Hi list,

Recently I am testing my TCP application in a plugin, what I did is to
initiate a TCP client in my plugin, however, when I build the debug image
and test, the vpp
will crash and complaint about out of memory.

After doing some research, it seems the following code may cause the crash:





















*always_inline session_t *ho_session_alloc (void){  session_t *s;  ASSERT
(vlib_get_thread_index () == 0);  s = session_alloc (0);  s->session_state
= SESSION_STATE_CONNECTING;  s->flags |= SESSION_F_HALF_OPEN;  /* Not
ideal. Half-opens are only allocated from main with worker barrier   * but
can be cleaned up, i.e., session_half_open_free, from main without   * a
barrier. In debug images, the free_bitmap can grow while workers peek   *
the sessions pool, e.g., session_half_open_migrate_notify, and as a   *
result crash while validating the session. To avoid this, grow the bitmap
 * now. */  if (CLIB_DEBUG)    {      session_t *sp =
session_main.wrk[0].sessions;      clib_bitmap_validate (pool_header
(sp)->free_bitmap, s->session_index);    }  return s;}*

since the clib_bitmap_validate is defined as:



*/* Make sure that a bitmap is at least n_bits in size */#define
clib_bitmap_validate(v,n_bits) \  clib_bitmap_vec_validate ((v), ((n_bits)
- 1) / BITS (uword))*


The first half open session have a session_index with zero, so 0-1 will
make a overflow which cause it try to allocate (UINT64_MAX-1)/ 64 memory
which make
the vppinfra abort.

I think we should modify the code above with s->session_index + 1, if
that's correct, I will submit a patch later.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#22064): https://lists.fd.io/g/vpp-dev/message/22064
Mute This Topic: https://lists.fd.io/mt/94529335/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to