On 25/09/2024 9:42 am, Roger Pau Monne wrote: > The livepatch_elf_sec data field points to the temporary load buffer, it's the > load_addr field that points to the stable loaded section data. Zero the data > field once load_addr is set, as it would otherwise become a dangling pointer > once the load buffer is freed. > > No functional change intended. > > Signed-off-by: Roger Pau Monné <roger....@citrix.com> > --- > Changes since v1: > - New in this version. > --- > xen/common/livepatch.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/xen/common/livepatch.c b/xen/common/livepatch.c > index df41dcce970a..87b3db03e26d 100644 > --- a/xen/common/livepatch.c > +++ b/xen/common/livepatch.c > @@ -383,6 +383,9 @@ static int move_payload(struct payload *payload, struct > livepatch_elf *elf) > } > else > memset(elf->sec[i].load_addr, 0, elf->sec[i].sec->sh_size); > + > + /* Avoid leaking pointers to temporary load buffers. */ > + elf->sec[i].data = NULL; > } > } >
Where is the data allocated and freed? I don't see it being freed in this loop, so how is freed subsequently? ~Andrew
