From 0088b5dc55a91d27e572484e61df71b8ca2eddf4 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 21 May 2009 08:51:03 -0700 Subject: [bgpd] reference count the BGP instance When a BGP instance is deleted with lots of routes and neighbors it is possible for the peer rsclient queue to run after bgp_delete has been called. This would lead to bgpd crashing, see https://bugzilla.vyatta.com/show_bug.cgi?id=3436 The fix is to add reference counting to the BGP instance and defer actual freeing until all references are gone. This patch also fixes a memory leak where the self-reference peer instance was being created but never freed. The check in bgp_clear_route is no longer valid because it is possible for it to be called when peer is in Deleted state during cleanup. --- bgpd/bgp_route.c | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) (limited to 'bgpd/bgp_route.c') diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 01b3898a..a44d47ab 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -1562,6 +1562,7 @@ bgp_processq_del (struct work_queue *wq, void *data) { struct bgp_process_queue *pq = data; + bgp_unlock(pq->bgp); bgp_unlock_node (pq->rn); XFREE (MTYPE_BGP_PROCESS_QUEUE, pq); } @@ -1611,6 +1612,7 @@ bgp_process (struct bgp *bgp, struct bgp_node *rn, afi_t afi, safi_t safi) pqnode->rn = bgp_lock_node (rn); /* unlocked by bgp_processq_del */ pqnode->bgp = bgp; + bgp_lock(bgp); pqnode->afi = afi; pqnode->safi = safi; @@ -2843,19 +2845,6 @@ bgp_clear_route (struct peer *peer, afi_t afi, safi_t safi) */ if (!peer->clear_node_queue->thread) bgp_clear_node_complete (peer->clear_node_queue); - else - { - /* clearing queue scheduled. Normal if in Established state - * (and about to transition out of it), but otherwise... - */ - if (peer->status != Established) - { - plog_err (peer->log, "%s [Error] State %s is not Established," - " but routes were cleared - bug!", - peer->host, LOOKUP (bgp_status_msg, peer->status)); - assert (peer->status == Established); - } - } } void -- cgit v1.2.1