Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / common / 86e6176a42401c8014ac34e305b8e3c55eba9351 / . / tools / include / linux / poison.h
blob: 2e6338ac5eed2384ee421eb18256cf31de2e164d [file] [log] [blame]
Greg Kroah-Hartmanb2441312017-11-01 15:07:57 +0100[diff] [blame]1/* SPDX-License-Identifier: GPL-2.0 */
Arnaldo Carvalho de Meloae3c14a2016-07-18 18:39:36 -0300[diff] [blame]2#ifndef _LINUX_POISON_H
3#define _LINUX_POISON_H
4
5/********** include/linux/list.h **********/
6
7/*
8 * Architectures might want to move the poison pointer offset
9 * into some well-recognized area such as 0xdead000000000000,
10 * that is also not mappable by user-space exploits:
11 */
12#ifdef CONFIG_ILLEGAL_POINTER_VALUE
13# define POISON_POINTER_DELTA _AC(CONFIG_ILLEGAL_POINTER_VALUE, UL)
14#else
15# define POISON_POINTER_DELTA 0
16#endif
17
Arnaldo Carvalho de Melo6ae8eef2017-09-21 12:12:17 -0300[diff] [blame]18#ifdef __cplusplus
19#define LIST_POISON1 NULL
20#define LIST_POISON2 NULL
21#else
Arnaldo Carvalho de Meloae3c14a2016-07-18 18:39:36 -0300[diff] [blame]22/*
23 * These are non-NULL pointers that will result in page faults
24 * under normal circumstances, used to verify that nobody uses
25 * non-initialized list entries.
26 */
27#define LIST_POISON1 ((void *) 0x100 + POISON_POINTER_DELTA)
28#define LIST_POISON2 ((void *) 0x200 + POISON_POINTER_DELTA)
Arnaldo Carvalho de Melo6ae8eef2017-09-21 12:12:17 -0300[diff] [blame]29#endif
Arnaldo Carvalho de Meloae3c14a2016-07-18 18:39:36 -0300[diff] [blame]30
31/********** include/linux/timer.h **********/
32/*
33 * Magic number "tsta" to indicate a static timer initializer
34 * for the object debugging code.
35 */
36#define TIMER_ENTRY_STATIC ((void *) 0x300 + POISON_POINTER_DELTA)
37
Vlastimil Babkafa449682020-12-14 19:13:45 -0800[diff] [blame]38/********** mm/page_poison.c **********/
Arnaldo Carvalho de Meloae3c14a2016-07-18 18:39:36 -0300[diff] [blame]39#define PAGE_POISON 0xaa
Arnaldo Carvalho de Meloae3c14a2016-07-18 18:39:36 -0300[diff] [blame]40
41/********** mm/page_alloc.c ************/
42
43#define TAIL_MAPPING ((void *) 0x400 + POISON_POINTER_DELTA)
44
45/********** mm/slab.c **********/
46/*
47 * Magic nums for obj red zoning.
48 * Placed in the first word before and the first word after an obj.
49 */
50#define RED_INACTIVE 0x09F911029D74E35BULL /* when obj is inactive */
51#define RED_ACTIVE 0xD84156C5635688C0ULL /* when obj is active */
52
53#define SLUB_RED_INACTIVE 0xbb
54#define SLUB_RED_ACTIVE 0xcc
55
56/* ...and for poisoning */
57#define POISON_INUSE 0x5a /* for use-uninitialised poisoning */
58#define POISON_FREE 0x6b /* for use-after-free poisoning */
59#define POISON_END 0xa5 /* end-byte of poisoning */
60
61/********** arch/$ARCH/mm/init.c **********/
62#define POISON_FREE_INITMEM 0xcc
63
64/********** arch/ia64/hp/common/sba_iommu.c **********/
65/*
66 * arch/ia64/hp/common/sba_iommu.c uses a 16-byte poison string with a
67 * value of "SBAIOMMU POISON\0" for spill-over poisoning.
68 */
69
70/********** fs/jbd/journal.c **********/
71#define JBD_POISON_FREE 0x5b
72#define JBD2_POISON_FREE 0x5c
73
74/********** drivers/base/dmapool.c **********/
75#define POOL_POISON_FREED 0xa7 /* !inuse */
76#define POOL_POISON_ALLOCATED 0xa9 /* !initted */
77
78/********** drivers/atm/ **********/
79#define ATM_POISON_FREE 0x12
80#define ATM_POISON 0xdeadbeef
81
82/********** kernel/mutexes **********/
83#define MUTEX_DEBUG_INIT 0x11
84#define MUTEX_DEBUG_FREE 0x22
85
Arnaldo Carvalho de Meloae3c14a2016-07-18 18:39:36 -0300[diff] [blame]86/********** security/ **********/
87#define KEY_DESTROY 0xbd
88
89#endif