On Wed, May 22, 2019 at 09:50:55AM +0800, Gen Zhang wrote: > On Tue, May 21, 2019 at 01:44:33PM -0700, Kees Cook wrote: > > This doesn't look safe to me: p->uni_pgdir[n] will still have a handle > > to the freed memory, won't it? > > > Thanks for your reply, Kees! > I think you are right. Maybe we should do this: > kfree(p1); > p->uni_pgdir[n] = NULL; > Is this correct?
That's what I'm not sure about. I *think* so, from reading the code, but I'd love to have Greg (or someone more familiar with the code) to double-check this. Otherwise, yeah, this looks right. Please send a v2 and we can debate the correctness there, if it turns out to be wrong. :) -- Kees Cook
