Commit 8a5e5e02 authored by Vasily Kulikov's avatar Vasily Kulikov Committed by Linus Torvalds
Browse files

include/linux/poison.h: fix LIST_POISON{1,2} offset 

Poison pointer values should be small enough to find a room in
non-mmap'able/hardly-mmap'able space.  E.g.  on x86 "poison pointer space"
is located starting from 0x0.  Given unprivileged users cannot mmap
anything below mmap_min_addr, it should be safe to use poison pointers
lower than mmap_min_addr.

The current poison pointer values of LIST_POISON{1,2} might be too big for
mmap_min_addr values equal or less than 1 MB (common case, e.g.  Ubuntu
uses only 0x10000).  There is little point to use such a big value given
the "poison pointer space" below 1 MB is not yet exhausted.  Changing it
to a smaller value solves the problem for small mmap_min_addr setups.

The values are suggested by Solar Designer:
http://www.openwall.com/lists/oss-security/2015/05/02/6



Signed-off-by: default avatarVasily Kulikov <segoon@openwall.com>
Cc: Solar Designer <solar@openwall.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent ecf1a3df

include/linux/poison.h

+2 −2
Original line number Diff line number Diff line
@@ -19,8 +19,8 @@ 
 * under normal circumstances, used to verify that nobody uses

 * non-initialized list entries.

 */

#define LIST_POISON1  ((void *) 0x00100100 + POISON_POINTER_DELTA)

#define LIST_POISON2  ((void *) 0x00200200 + POISON_POINTER_DELTA)

#define LIST_POISON1  ((void *) 0x100 + POISON_POINTER_DELTA)

#define LIST_POISON2  ((void *) 0x200 + POISON_POINTER_DELTA)



/********** include/linux/timer.h **********/

/*

CRA Git | Maintained and supported by SUSTech CRA and CCSE