From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr0-f193.google.com (mail-wr0-f193.google.com [209.85.128.193]) by dpdk.org (Postfix) with ESMTP id 067451C01 for ; Mon, 30 Apr 2018 16:43:54 +0200 (CEST) Received: by mail-wr0-f193.google.com with SMTP id v15-v6so8281652wrm.10 for ; Mon, 30 Apr 2018 07:43:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4xFN5KG5rxuzBZlqgc1e2KE0MT0t9KAVqICIND0vjzg=; b=af0Kq0gzQ7On7Ys2Ic/6cjU7auJ4ob3HbuIPfMnOSmz54YQMzyrYNXJS+2QQIA7TfE L1Jqi9kEUcPtV4ecuHHKoM9tERZVdSqjWPofCzZpZCWJ8JxDg7HJ9Abf+NJC9XKWA7QE iOfguKDpce2gt7o+fDBDiyE+itGRFMLmdttrHSEkJFDhekEQoVbpzouuzuyD43jP+yGA MtdKp0xMxm3M/8YKnsp1iQr60ICRGaA3wKKJKINWQ0Q+EfZaRJgG10t9nIT7lS1Amxcu a1m07Ma3LmttpCE8GKMbD0AusBCSeN/EAH+hw+b3YQpUdb2ps/P3iW0Xl2DSSPcBokem vaeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4xFN5KG5rxuzBZlqgc1e2KE0MT0t9KAVqICIND0vjzg=; b=Yz0FqWOSX11zm/JVHnh6tGm8V3A4bRukJbEzIwjUfS/DRNlTfxiRbLkYSUnFDuk5gq NkwnsX7qCmjBq7nRrWiRDjq8WgwF/X9NfsGnacYgpfU8U21/U7FuxVRq4US9UD+NJ7Rk zH9gzkHJamObIOuyscFLzUfc9U+C5jKEH7LClf3aV4zTS8lpbpE6ISCRZT6o5kHxqUbo 4bruTwiXR3TcFFig8d3hFIKNdflkeEXVBZq7KiO/4DRZFh3hpoctKKs4c9Lr3PI0jGna PHTh7Il2SQaarUktLIdIwSNqhvG6yAe7GBv3Yhk0bPjesL4EHu5gsGt7y+8HjGfBs0uI ZUJQ== X-Gm-Message-State: ALQs6tD+fdj0ysrVsR6QpMJROjnKNmcf8bwYYyY1jYnF9fJwlcfycPR2 oFhEBL1vIZiUzusi4/LE018= X-Google-Smtp-Source: AB8JxZqmD5043bx8YCZJhANzi+tCgLgf4t3h1juLO09ju6YuPKpSxgOUa2H8lbiTRG8PswhkpWBqRg== X-Received: by 2002:adf:8ea5:: with SMTP id q34-v6mr8296527wrb.245.1525099433688; Mon, 30 Apr 2018 07:43:53 -0700 (PDT) Received: from localhost ([2a00:23c5:be9a:5200:ce4c:82c0:d567:ecbb]) by smtp.gmail.com with ESMTPSA id p10-v6sm7476702wre.77.2018.04.30.07.43.52 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Apr 2018 07:43:52 -0700 (PDT) From: luca.boccassi@gmail.com To: Anatoly Burakov Cc: Jianfeng Tan , dpdk stable Date: Mon, 30 Apr 2018 15:41:10 +0100 Message-Id: <20180430144223.18657-55-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20180430144223.18657-1-luca.boccassi@gmail.com> References: <20180430140606.4615-80-luca.boccassi@gmail.com> <20180430144223.18657-1-luca.boccassi@gmail.com> Subject: [dpdk-stable] patch 'ipc: fix use-after-free in synchronous requests' has been queued to stable release 18.02.2 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Apr 2018 14:43:54 -0000 Hi, FYI, your patch has been queued to stable release 18.02.2 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 05/02/18. So please shout if anyone has objections. Thanks. Luca Boccassi --- >>From d64cf5c8efaff7c3c6640fbdc04bc4ac2372b1dd Mon Sep 17 00:00:00 2001 From: Anatoly Burakov Date: Fri, 13 Apr 2018 12:54:59 +0100 Subject: [PATCH] ipc: fix use-after-free in synchronous requests [ upstream commit fe98e52a52f0989c299883bf7c231b64ae1cd242 ] Previously, we were adding synchronous requests to request list, we were doing it after checking if request existed. However, we only removed the request from the request list if we have succeeded in sending the request. In case of failed request send, we left an invalid pointer in the request list. Fix this by only adding request to the list once we succeed in sending it. Fixes: 783b6e54971d ("eal: add synchronous multi-process communication") Signed-off-by: Anatoly Burakov Acked-by: Jianfeng Tan --- lib/librte_eal/common/eal_common_proc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/librte_eal/common/eal_common_proc.c b/lib/librte_eal/common/eal_common_proc.c index da7930f56..dccf9ab09 100644 --- a/lib/librte_eal/common/eal_common_proc.c +++ b/lib/librte_eal/common/eal_common_proc.c @@ -559,8 +559,6 @@ mp_request_one(const char *dst, struct rte_mp_msg *req, pthread_mutex_lock(&sync_requests.lock); exist = find_sync_request(dst, req->name); - if (!exist) - TAILQ_INSERT_TAIL(&sync_requests.requests, &sync_req, next); if (exist) { RTE_LOG(ERR, EAL, "A pending request %s:%s\n", dst, req->name); rte_errno = EEXIST; @@ -576,6 +574,8 @@ mp_request_one(const char *dst, struct rte_mp_msg *req, } else if (ret == 0) return 0; + TAILQ_INSERT_TAIL(&sync_requests.requests, &sync_req, next); + reply->nb_sent++; do { -- 2.14.2