2006-06-27 13:53:52 +04:00
|
|
|
#ifndef _LINUX_POISON_H
|
|
|
|
#define _LINUX_POISON_H
|
|
|
|
|
|
|
|
/********** include/linux/list.h **********/
|
2010-01-10 17:28:09 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Architectures might want to move the poison pointer offset
|
|
|
|
* into some well-recognized area such as 0xdead000000000000,
|
|
|
|
* that is also not mappable by user-space exploits:
|
|
|
|
*/
|
|
|
|
#ifdef CONFIG_ILLEGAL_POINTER_VALUE
|
|
|
|
# define POISON_POINTER_DELTA _AC(CONFIG_ILLEGAL_POINTER_VALUE, UL)
|
|
|
|
#else
|
|
|
|
# define POISON_POINTER_DELTA 0
|
|
|
|
#endif
|
|
|
|
|
2006-06-27 13:53:52 +04:00
|
|
|
/*
|
|
|
|
* These are non-NULL pointers that will result in page faults
|
|
|
|
* under normal circumstances, used to verify that nobody uses
|
|
|
|
* non-initialized list entries.
|
|
|
|
*/
|
2015-09-10 01:36:00 +03:00
|
|
|
#define LIST_POISON1 ((void *) 0x100 + POISON_POINTER_DELTA)
|
|
|
|
#define LIST_POISON2 ((void *) 0x200 + POISON_POINTER_DELTA)
|
2006-06-27 13:53:52 +04:00
|
|
|
|
2008-04-30 11:55:03 +04:00
|
|
|
/********** include/linux/timer.h **********/
|
|
|
|
/*
|
|
|
|
* Magic number "tsta" to indicate a static timer initializer
|
|
|
|
* for the object debugging code.
|
|
|
|
*/
|
2016-01-16 03:57:55 +03:00
|
|
|
#define TIMER_ENTRY_STATIC ((void *) 0x300 + POISON_POINTER_DELTA)
|
2008-04-30 11:55:03 +04:00
|
|
|
|
2009-04-01 02:23:17 +04:00
|
|
|
/********** mm/debug-pagealloc.c **********/
|
2016-03-16 00:56:30 +03:00
|
|
|
#ifdef CONFIG_PAGE_POISONING_ZERO
|
|
|
|
#define PAGE_POISON 0x00
|
|
|
|
#else
|
2009-04-01 02:23:17 +04:00
|
|
|
#define PAGE_POISON 0xaa
|
2016-03-16 00:56:30 +03:00
|
|
|
#endif
|
2009-04-01 02:23:17 +04:00
|
|
|
|
2016-01-16 03:52:07 +03:00
|
|
|
/********** mm/page_alloc.c ************/
|
|
|
|
|
2016-01-16 03:57:55 +03:00
|
|
|
#define TAIL_MAPPING ((void *) 0x400 + POISON_POINTER_DELTA)
|
2016-01-16 03:52:07 +03:00
|
|
|
|
2006-06-27 13:53:52 +04:00
|
|
|
/********** mm/slab.c **********/
|
|
|
|
/*
|
|
|
|
* Magic nums for obj red zoning.
|
|
|
|
* Placed in the first word before and the first word after an obj.
|
|
|
|
*/
|
Increase slab redzone to 64bits
There are two problems with the existing redzone implementation.
Firstly, it's causing misalignment of structures which contain a 64-bit
integer, such as netfilter's 'struct ipt_entry' -- causing netfilter
modules to fail to load because of the misalignment. (In particular, the
first check in
net/ipv4/netfilter/ip_tables.c::check_entry_size_and_hooks())
On ppc32 and sparc32, amongst others, __alignof__(uint64_t) == 8.
With slab debugging, we use 32-bit redzones. And allocated slab objects
aren't sufficiently aligned to hold a structure containing a uint64_t.
