From: Peter Zijlstra <peterz@infradead.org>
To: "Larry H." <research@subreption.com>
Cc: linux-mm@kvack.org, Alan Cox <alan@lxorguk.ukuu.org.uk>,
Rik van Riel <riel@redhat.com>,
linux-kernel@vger.kernel.org, Linus Torvalds <torvalds@osdl.org>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] Change ZERO_SIZE_PTR to point at unmapped space
Date: Sun, 31 May 2009 00:32:51 +0200 [thread overview]
Message-ID: <1243722771.6645.162.camel@laptop> (raw)
In-Reply-To: <20090530192829.GK6535@oblivion.subreption.com>
On Sat, 2009-05-30 at 12:28 -0700, Larry H. wrote:
> [PATCH] Change ZERO_SIZE_PTR to point at unmapped space
>
> This patch changes the ZERO_SIZE_PTR address to point at top memory
> unmapped space, instead of the original location which could be
> mapped from userland to abuse a NULL (or offset-from-null) pointer
> dereference scenario.
Same goes for the regular NULL pointer, we have bits to disallow
userspace mapping the NULL page, so I'm not exactly seeing what this
patch buys us.
> The ZERO_OR_NULL_PTR macro is changed accordingly. This patch does
> not modify its behavior nor has any performance nor functionality
> impact.
It does generate longer asm.
> The original change was written first by the PaX team for their
> patch.
>
> Signed-off-by: Larry Highsmith <larry@subreption.com>
>
> Index: linux-2.6/include/linux/slab.h
> ===================================================================
> --- linux-2.6.orig/include/linux/slab.h
> +++ linux-2.6/include/linux/slab.h
> @@ -73,10 +73,9 @@
> * ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can.
> * Both make kfree a no-op.
> */
> -#define ZERO_SIZE_PTR ((void *)16)
> +#define ZERO_SIZE_PTR ((void *)-1024L)
>
> -#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) <= \
> - (unsigned long)ZERO_SIZE_PTR)
> +#define ZERO_OR_NULL_PTR(x) (!(x) || (x) == ZERO_SIZE_PTR)
>
> /*
> * struct kmem_cache related prototypes
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
WARNING: multiple messages have this Message-ID (diff)
From: Peter Zijlstra <peterz@infradead.org>
To: "Larry H." <research@subreption.com>
Cc: linux-mm@kvack.org, Alan Cox <alan@lxorguk.ukuu.org.uk>,
Rik van Riel <riel@redhat.com>,
linux-kernel@vger.kernel.org, Linus Torvalds <torvalds@osdl.org>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] Change ZERO_SIZE_PTR to point at unmapped space
Date: Sun, 31 May 2009 00:32:51 +0200 [thread overview]
Message-ID: <1243722771.6645.162.camel@laptop> (raw)
In-Reply-To: <20090530192829.GK6535@oblivion.subreption.com>
On Sat, 2009-05-30 at 12:28 -0700, Larry H. wrote:
> [PATCH] Change ZERO_SIZE_PTR to point at unmapped space
>
> This patch changes the ZERO_SIZE_PTR address to point at top memory
> unmapped space, instead of the original location which could be
> mapped from userland to abuse a NULL (or offset-from-null) pointer
> dereference scenario.
Same goes for the regular NULL pointer, we have bits to disallow
userspace mapping the NULL page, so I'm not exactly seeing what this
patch buys us.
> The ZERO_OR_NULL_PTR macro is changed accordingly. This patch does
> not modify its behavior nor has any performance nor functionality
> impact.
It does generate longer asm.
> The original change was written first by the PaX team for their
> patch.
>
> Signed-off-by: Larry Highsmith <larry@subreption.com>
>
> Index: linux-2.6/include/linux/slab.h
> ===================================================================
> --- linux-2.6.orig/include/linux/slab.h
> +++ linux-2.6/include/linux/slab.h
> @@ -73,10 +73,9 @@
> * ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can.
> * Both make kfree a no-op.
> */
> -#define ZERO_SIZE_PTR ((void *)16)
> +#define ZERO_SIZE_PTR ((void *)-1024L)
>
> -#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) <= \
> - (unsigned long)ZERO_SIZE_PTR)
> +#define ZERO_OR_NULL_PTR(x) (!(x) || (x) == ZERO_SIZE_PTR)
>
> /*
> * struct kmem_cache related prototypes
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2009-05-30 22:33 UTC|newest]
Thread overview: 114+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-30 19:28 [PATCH] Change ZERO_SIZE_PTR to point at unmapped space Larry H.
2009-05-30 19:28 ` Larry H.
2009-05-30 22:29 ` Linus Torvalds
2009-05-30 22:29 ` Linus Torvalds
2009-05-30 23:00 ` Larry H.
2009-05-30 23:00 ` Larry H.
2009-05-31 2:02 ` Linus Torvalds
2009-05-31 2:02 ` Linus Torvalds
2009-05-31 2:21 ` Larry H.
2009-05-31 2:21 ` Larry H.
2009-06-02 15:37 ` Christoph Lameter
2009-06-02 15:37 ` Christoph Lameter
2009-06-02 20:34 ` Larry H.
2009-06-02 20:34 ` Larry H.
