Prevent overflow if input network prefix is too small and crash on
packet #1 due to vector not being allocated/initialized.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I3494cc62ce889df48cc59cc9340b5dd70338c3a8
(cherry picked from commit f3d7bd9d4d652b1c4b687267acdb9fdb908a74bd)
If the id is invalid we cannot check whether we must free the message or
not, free it anyway.
Type: fix
Change-Id: Ie4426f601390d1e5e14c739f670e8c1e6e3aaf1e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit ff13e46215ab96df988310b4a20eddefad92de99)
When recycling a graph node vnet_register_interface, it is missing an
explicit call to vlib_worker_thread_node_runtime_update(). However,
there is an implicit call to vlib_worker_thread_node_runtime_update()
via vnet_sw_interface_set_flags_helper() if it enables a new feature on
the interface for the first time. But that implicit call is not
guaranteed. For example, if an interface is created, deleted, and
created, then it may skip the implicit call to
vlib_worker_thread_node_runtime_update(). When that happens, the graph
nodes on thread 0 are not sync'ed to the worker threads. So the worker
thread's graph nodes are out of sync momentarily with the main thread's
graph nodes until some other event happens which calls for a sync is
needed. During this window, the worker thread's graph node is
vulnerable and may experience a crash.
When deleting a graph node, we never trigger a sync to the worker
thread. A patch was committed 3 years ago via
https://gerrit.fd.io/r/c/vpp/+/7523 to fix a show run crash. In
hindsight, the approach taken by 7523 is not orthogonal. While at it,
let's fix it right for both issues with a call to
vlib_worker_thread_node_runtime_update() in the appropriate place and
remove 7523.
Type: fix
Ticket: VPPSUPP-86
Fixes: gerrit 7523 / 19e9d954bd9eb4f04d48640d6540198e84ef65d7
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic9472bd2d3a212dbfeceb526506ed0400983a142
(cherry picked from commit 1eae8ecb7acc7d80d5c08e300295bec94bf78f0b)
Add dpo_pool_barrier_sync/release, use them to clean up
thread-unsafe pool expansion cases.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I09299124a25f8d541e3bb4b75375568990e9b911
(cherry picked from commit 26d890eb4b1ab19fea4d2d02bfc6dc89d2c1b771)
adj_alloc (...) is not thread safe when the adj pool or combined
counter vectors expand.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I55710de6ecc083b7434e11798659cca9250c9131
(cherry picked from commit c2d2228e928b7c69dc88e9c3b7502966d0e32d8d)
load_balance_alloc_i(...) is not thread safe when the
load_balance_pool or combined counter vectors expand.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I7f295ed77350d1df0434d5ff461eedafe79131de
(cherry picked from commit 8341f76fd1cd4351961cd8161cfed2814fc55103)
Use %U and unformat_udp_port instead of %u for unformat() call for
u16 collector_port number in set_ipfix_exporter_command_fn() to
avoid corruption of other variables which can happen if unformat()
with %u is used with a 16-bit variable. This avoids crash due to
corrupted fib_index value.
Type: fix
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: Id54273fcc458a7f9c5aa4025aa91711f160c1c1a
(cherry picked from commit 2dca180db989ea7afacdf4e70cc85e4408557382)
Change in snat_ipfix_header_create() to use thread-specific
vlib_main_t *vm pointer to avoid problems with different threads
accessing the same vlib_main_t data structure. This avoids
assertion failure when vlib_time_now() is called with a vm
corresponding to a different thread.
Type: fix
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
Change-Id: I2096c1debb5688d3b97e5ed9a0ea78d94053d8b7
(cherry picked from commit 5556813fb63d28240a17ccf18f947e60c4cbb263)
Type: fix
when the interpose is on an adj-fib and the cover is removed the adj
source will not install. this lead to no path list being found for the
interpose source and a crash. pick a drop path list in this case.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ied217da043926c913657080f5ffb151201225d23
(cherry picked from commit 1bf6df4ff9c83bac1fc329a4b5c4d7061f13720a)
Cleanup L2/L3 mode switch to not redirect to/from ethernet-input node
as it is no longer necessary.
L2 patch should use sw_if_index for device feature enable/disable.
Type: fix
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I0f24161d027b07c188fd1e05276146f94c075710
(cherry picked from commit f415a3b53a51b261d08cc3312c25f250d6bc1bd6)
When vcl_epoll_wait_handle_mq handles rx events exceeding maxevents, VPP will not signal because cursize > 0, and the remaining rx events cannot be triggered because the eventfd event has been read. Therefore, we should dequeue all events until cursize = 0. And then handle msg up to maxevents with vcl_epoll_wait_handle_mq_event and those beyond with vcl_handle_mq_event.
Type: fix
Signed-off-by: hanlin <hanlin_wang@163.com>
Change-Id: I8a0c87cb41c837deb8284b40f668cc3c7d9d6e56
Signed-off-by: hanlin <hanlin_wang@163.com>
(cherry picked from commit d0e646f6892e9c85278c9538760a8940c86dcdbb)
If a cli command is run while there are no cli session, then
cm->cli_file_pool will not be initialized and we should not try to
operate on it.
Type: fix
Change-Id: Iaea15a23f7efd5b17fab13e6c1cbb3a9a34080e0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit a58be82dda89d6496f92e451b42eee31f0cf47b4)
cxgbe PMD initializes its control channel as part of dev_configure(),
and trying to get link status prior to it will lead to a crash.
