[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 2/6] xen/livepatch: zero pointer to temporary load buffer



The livepatch_elf_sec data field points to the temporary load buffer, it's the
load_addr field that points to the stable loaded section data.  Zero the data
field once load_addr is set, as it would otherwise become a dangling pointer
once the load buffer is freed.

No functional change intended.

Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
---
Changes since v1:
 - New in this version.
---
 xen/common/livepatch.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c
index df41dcce970a..87b3db03e26d 100644
--- a/xen/common/livepatch.c
+++ b/xen/common/livepatch.c
@@ -383,6 +383,9 @@ static int move_payload(struct payload *payload, struct 
livepatch_elf *elf)
             }
             else
                 memset(elf->sec[i].load_addr, 0, elf->sec[i].sec->sh_size);
+
+            /* Avoid leaking pointers to temporary load buffers. */
+            elf->sec[i].data = NULL;
         }
     }
 
-- 
2.46.0




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.