[dpdk-dev] [PATCH v2] ipc: fix use-after-free on failed send

Thomas Monjalon thomas at monjalon.net
Thu Nov 22 23:09:57 CET 2018

Previous message: [dpdk-dev] [PATCH v2] ipc: fix use-after-free on failed send
Next message: [dpdk-dev] [PATCH] net/ena: fix out of order completion
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

20/11/2018 17:18, Anatoly Burakov:
> Previous fix for rte_panic has moved setting of alarm before
> sending the message. This means that whether we send a message,
> the alarm would still trigger. The comment noted that cleanup
> would happen in the alarm handler, but that's not what actually
> happened - instead, in the event of failed send we freed the
> memory in-place, before putting the request on the queue.
> 
> This works OK when the message is sent, but when sending the
> message fails, the alarm would still trigger with a pointer
> argument that points to non-existent memory, and cause
> memory corruption.
> 
> There probably is a "proper" fix for this issue, with correct
> handling of sent vs. unsent requests, however it would be
> simpler just to sacrifice the sent request in the (extremely
> unlikely) event of alarm set failing. The other process would
> still send a response, but it will be ignored by the sender.
> 
> Fixes: 45e5f49e87fb ("ipc: remove panic in async request")
> 
> Signed-off-by: Anatoly Burakov <anatoly.burakov at intel.com>

Applied, thanks

Previous message: [dpdk-dev] [PATCH v2] ipc: fix use-after-free on failed send
Next message: [dpdk-dev] [PATCH] net/ena: fix out of order completion
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list