From 95a99382cbeb756344c02aef44f862abee53c3b8 Mon Sep 17 00:00:00 2001 From: Rafael Zalamena Date: Thu, 21 May 2020 16:02:44 -0300 Subject: [PATCH] bgpd: fix crash on daemon exit Don't attempt to send BFD daemon a message to remove the peer registration on daemon exit, otherwise we'll access a dangling interface pointer and we'll crash. This crash was not previosly possible because the function that built the message was passing the interface pointer but not using it due to the exit condition. In `lib/bfd.c`: ``` void bfd_peer_sendmsg(struct zclient *zclient, struct bfd_info *bfd_info, int family, void *dst_ip, void *src_ip, char *if_name, int ttl, int multihop, int cbit, int command, int set_flag, vrf_id_t vrf_id) { struct bfd_session_arg args = {}; size_t addrlen; /* Individual reg/dereg messages are suppressed during shutdown. */ if (CHECK_FLAG(bfd_gbl.flags, BFD_GBL_FLAG_IN_SHUTDOWN)) { if (bfd_debug) zlog_debug( "%s: Suppressing BFD peer reg/dereg messages", __func__); return; } ``` Signed-off-by: Rafael Zalamena --- bgpd/bgp_bfd.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/bgpd/bgp_bfd.c b/bgpd/bgp_bfd.c index 74ff6f4472..ad31fd6418 100644 --- a/bgpd/bgp_bfd.c +++ b/bgpd/bgp_bfd.c @@ -101,6 +101,19 @@ static void bgp_bfd_peer_sendmsg(struct peer *peer, int command) vrf_id_t vrf_id; size_t addrlen; + /* + * XXX: some pointers are dangling during shutdown, so instead of + * trying to send a message during signal handlers lets just wait BGP + * to terminate zebra's connection and BFD will automatically find + * out that we are no longer expecting notifications. + * + * The pointer that is causing a crash here is `peer->nexthop.ifp`. + * That happens because at this point of the shutdown all interfaces are + * already `free()`d. + */ + if (bm->terminating) + return; + bfd_info = (struct bfd_info *)peer->bfd_info; vrf_id = peer->bgp->vrf_id; -- 2.39.5