From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <padam.singh@inventum.net>
Received: from smtp137.dfw.emailsrvr.com (smtp137.dfw.emailsrvr.com
 [67.192.241.137]) by dpdk.org (Postfix) with ESMTP id 5E6095A44
 for <dev@dpdk.org>; Tue,  9 May 2017 20:04:11 +0200 (CEST)
Received: from smtp26.relay.dfw1a.emailsrvr.com (localhost [127.0.0.1])
 by smtp26.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id CD43AA0393
 for <dev@dpdk.org>; Tue,  9 May 2017 14:04:10 -0400 (EDT)
X-Auth-ID: padam.singh@inventum.net
Received: by smtp26.relay.dfw1a.emailsrvr.com (Authenticated sender:
 padam.singh-AT-inventum.net) with ESMTPSA id C04F3A0396
 for <dev@dpdk.org>; Tue,  9 May 2017 14:04:09 -0400 (EDT)
X-Sender-Id: padam.singh@inventum.net
Received: from [192.168.1.39] ([UNAVAILABLE]. [49.204.96.50])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384)
 by 0.0.0.0:25 (trex/5.7.12); Tue, 09 May 2017 14:04:10 -0400
From: Padam Jeet Singh <padam.singh@inventum.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Message-Id: <29C8F356-9A8F-4621-B6B0-DE66DDBA8F36@inventum.net>
Date: Tue, 9 May 2017 23:34:05 +0530
To: dev@dpdk.org
X-Mailer: Apple Mail (2.3259)
Subject: [dpdk-dev] Missing Null check in ip_frag_find?
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Tue, 09 May 2017 18:04:11 -0000

Hi,

I have been trying to trace a segfault in ip_frag_find which I am seeing =
in production for some time now.

In the following code in function ip_frag_find from ip_frag_internal.c, =
the lru is not being validated for being not null. At this point the =
table is guaranteed to have an entry in the tail queue? Is a null check =
on lru required here?

                /*
                 * we found a free entry, check if we can use it.
                 * If we run out of free entries in the table, then
                 * check if we have a timed out entry to delete.
                 */
                } else if (free !=3D NULL &&
                                tbl->max_entries <=3D tbl->use_entries) =
{
                        lru =3D TAILQ_FIRST(&tbl->lru);
                        if (max_cycles + lru->start < tms) {
                                ip_frag_tbl_del(tbl, dr, lru);
                        } else {
                                free =3D NULL;
                                IP_FRAG_TBL_STAT_UPDATE(&tbl->stat,
                                        fail_nospace, 1);
                        }
                }




Thanks,
Padam=