On 02/02/16 10:52, Jan Beulich wrote:
>>>> On 02.02.16 at 11:48, <andrew.coop...@citrix.com> wrote:
>> On 02/02/16 10:43, Jan Beulich wrote:
>>>>>> On 01.02.16 at 18:56, <andrew.coop...@citrix.com> wrote:
>>>> For safety, NULL out the pointers after freeing them, in an attempt to make
>>>> mistakes more obvious in the future.
>>> Except that NULLing isn't really adding that much safety, and we'd
>>> be better off poisoning such pointers. Nevertheless ...
>> NULLing the pointers would cause things like rtc_deinit() to always blow
>> up when it followed the NULL pointer.
>>
>> IMO, we should unconditionally always NULL pointers when freeing a
>> pointer which isn't in local scope.  It would make issues such as these
>> completely obvious.
> As would poisoning the pointers, yet poisoning has the advantage
> of not allowing PV guests to control what the hypervisor might
> access when erroneously de-referencing such a pointer.

Hmm.  If we taught xfree() about this poisoned value and it treated it
just as it would NULL, then this would work.

I will put it on my todo list, unless anyone else beats me to it.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Reply via email to