Rev 6936 | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 6936 | Rev 7143 | ||
---|---|---|---|
1 | #ifndef _LINUX_POISON_H |
1 | #ifndef _LINUX_POISON_H |
2 | #define _LINUX_POISON_H |
2 | #define _LINUX_POISON_H |
3 | 3 | ||
4 | /********** include/linux/list.h **********/ |
4 | /********** include/linux/list.h **********/ |
5 | 5 | ||
6 | /* |
6 | /* |
7 | * Architectures might want to move the poison pointer offset |
7 | * Architectures might want to move the poison pointer offset |
8 | * into some well-recognized area such as 0xdead000000000000, |
8 | * into some well-recognized area such as 0xdead000000000000, |
9 | * that is also not mappable by user-space exploits: |
9 | * that is also not mappable by user-space exploits: |
10 | */ |
10 | */ |
11 | #ifdef CONFIG_ILLEGAL_POINTER_VALUE |
11 | #ifdef CONFIG_ILLEGAL_POINTER_VALUE |
12 | # define POISON_POINTER_DELTA _AC(CONFIG_ILLEGAL_POINTER_VALUE, UL) |
12 | # define POISON_POINTER_DELTA _AC(CONFIG_ILLEGAL_POINTER_VALUE, UL) |
13 | #else |
13 | #else |
14 | # define POISON_POINTER_DELTA 0 |
14 | # define POISON_POINTER_DELTA 0 |
15 | #endif |
15 | #endif |
16 | 16 | ||
17 | /* |
17 | /* |
18 | * These are non-NULL pointers that will result in page faults |
18 | * These are non-NULL pointers that will result in page faults |
19 | * under normal circumstances, used to verify that nobody uses |
19 | * under normal circumstances, used to verify that nobody uses |
20 | * non-initialized list entries. |
20 | * non-initialized list entries. |
21 | */ |
21 | */ |
22 | #define LIST_POISON1 ((void *) 0x100 + POISON_POINTER_DELTA) |
22 | #define LIST_POISON1 ((void *) 0x100 + POISON_POINTER_DELTA) |
23 | #define LIST_POISON2 ((void *) 0x200 + POISON_POINTER_DELTA) |
23 | #define LIST_POISON2 ((void *) 0x200 + POISON_POINTER_DELTA) |
24 | 24 | ||
25 | /********** include/linux/timer.h **********/ |
25 | /********** include/linux/timer.h **********/ |
26 | /* |
26 | /* |
27 | * Magic number "tsta" to indicate a static timer initializer |
27 | * Magic number "tsta" to indicate a static timer initializer |
28 | * for the object debugging code. |
28 | * for the object debugging code. |
29 | */ |
29 | */ |
30 | #define TIMER_ENTRY_STATIC ((void *) 0x300 + POISON_POINTER_DELTA) |
30 | #define TIMER_ENTRY_STATIC ((void *) 0x300 + POISON_POINTER_DELTA) |
31 | 31 | ||
32 | /********** mm/debug-pagealloc.c **********/ |
32 | /********** mm/debug-pagealloc.c **********/ |
- | 33 | #ifdef CONFIG_PAGE_POISONING_ZERO |
|
- | 34 | #define PAGE_POISON 0x00 |
|
- | 35 | #else |
|
33 | #define PAGE_POISON 0xaa |
36 | #define PAGE_POISON 0xaa |
- | 37 | #endif |
|
34 | 38 | ||
35 | /********** mm/page_alloc.c ************/ |
39 | /********** mm/page_alloc.c ************/ |
36 | 40 | ||
37 | #define TAIL_MAPPING ((void *) 0x400 + POISON_POINTER_DELTA) |
41 | #define TAIL_MAPPING ((void *) 0x400 + POISON_POINTER_DELTA) |
38 | 42 | ||
39 | /********** mm/slab.c **********/ |
43 | /********** mm/slab.c **********/ |
40 | /* |
44 | /* |
41 | * Magic nums for obj red zoning. |
45 | * Magic nums for obj red zoning. |
42 | * Placed in the first word before and the first word after an obj. |
