Randy Dunlap | c9cf552 | 2006-06-27 02:53:52 -0700 | [diff] [blame] | 1 | #ifndef _LINUX_POISON_H |
| 2 | #define _LINUX_POISON_H |
| 3 | |
| 4 | /********** include/linux/list.h **********/ |
Avi Kivity | a29815a | 2010-01-10 16:28:09 +0200 | [diff] [blame] | 5 | |
| 6 | /* |
| 7 | * Architectures might want to move the poison pointer offset |
| 8 | * into some well-recognized area such as 0xdead000000000000, |
| 9 | * that is also not mappable by user-space exploits: |
| 10 | */ |
| 11 | #ifdef CONFIG_ILLEGAL_POINTER_VALUE |
| 12 | # define POISON_POINTER_DELTA _AC(CONFIG_ILLEGAL_POINTER_VALUE, UL) |
| 13 | #else |
| 14 | # define POISON_POINTER_DELTA 0 |
| 15 | #endif |
| 16 | |
Randy Dunlap | c9cf552 | 2006-06-27 02:53:52 -0700 | [diff] [blame] | 17 | /* |
| 18 | * These are non-NULL pointers that will result in page faults |
| 19 | * under normal circumstances, used to verify that nobody uses |
| 20 | * non-initialized list entries. |
| 21 | */ |
Avi Kivity | a29815a | 2010-01-10 16:28:09 +0200 | [diff] [blame] | 22 | #define LIST_POISON1 ((void *) 0x00100100 + POISON_POINTER_DELTA) |
| 23 | #define LIST_POISON2 ((void *) 0x00200200 + POISON_POINTER_DELTA) |
Randy Dunlap | c9cf552 | 2006-06-27 02:53:52 -0700 | [diff] [blame] | 24 | |
Thomas Gleixner | c6f3a97 | 2008-04-30 00:55:03 -0700 | [diff] [blame] | 25 | /********** include/linux/timer.h **********/ |
| 26 | /* |
| 27 | * Magic number "tsta" to indicate a static timer initializer |
| 28 | * for the object debugging code. |
| 29 | */ |
| 30 | #define TIMER_ENTRY_STATIC ((void *) 0x74737461) |
| 31 | |
Akinobu Mita | 6a11f75 | 2009-03-31 15:23:17 -0700 | [diff] [blame] | 32 | /********** mm/debug-pagealloc.c **********/ |
| 33 | #define PAGE_POISON 0xaa |
| 34 | |
Randy Dunlap | c9cf552 | 2006-06-27 02:53:52 -0700 | [diff] [blame] | 35 | /********** mm/slab.c **********/ |
| 36 | /* |
| 37 | * Magic nums for obj red zoning. |
| 38 | * Placed in the first word before and the first word after an obj. |
| 39 | */ |
David Woodhouse | b46b8f1 | 2007-05-08 00:22:59 -0700 | [diff] [blame] | 40 | #define RED_INACTIVE 0x09F911029D74E35BULL /* when obj is inactive */ |
| 41 | #define RED_ACTIVE 0xD84156C5635688C0ULL /* when obj is active */ |
Randy Dunlap | c9cf552 | 2006-06-27 02:53:52 -0700 | [diff] [blame] | 42 | |
Christoph Lameter | 81819f0 | 2007-05-06 14:49:36 -0700 | [diff] [blame] | 43 | #define SLUB_RED_INACTIVE 0xbb |
| 44 | #define SLUB_RED_ACTIVE 0xcc |
| 45 | |
Randy Dunlap | c9cf552 | 2006-06-27 02:53:52 -0700 | [diff] [blame] | 46 | /* ...and for poisoning */ |
| 47 | #define POISON_INUSE 0x5a /* for use-uninitialised poisoning */ |
| 48 | #define POISON_FREE 0x6b /* for use-after-free poisoning */ |
| 49 | #define POISON_END 0xa5 /* end-byte of poisoning */ |
| 50 | |
