Re: Linus 2.6.23-rc1, xen fix

From: Ingo Molnar
Date: Mon Jul 23 2007 - 11:53:05 EST


Subject: xen: fix process_msg() use-after-kfree
From: Ingo Molnar <mingo@xxxxxxx>

fix an obvious use-after-kfree bug in Xen.

Signed-off-by: Ingo Molnar <mingo@xxxxxxx>
---
drivers/xen/xenbus/xenbus_xs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Index: linux/drivers/xen/xenbus/xenbus_xs.c
===================================================================
--- linux.orig/drivers/xen/xenbus/xenbus_xs.c
+++ linux/drivers/xen/xenbus/xenbus_xs.c
@@ -782,8 +782,8 @@ static int process_msg(void)
msg->u.watch.vec = split(body, msg->hdr.len,
&msg->u.watch.vec_size);
if (IS_ERR(msg->u.watch.vec)) {
- kfree(msg);
err = PTR_ERR(msg->u.watch.vec);
+ kfree(msg);
goto out;
}

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/