Home | History | Annotate | Download | only in added 
      1 #ifndef _LINUX_POISON_H
      2 #define _LINUX_POISON_H
      3 
      4 /********** include/linux/list.h **********/
      5 
      6 /*
      7  * Architectures might want to move the poison pointer offset
      8  * into some well-recognized area such as 0xdead000000000000,
      9  * that is also not mappable by user-space exploits:
     10  */
     11 #ifdef CONFIG_ILLEGAL_POINTER_VALUE
     12 # define POISON_POINTER_DELTA _AC(CONFIG_ILLEGAL_POINTER_VALUE, UL)
     13 #else
     14 # define POISON_POINTER_DELTA 0
     15 #endif
     16 
     17 /*
     18  * These are non-NULL pointers that will result in page faults
     19  * under normal circumstances, used to verify that nobody uses
     20  * non-initialized list entries.
     21  */
     22 #define LIST_POISON1  ((void *) 0x00100100 + POISON_POINTER_DELTA)
     23 #define LIST_POISON2  ((void *) 0x00200200 + POISON_POINTER_DELTA)
     24 
     25 /********** include/linux/timer.h **********/
     26 /*
     27  * Magic number "tsta" to indicate a static timer initializer
     28  * for the object debugging code.
     29  */
     30 #define TIMER_ENTRY_STATIC	((void *) 0x74737461)
     31 
     32 /********** mm/debug-pagealloc.c **********/
     33 #define PAGE_POISON 0xaa
     34 
     35 /********** mm/slab.c **********/
     36 /*
     37  * Magic nums for obj red zoning.
     38  * Placed in the first word before and the first word after an obj.
     39  */
     40 #define	RED_INACTIVE	0x09F911029D74E35BULL	/* when obj is inactive */
     41 #define	RED_ACTIVE	0xD84156C5635688C0ULL	/* when obj is active */
     42 
     43 #define SLUB_RED_INACTIVE	0xbb
     44 #define SLUB_RED_ACTIVE		0xcc
     45 
     46 /* ...and for poisoning */
     47 #define	POISON_INUSE	0x5a	/* for use-uninitialised poisoning */
     48 #define POISON_FREE	0x6b	/* for use-after-free poisoning */
     49 #define	POISON_END	0xa5	/* end-byte of poisoning */
     50 
     51 /********** mm/hugetlb.c **********/
     52 /*
     53  * Private mappings of hugetlb pages use this poisoned value for
     54  * page->mapping. The core VM should not be doing anything with this mapping
     55  * but futex requires the existence of some page->mapping value even though it
     56  * is unused if PAGE_MAPPING_ANON is set.
     57  */
     58 #define HUGETLB_POISON	((void *)(0x00300300 + POISON_POINTER_DELTA + PAGE_MAPPING_ANON))
     59 
     60 /********** arch/$ARCH/mm/init.c **********/
     61 #define POISON_FREE_INITMEM	0xcc
     62 
     63 /********** arch/ia64/hp/common/sba_iommu.c **********/
     64 /*
     65  * arch/ia64/hp/common/sba_iommu.c uses a 16-byte poison string with a
     66  * value of "SBAIOMMU POISON\0" for spill-over poisoning.
     67  */
     68 
     69 /********** fs/jbd/journal.c **********/
     70 #define JBD_POISON_FREE		0x5b
     71 #define JBD2_POISON_FREE	0x5c
     72 
     73 /********** drivers/base/dmapool.c **********/
     74 #define	POOL_POISON_FREED	0xa7	/* !inuse */
     75 #define	POOL_POISON_ALLOCATED	0xa9	/* !initted */
     76 
     77 /********** drivers/atm/ **********/
     78 #define ATM_POISON_FREE		0x12
     79 #define ATM_POISON		0xdeadbeef
     80 
     81 /********** net/ **********/
     82 #define NEIGHBOR_DEAD		0xdeadbeef
     83 #define NETFILTER_LINK_POISON	0xdead57ac
     84 
     85 /********** kernel/mutexes **********/
     86 #define MUTEX_DEBUG_INIT	0x11
     87 #define MUTEX_DEBUG_FREE	0x22
     88 
     89 /********** lib/flex_array.c **********/
     90 #define FLEX_ARRAY_FREE	0x6c	/* for use-after-free poisoning */
     91 
     92 /********** security/ **********/
     93 #define KEY_DESTROY		0xbd
     94 
     95 /********** sound/oss/ **********/
     96 #define OSS_POISON_FREE		0xAB
     97 
     98 #endif
     99