Re: [PATCH] core, x86: make LIST_POISON less deadly

From: Stephen Rothwell
Date: Sun Dec 27 2009 - 20:11:41 EST

Next message: Nitin Gupta: "[PATCH 1/2] [mmotm] Add notifiers for various swap events"
Previous message: KAMEZAWA Hiroyuki: "Re: [RFC PATCH] asynchronous page fault."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Linus,

On Sun, 20 Dec 2009 15:22:30 +0200 Avi Kivity <avi@xxxxxxxxxx> wrote:
>
> From: Avi Kivity <avi@xxxxxxxxxxxx>
>
> The list macros use LIST_POISON1 and LIST_POISON2 as undereferencable
> pointers in order to trap erronous use of freed list_heads. Unfortunately
> userspace can arrange for those pointers to actually be dereferencable,
> potentially turning an oops to an expolit.
>
> To avoid this allow architectures (currently x86_64 only) to override
> the default values for these pointers with truly-undereferencable values.
> This is easy on x86_64 as the virtual address space is large and contains
> areas that cannot be mapped.
>
> Other 64-bit architectures will likely find similar unmapped ranges.
>
> [ingo: switch to 0xdead000000000000 as the unmapped area]
> [ingo: add comments, cleanup]
> [jaswinder: eliminate sparse warnings]
>
> Acked-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Jaswinder Singh Rajput <jaswinderrajput@xxxxxxxxx>
> Signed-off-by: Ingo Molnar <mingo@xxxxxxx>
> Signed-off-by: Avi Kivity <avi@xxxxxxxxxx>

The above fixed version of this patch has been in linux-next (via the tip
tree) for one year minus one day.

--
Cheers,
Stephen Rothwell sfr@xxxxxxxxxxxxxxxx
http://www.canb.auug.org.au/~sfr/

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Nitin Gupta: "[PATCH 1/2] [mmotm] Add notifiers for various swap events"
Previous message: KAMEZAWA Hiroyuki: "Re: [RFC PATCH] asynchronous page fault."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]