539,8 +1539,11 @@ session_close (session_t * s)
       return;
     }
 
-  /* App closed so stop propagating dequeue notifications */
-  svm_fifo_clear_deq_ntf (s->tx_fifo);
+  /* App closed so stop propagating dequeue notifications.
+   * App might disconnect session before connected, in this case,
+   * tx_fifo may not be setup yet, so clear only it's inited. */
+  if (s->tx_fifo)
+    svm_fifo_clear_deq_ntf (s->tx_fifo);
   session_set_state (s, SESSION_STATE_CLOSING);
   session_program_transport_ctrl_evt (s, SESSION_CTRL_EVT_CLOSE);
 }
@@ -1553,8 +1556,11 @@ session_reset (session_t * s)
 {
   if (s->session_state >= SESSION_STATE_CLOSING)
     return;
-  /* Drop all outstanding tx data */
-  svm_fifo_dequeue_drop_all (s->tx_fifo);
+  /* Drop all outstanding tx data
+   * App might disconnect session before connected, in this case,
+   * tx_fifo may not be setup yet, so clear only it's inited. */
+  if (s->tx_fifo)
+    svm_fifo_dequeue_drop_all (s->tx_fifo);
   session_set_state (s, SESSION_STATE_CLOSING);
   session_program_transport_ctrl_evt (s, SESSION_CTRL_EVT_RESET);
 }
diff --git a/src/vnet/session/session.h b/src/vnet/session/session.h
index 54740e64cf0..0ccd3fb13bd 100644
--- a/src/vnet/session/session.h
+++ b/src/vnet/session/session.h
@@ -681,7 +681,8 @@ ho_session_alloc (void)
   if (CLIB_DEBUG)
     {
       session_t *sp = session_main.wrk[0].sessions;
-      clib_bitmap_validate (pool_header (sp)->free_bitmap, s->session_index);
+      clib_bitmap_validate (pool_header (sp)->free_bitmap,
+			    s->session_index + 1);
     }
   return s;
 }
-- 
cgit 1.2.3-korg