https://github.com/torvalds/linux
Revision a0f1d21c1ccb1da66629627a74059dd7f5ac9c61 authored by Dan Carpenter on 30 November 2016, 19:21:05 UTC, committed by Radim Krčmář on 01 December 2016, 15:10:50 UTC
We should move the ops->destroy(dev) after the list_del(&dev->vm_node) so that we don't use "dev" after freeing it. Fixes: a28ebea2adc4 ("KVM: Protect device ops->create and list_add with kvm->lock") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
1 parent 0f4828a
Tip revision: a0f1d21c1ccb1da66629627a74059dd7f5ac9c61 authored by Dan Carpenter on 30 November 2016, 19:21:05 UTC
KVM: use after free in kvm_ioctl_create_device()
KVM: use after free in kvm_ioctl_create_device()
Tip revision: a0f1d21
Kconfig.ubsan
config ARCH_HAS_UBSAN_SANITIZE_ALL
bool
config ARCH_WANTS_UBSAN_NO_NULL
def_bool n
config UBSAN
bool "Undefined behaviour sanity checker"
help
This option enables undefined behaviour sanity checker
Compile-time instrumentation is used to detect various undefined
behaviours in runtime. Various types of checks may be enabled
via boot parameter ubsan_handle (see: Documentation/ubsan.txt).
config UBSAN_SANITIZE_ALL
bool "Enable instrumentation for the entire kernel"
depends on UBSAN
depends on ARCH_HAS_UBSAN_SANITIZE_ALL
# We build with -Wno-maybe-uninitilzed, but we still want to
# use -Wmaybe-uninitilized in allmodconfig builds.
# So dependsy bellow used to disable this option in allmodconfig
depends on !COMPILE_TEST
default y
help
This option activates instrumentation for the entire kernel.
If you don't enable this option, you have to explicitly specify
UBSAN_SANITIZE := y for the files/directories you want to check for UB.
Enabling this option will get kernel image size increased
significantly.
config UBSAN_ALIGNMENT
bool "Enable checking of pointers alignment"
depends on UBSAN
default y if !HAVE_EFFICIENT_UNALIGNED_ACCESS
help
This option enables detection of unaligned memory accesses.
Enabling this option on architectures that support unaligned
accesses may produce a lot of false positives.
config UBSAN_NULL
bool "Enable checking of null pointers"
depends on UBSAN
default y if !ARCH_WANTS_UBSAN_NO_NULL
help
This option enables detection of memory accesses via a
null pointer.
![swh spinner](/static/img/swh-spinner.gif)
Computing file changes ...