By _just_ setting ARCH_KMALLOC_MINALIGN to __alignof__(u64) we'd disable
redzone checks on those architectures. By using 64-bit redzones we avoid that
loss of debugging, and also fix the other problem while we're at it.
When investigating this, I noticed that on 64-bit platforms we're using a
32-bit value of RED_ACTIVE/RED_INACTIVE in the 64-bit memory location set
aside for the redzone. Which means that the four bytes immediately before
or after the allocated object at 0x00,0x00,0x00,0x00 for LE and BE
machines, respectively. Which is probably not the most useful choice of
poison value.
One way to fix both of those at once is just to switch to 64-bit
redzones in all cases.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Acked-by: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Christoph Lameter <clameter@engr.sgi.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-08 11:22:59 +04:00
|
|
|
#define RED_INACTIVE 0x09F911029D74E35BULL /* when obj is inactive */
|
|
|
|
#define RED_ACTIVE 0xD84156C5635688C0ULL /* when obj is active */
|
2006-06-27 13:53:52 +04:00
|
|
|
|
2007-05-07 01:49:36 +04:00
|
|
|
#define SLUB_RED_INACTIVE 0xbb
|
|
|
|
#define SLUB_RED_ACTIVE 0xcc
|
|
|
|
|
2006-06-27 13:53:52 +04:00
|
|
|
/* ...and for poisoning */
|
|
|
|
#define POISON_INUSE 0x5a /* for use-uninitialised poisoning */
|
|
|
|
#define POISON_FREE 0x6b /* for use-after-free poisoning */
|
|
|
|
#define POISON_END 0xa5 /* end-byte of poisoning */
|
|
|
|
|
|
|
|
/********** arch/$ARCH/mm/init.c **********/
|
|
|
|
#define POISON_FREE_INITMEM 0xcc
|
|
|
|
|
|
|
|
/********** arch/ia64/hp/common/sba_iommu.c **********/
|
|
|
|
/*
|
|
|
|
* arch/ia64/hp/common/sba_iommu.c uses a 16-byte poison string with a
|
|
|
|
* value of "SBAIOMMU POISON\0" for spill-over poisoning.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/********** fs/jbd/journal.c **********/
|
2007-10-17 02:38:25 +04:00
|
|
|
#define JBD_POISON_FREE 0x5b
|
|
|
|
#define JBD2_POISON_FREE 0x5c
|
2006-06-27 13:53:52 +04:00
|
|
|
|
|
|
|
/********** drivers/base/dmapool.c **********/
|
|
|
|
#define POOL_POISON_FREED 0xa7 /* !inuse */
|
|
|
|
#define POOL_POISON_ALLOCATED 0xa9 /* !initted */
|
|
|
|
|
2006-06-27 13:53:53 +04:00
|
|
|
/********** drivers/atm/ **********/
|
|
|
|
#define ATM_POISON_FREE 0x12
|
2006-07-04 06:48:25 +04:00
|
|
|
#define ATM_POISON 0xdeadbeef
|
2006-06-27 13:53:53 +04:00
|
|
|
|
2006-06-27 13:53:54 +04:00
|
|
|
/********** kernel/mutexes **********/
|
|
|
|
#define MUTEX_DEBUG_INIT 0x11
|
|
|
|
#define MUTEX_DEBUG_FREE 0x22
|
2016-12-21 21:46:39 +03:00
|
|
|
#define MUTEX_POISON_WW_CTX ((void *) 0x500 + POISON_POINTER_DELTA)
|
2006-06-27 13:53:54 +04:00
|
|
|
|
2009-09-22 04:04:31 +04:00
|
|
|
/********** lib/flex_array.c **********/
|
|
|
|
#define FLEX_ARRAY_FREE 0x6c /* for use-after-free poisoning */
|
|
|
|
|
2006-06-27 13:53:54 +04:00
|
|
|
/********** security/ **********/
|
|
|
|
#define KEY_DESTROY 0xbd
|
|
|
|
|
2006-06-27 13:53:52 +04:00
|
|
|
#endif
|