|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] x86/hvm: Fix use-after-free introduced by c/s 428607a
On 02/02/16 10:52, Jan Beulich wrote: >>>> On 02.02.16 at 11:48, <andrew.cooper3@xxxxxxxxxx> wrote: >> On 02/02/16 10:43, Jan Beulich wrote: >>>>>> On 01.02.16 at 18:56, <andrew.cooper3@xxxxxxxxxx> wrote: >>>> For safety, NULL out the pointers after freeing them, in an attempt to make >>>> mistakes more obvious in the future. >>> Except that NULLing isn't really adding that much safety, and we'd >>> be better off poisoning such pointers. Nevertheless ... >> NULLing the pointers would cause things like rtc_deinit() to always blow >> up when it followed the NULL pointer. >> >> IMO, we should unconditionally always NULL pointers when freeing a >> pointer which isn't in local scope. It would make issues such as these >> completely obvious. > As would poisoning the pointers, yet poisoning has the advantage > of not allowing PV guests to control what the hypervisor might > access when erroneously de-referencing such a pointer. Hmm. If we taught xfree() about this poisoned value and it treated it just as it would NULL, then this would work. I will put it on my todo list, unless anyone else beats me to it. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |