]> git.puffer.fish Git - matthieu/frr.git/commitdiff
projects / matthieu / frr.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 32b20e1)
zebra: Do not allow old FPM to access freed memory after shutdown
authorDonald Sharp <sharpd@nvidia.com>
Fri, 19 May 2023 13:54:05 +0000 (09:54 -0400)
committerDonald Sharp <sharpd@nvidia.com>
Fri, 19 May 2023 14:02:19 +0000 (10:02 -0400)
On shutdown, the old FPM queues up dests to be sent to
the FPM listener.  This is done through the rib_shutdown
hook.  Which is called when the table that the routes are
stored in are being deleted.  This dest has pointers
to the rnode.  The rnode has pointers to the table it
is associated with as well as the table->info pointer for
the zebra data associated with this table.

The FPM after this attempts to tell this to it's listener
via events.  Unfortunately the zvrf, table_id and nl_pid
was being grabbed from memory that had been freed!  Since
all this can be grabbed from memory that has not been freed
on shutdown let's switch over to using that instead of freed
memory for gathering data.

Signed-off-by: Donald Sharp <sharpd@nvidia.com>
zebra/zebra_fpm_netlink.c patch | blob | history

diff --git a/zebra/zebra_fpm_netlink.c b/zebra/zebra_fpm_netlink.c
index 5adca14d717171b053f1f92733af0e9205e71b4e..ba34951e76e7700e93ad3b1bc8e6ae1185803ed3 100644 (file)
--- a/zebra/zebra_fpm_netlink.c
+++ b/zebra/zebra_fpm_netlink.c
@@ -252,20 +252,15 @@ static int netlink_route_info_fill(struct netlink_route_info *ri, int cmd,
                                   rib_dest_t *dest, struct route_entry *re)
 {
        struct nexthop *nexthop;
-       struct rib_table_info *table_info =
-               rib_table_info(rib_dest_table(dest));
-       struct zebra_vrf *zvrf = table_info->zvrf;
 
        memset(ri, 0, sizeof(*ri));
 
        ri->prefix = rib_dest_prefix(dest);
        ri->af = rib_dest_af(dest);
 
-       if (zvrf && zvrf->zns)
-               ri->nlmsg_pid = zvrf->zns->netlink_dplane_out.snl.nl_pid;
+       ri->nlmsg_pid = pid;
 
        ri->nlmsg_type = cmd;
-       ri->rtm_table = table_info->table_id;
        ri->rtm_protocol = RTPROT_UNSPEC;
 
        /*
@@ -280,6 +275,8 @@ static int netlink_route_info_fill(struct netlink_route_info *ri, int cmd,
                return 0;
        }
 
+       ri->rtm_table = re->table;
+
        ri->rtm_protocol = netlink_proto_from_route_type(re->type);
        ri->rtm_type = RTN_UNICAST;
        ri->metric = &re->metric;
Unnamed repository; edit this file 'description' to name the repository.