session: fix tx_fifo clear and incorrect bitmap invalidation

The tx_fifo of session may not be set up yet, if app request to
disconnect the session, svm_fifo_dequeue_drop_all will crash.

In debug image, ho_session_alloc will do clib_bitmap_validate to
prevent race condition, however the input is not correct which
will make vpp crash.

Type: fix
Change-Id: Ia8bff325d238eacb671e6764ea2a4eecd3fca609
Signed-off-by: Dongya Zhang <fortitude.zhang@gmail.com>

src/vnet/session/session.c

@@ -1539,8 +1539,11 @@ session_close (session_t * s)
       return;
     }
 
-  /* App closed so stop propagating dequeue notifications */
-  svm_fifo_clear_deq_ntf (s->tx_fifo);
+  /* App closed so stop propagating dequeue notifications.
+   * App might disconnect session before connected, in this case,
+   * tx_fifo may not be setup yet, so clear only it's inited. */
+  if (s->tx_fifo)
+    svm_fifo_clear_deq_ntf (s->tx_fifo);
   session_set_state (s, SESSION_STATE_CLOSING);
   session_program_transport_ctrl_evt (s, SESSION_CTRL_EVT_CLOSE);
 }
@@ -1553,8 +1556,11 @@ session_reset (session_t * s)
 {
   if (s->session_state >= SESSION_STATE_CLOSING)
     return;
-  /* Drop all outstanding tx data */
-  svm_fifo_dequeue_drop_all (s->tx_fifo);
+  /* Drop all outstanding tx data
+   * App might disconnect session before connected, in this case,
+   * tx_fifo may not be setup yet, so clear only it's inited. */
+  if (s->tx_fifo)
+    svm_fifo_dequeue_drop_all (s->tx_fifo);
   session_set_state (s, SESSION_STATE_CLOSING);
   session_program_transport_ctrl_evt (s, SESSION_CTRL_EVT_RESET);
 }

src/vnet/session/session.h

@@ -681,7 +681,8 @@ ho_session_alloc (void)
   if (CLIB_DEBUG)
     {
       session_t *sp = session_main.wrk[0].sessions;
-      clib_bitmap_validate (pool_header (sp)->free_bitmap, s->session_index);
+      clib_bitmap_validate (pool_header (sp)->free_bitmap,
+			    s->session_index + 1);
     }
   return s;
 }