46 | * Placed in the first word before and the first word after an obj. |
43 | */ |
47 | */ |
44 | #define RED_INACTIVE 0x09F911029D74E35BULL /* when obj is inactive */ |
48 | #define RED_INACTIVE 0x09F911029D74E35BULL /* when obj is inactive */ |
45 | #define RED_ACTIVE 0xD84156C5635688C0ULL /* when obj is active */ |
49 | #define RED_ACTIVE 0xD84156C5635688C0ULL /* when obj is active */ |
46 | 50 | ||
47 | #define SLUB_RED_INACTIVE 0xbb |
51 | #define SLUB_RED_INACTIVE 0xbb |
48 | #define SLUB_RED_ACTIVE 0xcc |
52 | #define SLUB_RED_ACTIVE 0xcc |
49 | 53 | ||
50 | /* ...and for poisoning */ |
54 | /* ...and for poisoning */ |
51 | #define POISON_INUSE 0x5a /* for use-uninitialised poisoning */ |
55 | #define POISON_INUSE 0x5a /* for use-uninitialised poisoning */ |
52 | #define POISON_FREE 0x6b /* for use-after-free poisoning */ |
56 | #define POISON_FREE 0x6b /* for use-after-free poisoning */ |
53 | #define POISON_END 0xa5 /* end-byte of poisoning */ |
57 | #define POISON_END 0xa5 /* end-byte of poisoning */ |
54 | 58 | ||
55 | /********** arch/$ARCH/mm/init.c **********/ |
59 | /********** arch/$ARCH/mm/init.c **********/ |
56 | #define POISON_FREE_INITMEM 0xcc |
60 | #define POISON_FREE_INITMEM 0xcc |
57 | 61 | ||
58 | /********** arch/ia64/hp/common/sba_iommu.c **********/ |
62 | /********** arch/ia64/hp/common/sba_iommu.c **********/ |
59 | /* |
63 | /* |
60 | * arch/ia64/hp/common/sba_iommu.c uses a 16-byte poison string with a |
64 | * arch/ia64/hp/common/sba_iommu.c uses a 16-byte poison string with a |
61 | * value of "SBAIOMMU POISON\0" for spill-over poisoning. |
65 | * value of "SBAIOMMU POISON\0" for spill-over poisoning. |
62 | */ |
66 | */ |
63 | 67 | ||
64 | /********** fs/jbd/journal.c **********/ |
68 | /********** fs/jbd/journal.c **********/ |
65 | #define JBD_POISON_FREE 0x5b |
69 | #define JBD_POISON_FREE 0x5b |
66 | #define JBD2_POISON_FREE 0x5c |
70 | #define JBD2_POISON_FREE 0x5c |
67 | 71 | ||
68 | /********** drivers/base/dmapool.c **********/ |
72 | /********** drivers/base/dmapool.c **********/ |
69 | #define POOL_POISON_FREED 0xa7 /* !inuse */ |
73 | #define POOL_POISON_FREED 0xa7 /* !inuse */ |
70 | #define POOL_POISON_ALLOCATED 0xa9 /* !initted */ |
74 | #define POOL_POISON_ALLOCATED 0xa9 /* !initted */ |
71 | 75 | ||
72 | /********** drivers/atm/ **********/ |
76 | /********** drivers/atm/ **********/ |
73 | #define ATM_POISON_FREE 0x12 |
77 | #define ATM_POISON_FREE 0x12 |
74 | #define ATM_POISON 0xdeadbeef |
78 | #define ATM_POISON 0xdeadbeef |
75 | 79 | ||
76 | /********** kernel/mutexes **********/ |
80 | /********** kernel/mutexes **********/ |
77 | #define MUTEX_DEBUG_INIT 0x11 |
81 | #define MUTEX_DEBUG_INIT 0x11 |
78 | #define MUTEX_DEBUG_FREE 0x22 |
82 | #define MUTEX_DEBUG_FREE 0x22 |
79 | 83 | ||
80 | /********** lib/flex_array.c **********/ |
84 | /********** lib/flex_array.c **********/ |
81 | #define FLEX_ARRAY_FREE 0x6c /* for use-after-free poisoning */ |
85 | #define FLEX_ARRAY_FREE 0x6c /* for use-after-free poisoning */ |
82 | 86 | ||
83 | /********** security/ **********/ |
87 | /********** security/ **********/ |
84 | #define KEY_DESTROY 0xbd |
88 | #define KEY_DESTROY 0xbd |
85 | 89 | ||
86 | #endif |
90 | #endif |