On Mon, Apr 24, 2017 at 03:37:32PM -0700, Kees Cook wrote: > On Mon, Apr 24, 2017 at 3:01 PM, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: > > It does not. It just got free'ed. Nothing will stop the free from > > happening (or already having happened). > > Well, yes, but that's kind of my point. Detecting inc-from-0 is "too > late" to offer a protection. It offers notification of a bug, rather > than stopping an exploit from happening. Well, your setup (panic_on_warn et al) would have it panic the box. That will effectively stop the exploit by virtue of stopping everything. And warn/bug/panic etc.. are I think a better option that silently letting it happen.
