port_flow_destroy() function never assumed that rule array can be freed
when it's executing, and port_flow_aged() just violated that assumption.
In case of flow async create failure, it tries to do a cleanup, but it
wrongly removes a 1st flow (with id 0). pf->id is not set at this
moment and it always is 0, thus 1st flow is removed. A local copy of
flow->id must be used to call of port_flow_destroy() to avoid access
and processing of flow->id after the flow is removed.
Fixes: de956d5ecf08 ("app/testpmd: support age shared action context")
Cc: sta...@dpdk.org
Signed-off-by: Danylo Vodopianov <dvo-...@napatech.com>
---
app/test-pmd/config.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/app/test-pmd/config.c b/app/test-pmd/config.c
index c831166431..28d45568ac 100644
--- a/app/test-pmd/config.c
+++ b/app/test-pmd/config.c
@@ -4160,8 +4160,10 @@ port_flow_aged(portid_t port_id, uint8_t destroy)
}
type = (enum age_action_context_type *)contexts[idx];
switch (*type) {
- case ACTION_AGE_CONTEXT_TYPE_FLOW:
+ case ACTION_AGE_CONTEXT_TYPE_FLOW: {
+ uint64_t flow_id;
ctx.pf = container_of(type, struct port_flow, age_type);
+ flow_id = ctx.pf->id;
printf("%-20s\t%" PRIu64 "\t%" PRIu32 "\t%" PRIu32
"\t%c%c%c\t\n",
"Flow",
@@ -4172,9 +4174,10 @@ port_flow_aged(portid_t port_id, uint8_t destroy)
ctx.pf->rule.attr->egress ? 'e' : '-',
ctx.pf->rule.attr->transfer ? 't' : '-');
if (destroy && !port_flow_destroy(port_id, 1,
- &ctx.pf->id, false))
+ &flow_id, false))
total++;
break;
+ }
case ACTION_AGE_CONTEXT_TYPE_INDIRECT_ACTION:
ctx.pia = container_of(type,
struct port_indirect_action, age_type);
--
2.43.5
