20/11/2018 17:18, Anatoly Burakov:
> Previous fix for rte_panic has moved setting of alarm before
> sending the message. This means that whether we send a message,
> the alarm would still trigger. The comment noted that cleanup
> would happen in the alarm handler, but that's not what actually
> happened - instead, in the event of failed send we freed the
> memory in-place, before putting the request on the queue.
>
> This works OK when the message is sent, but when sending the
> message fails, the alarm would still trigger with a pointer
> argument that points to non-existent memory, and cause
> memory corruption.
>
> There probably is a "proper" fix for this issue, with correct
> handling of sent vs. unsent requests, however it would be
> simpler just to sacrifice the sent request in the (extremely
> unlikely) event of alarm set failing. The other process would
> still send a response, but it will be ignored by the sender.
>
> Fixes: 45e5f49e87fb ("ipc: remove panic in async request")
>
> Signed-off-by: Anatoly Burakov <anatoly.bura...@intel.com>
Applied, thanks