Mel Gorman | 23be746 | 2010-04-23 13:17:56 -0400 | [diff] [blame] | 51 | /********** mm/hugetlb.c **********/ |
| 52 | /* |
| 53 | * Private mappings of hugetlb pages use this poisoned value for |
| 54 | * page->mapping. The core VM should not be doing anything with this mapping |
| 55 | * but futex requires the existence of some page->mapping value even though it |
| 56 | * is unused if PAGE_MAPPING_ANON is set. |
| 57 | */ |
| 58 | #define HUGETLB_POISON ((void *)(0x00300300 + POISON_POINTER_DELTA + PAGE_MAPPING_ANON)) |
| 59 | |
Randy Dunlap | c9cf552 | 2006-06-27 02:53:52 -0700 | [diff] [blame] | 60 | /********** arch/$ARCH/mm/init.c **********/ |
| 61 | #define POISON_FREE_INITMEM 0xcc |
| 62 | |
Randy Dunlap | c9cf552 | 2006-06-27 02:53:52 -0700 | [diff] [blame] | 63 | /********** arch/ia64/hp/common/sba_iommu.c **********/ |
| 64 | /* |
| 65 | * arch/ia64/hp/common/sba_iommu.c uses a 16-byte poison string with a |
| 66 | * value of "SBAIOMMU POISON\0" for spill-over poisoning. |
| 67 | */ |
| 68 | |
| 69 | /********** fs/jbd/journal.c **********/ |
Mingming Cao | cd02ff0 | 2007-10-16 18:38:25 -0400 | [diff] [blame] | 70 | #define JBD_POISON_FREE 0x5b |
| 71 | #define JBD2_POISON_FREE 0x5c |
Randy Dunlap | c9cf552 | 2006-06-27 02:53:52 -0700 | [diff] [blame] | 72 | |
| 73 | /********** drivers/base/dmapool.c **********/ |
| 74 | #define POOL_POISON_FREED 0xa7 /* !inuse */ |
| 75 | #define POOL_POISON_ALLOCATED 0xa9 /* !initted */ |
| 76 | |
Randy Dunlap | b3c681e | 2006-06-27 02:53:53 -0700 | [diff] [blame] | 77 | /********** drivers/atm/ **********/ |
| 78 | #define ATM_POISON_FREE 0x12 |
Randy Dunlap | 3c6b377 | 2006-07-03 19:48:25 -0700 | [diff] [blame] | 79 | #define ATM_POISON 0xdeadbeef |
Randy Dunlap | b3c681e | 2006-06-27 02:53:53 -0700 | [diff] [blame] | 80 | |
Randy Dunlap | 4bdbf6c | 2006-07-03 19:47:27 -0700 | [diff] [blame] | 81 | /********** net/ **********/ |
| 82 | #define NEIGHBOR_DEAD 0xdeadbeef |
| 83 | #define NETFILTER_LINK_POISON 0xdead57ac |
| 84 | |
Randy Dunlap | a7807a3 | 2006-06-27 02:53:54 -0700 | [diff] [blame] | 85 | /********** kernel/mutexes **********/ |
| 86 | #define MUTEX_DEBUG_INIT 0x11 |
| 87 | #define MUTEX_DEBUG_FREE 0x22 |
| 88 | |
David Rientjes | 19da3dd | 2009-09-21 17:04:31 -0700 | [diff] [blame] | 89 | /********** lib/flex_array.c **********/ |
| 90 | #define FLEX_ARRAY_FREE 0x6c /* for use-after-free poisoning */ |
| 91 | |
Randy Dunlap | a7807a3 | 2006-06-27 02:53:54 -0700 | [diff] [blame] | 92 | /********** security/ **********/ |
| 93 | #define KEY_DESTROY 0xbd |
| 94 | |
Randy Dunlap | b3c681e | 2006-06-27 02:53:53 -0700 | [diff] [blame] | 95 | /********** sound/oss/ **********/ |
| 96 | #define OSS_POISON_FREE 0xAB |
| 97 | |
Randy Dunlap | c9cf552 | 2006-06-27 02:53:52 -0700 | [diff] [blame] | 98 | #endif |