From 2add05a634961637314c51dba25da2323d41c600 Mon Sep 17 00:00:00 2001 From: Rafael Zalamena Date: Sun, 29 Sep 2024 17:31:06 -0300 Subject: [PATCH] pimd: prevent invalid memory access Signalize termination to functions so they can avoid accessing pointers that might be no longer available. Signed-off-by: Rafael Zalamena --- pimd/pim_instance.c | 2 ++ pimd/pim_instance.h | 2 ++ pimd/pim_tib.c | 7 +++++++ 3 files changed, 11 insertions(+) diff --git a/pimd/pim_instance.c b/pimd/pim_instance.c index f7c5ea3bcf..e18ae97d6f 100644 --- a/pimd/pim_instance.c +++ b/pimd/pim_instance.c @@ -26,6 +26,8 @@ static void pim_instance_terminate(struct pim_instance *pim) { + pim->stopping = true; + pim_vxlan_exit(pim); if (pim->ssm_info) { diff --git a/pimd/pim_instance.h b/pimd/pim_instance.h index 387926c907..1b7815d86c 100644 --- a/pimd/pim_instance.h +++ b/pimd/pim_instance.h @@ -192,6 +192,8 @@ struct pim_instance { uint64_t gm_rx_drop_sys; + bool stopping; + #if PIM_IPV == 6 struct { /** Embedded RP enable state. */ diff --git a/pimd/pim_tib.c b/pimd/pim_tib.c index 12ae0d6246..e21793b8ca 100644 --- a/pimd/pim_tib.c +++ b/pimd/pim_tib.c @@ -181,7 +181,14 @@ void tib_sg_gm_prune(struct pim_instance *pim, pim_sgaddr sg, Making the call to pim_channel_del_oif and ignoring the return code fixes the issue without ill effect, similar to pim_forward_stop below. + + Also on shutdown when the PIM upstream is removed the channel removal + may have already happened, so just return here instead of trying to + access an invalid pointer. */ + if (pim->stopping) + return; + result = pim_channel_del_oif(*oilp, oif, PIM_OIF_FLAG_PROTO_GM, __func__); if (result) { -- 2.39.5