DPDK documentation loosely hints that we should not call any device
function before dev_start(), call link_state() only for the relevant
PMDs.
From DPDK API documentation:
The functions exported by the application Ethernet API to setup a device
designated by its port identifier must be invoked in the following
order:
rte_eth_dev_configure()
rte_eth_tx_queue_setup()
rte_eth_rx_queue_setup()
rte_eth_dev_start()
Then, the network application can invoke, in any order, the functions
exported by the Ethernet API to get the MAC address of a given device,
to get the speed and the status of a device physical link, to
receive/transmit [burst of] packets, and so on.
Type: fix
Change-Id: I12d2ab4d84e6bd72a9f695447e86f3222929c804
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 31eb471d0cb0105ab74ee637028f4ab3cc00cf2a)
Calling ethernet_set_flags() to switch interface to/from promiscuous
mode must use use hw_if_index instead of sw_if_index.
Type: fix
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I72da286b913893227e32193ee11fbbc56e04804d
(cherry picked from commit 5b960c60f61c937d0f862be8a7573922b616de75)
Fix a couple endian conversions for displaying Marker Protocol packet
in the trace
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I746a67fb6143b5ad52bc4af9604ff8760dbdec9b
(cherry picked from commit 9a244b0a29b3ed517fc3442c9358d79907f67a24)
While https://gerrit.fd.io/r/c/vpp/+/26948 fixed avoid using -1 to
index into h->free_lists[b][l] by changing the loop counter, the
check for the value of the loop counter (l < 0) cannot be trusted
to decide whether we've found a large enough object within the bin
or not. When the loop is terminated, the value of the variable l
could be ambiguous if it equals to 0 and it is never less than 0,
ie, when we bail out of the loop, we don't know if it was due to the
breaking out of the condition in
if ((s = f_size - size) >= 0)
break;
or
while (l > 0);
The fix is to explicitly set a variable when we have found a large enough
object inside the loop to be used to test whether the loop was prematurely
terminated (found == 1) or the loop just ran exhausted (found == 0)
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I0161813fbd44dcba8982a767eac2e0930e9d77e3
(cherry picked from commit a5436ae2516edc955f26c6aa4103f5946ee8653c)
In search_free_list(), we have this do while loop.
do
{
l--;
f_index = h->free_lists[b][l];
f = elt_at (h, f_index);
f_size = heap_elt_size (v, f);
if ((s = f_size - size) >= 0)
break;
}
while (l >= 0);
When (l == 0), we still go back up to execute l--. Then l become -1. The
next statement is we index h->free_lists[b][-1]. After that, elt_at() would
probably cause a crash in the ASSERT.
Type: fix
Ticket: VPPSUPP-63
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I617d122aa221cfdfe38f8be50f4e0f0e76e11bb5
(cherry picked from commit ec7012e51edef4aec2239cb5b3a249f46d9b2cb0)
When using vppcom_session* apis to setup TCP sessions in applications build outside of the VPP repository, it is necessary to set the worker_index explicitly when these apis are called from the none-VCL worker threads. An example is when data is to be sent to the TCP session that is originated from a different thread, like the main program thread or from the bin api thread. This change allows the application to set it.
Type: fix
Signed-off-by: IJsbrand Wijnands <ice@cisco.com>
Change-Id: I37f3654a49ea9a8cf3a0d3d0e672583018c12299
(cherry picked from commit 6017ff0dd7a27c062d0ad4687bfc70a69747ac55)
The path to VPP source might contain a '+' when building it
with Yocto/OpenEmbedded.
Type: fix
Signed-off-by: Ruslan Babayev <ruslan@babayev.com>
Change-Id: I205ac0de7d8726724af0e30f5b199391e05dc615
(cherry picked from commit 7f286f720d6fe2115423212dda6af66dd810691d)
In hopes of restoring his +2 button...
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I2600daab5afa4334713695d1074706fbb287832f
(cherry picked from commit e891ac2f198e7c00dceb2f2c6510f9bdf1cb91d1)
vlib_free_simple_counter()
vlib_free_combined_counter()
Frees the name and two dimensional vector from the stats segment.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: If1becf7d09520ba41a3d59e2df94958ecfcf6948
(cherry picked from commit a568a19b2956ed8b94b11c2ef041412473dc8442)
vxlan_gpe_init() is already defined in libvnet. When loading ioam plugin
we end up having 2 different objects using the same symbol.
ASan in GCC-10 started to enforce the One-Definition-Rule and it seems
like good hygiene anyway.
Type: fix
Change-Id: I2ea9af1821bca6482a290742e9a109fc25692f37
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit 83ceffcd980494c6146ca67a0fa709b2c37ef13e)
When use the kv->v.memory_owner_thread_index as the index to get the
reass in pool, maybe this element is freed by the owner thread because
of timeout, too many fragments, and so on.
So we should check if do_handoff with kv->v.memory_owner_thread_index
before get the reass from pool.
Type: fix
Signed-off-by: Gao Feng <davidfgao@tencent.com>
Change-Id: Ie0f1dc368f86d0fd65292ca0c5e1908348015e09
(cherry picked from commit 9165e0365cc21575fd3e4a98be59317a839553f4)