2009-06-03 14:50 ` Security fix for remapping of page 0 (was [PATCH] Change ZERO_SIZE_PTR to point at unmapped space) Christoph Lameter
2009-06-03 14:50 ` Christoph Lameter
2009-06-03 15:07 ` Linus Torvalds
2009-06-03 15:07 ` Linus Torvalds
2009-06-03 15:23 ` Christoph Lameter
2009-06-03 15:23 ` Christoph Lameter
2009-06-03 15:38 ` Linus Torvalds
2009-06-03 15:38 ` Linus Torvalds
2009-06-03 16:14 ` Alan Cox
2009-06-03 16:14 ` Alan Cox
2009-06-03 16:19 ` Linus Torvalds
2009-06-03 16:19 ` Linus Torvalds
2009-06-03 16:24 ` Eric Paris
2009-06-03 16:24 ` Eric Paris
2009-06-03 16:22 ` Eric Paris
2009-06-03 16:22 ` Eric Paris
2009-06-03 16:28 ` Linus Torvalds
2009-06-03 16:28 ` Linus Torvalds
2009-06-03 16:32 ` Eric Paris
2009-06-03 16:32 ` Eric Paris
2009-06-03 16:44 ` Linus Torvalds
2009-06-03 16:44 ` Linus Torvalds
2009-06-03 15:11 ` Stephen Smalley
2009-06-03 15:11 ` Stephen Smalley
2009-06-03 15:41 ` Christoph Lameter
2009-06-03 15:41 ` Christoph Lameter
2009-06-03 16:18 ` Linus Torvalds
2009-06-03 16:18 ` Linus Torvalds
2009-06-03 16:28 ` Larry H.
2009-06-03 16:28 ` Larry H.
2009-06-03 16:36 ` Rik van Riel
2009-06-03 16:36 ` Rik van Riel
2009-06-03 16:47 ` Linus Torvalds
2009-06-03 16:47 ` Linus Torvalds
2009-06-03 17:16 ` Eric Paris
2009-06-03 17:16 ` Eric Paris
2009-06-03 17:28 ` Linus Torvalds
2009-06-03 17:28 ` Linus Torvalds
2009-06-03 17:31 ` Eric Paris
2009-06-03 17:31 ` Eric Paris
2009-06-03 17:24 ` Larry H.
2009-06-03 17:24 ` Larry H.
2009-06-03 17:21 ` Larry H.
2009-06-03 17:21 ` Larry H.
2009-06-03 22:52 ` James Morris
2009-06-03 22:52 ` James Morris
2009-06-03 17:29 ` Alan Cox
2009-06-03 17:29 ` Alan Cox
2009-06-03 17:35 ` Linus Torvalds
2009-06-03 17:35 ` Linus Torvalds
2009-06-03 18:00 ` Larry H.
2009-06-03 18:00 ` Larry H.
2009-06-03 18:12 ` Linus Torvalds
2009-06-03 18:12 ` Linus Torvalds
2009-06-03 18:39 ` Larry H.
2009-06-03 18:39 ` Larry H.
2009-06-03 18:45 ` Linus Torvalds
2009-06-03 18:45 ` Linus Torvalds
2009-06-03 18:50 ` Linus Torvalds
2009-06-03 18:50 ` Linus Torvalds
2009-06-03 18:59 ` Christoph Lameter
2009-06-03 18:59 ` Christoph Lameter
2009-06-03 19:11 ` Rik van Riel
2009-06-03 19:11 ` Rik van Riel
2009-06-03 19:14 ` Eric Paris
2009-06-03 19:14 ` Eric Paris
2009-06-03 19:42 ` Christoph Lameter
2009-06-03 19:42 ` Christoph Lameter
2009-06-03 19:51 ` Eric Paris
2009-06-03 19:51 ` Eric Paris
2009-06-03 20:04 ` Christoph Lameter
2009-06-03 20:04 ` Christoph Lameter
2009-06-03 20:16 ` Eric Paris
2009-06-03 20:16 ` Eric Paris
2009-06-03 20:36 ` Christoph Lameter
2009-06-03 20:36 ` Christoph Lameter
2009-06-03 21:20 ` Linus Torvalds
2009-06-03 21:20 ` Linus Torvalds
2009-06-04 2:41 ` James Morris
2009-06-04 2:41 ` James Morris
2009-06-03 19:21 ` Alan Cox
2009-06-03 19:21 ` Alan Cox
2009-06-03 19:45 ` Christoph Lameter
2009-06-03 19:45 ` Christoph Lameter
2009-06-03 21:07 ` Alan Cox
2009-06-03 21:07 ` Alan Cox
2009-06-03 19:27 ` Linus Torvalds
2009-06-03 19:27 ` Linus Torvalds
2009-06-03 19:50 ` Christoph Lameter
2009-06-03 19:50 ` Christoph Lameter
2009-06-03 20:00 ` pageexec
2009-06-03 20:00 ` pageexec
2009-06-03 19:41 ` pageexec
2009-06-03 19:41 ` pageexec
2009-06-07 10:29 ` Pavel Machek
2009-06-07 10:29 ` Pavel Machek
2009-05-30 22:32 ` Peter Zijlstra [this message]
2009-05-30 22:32 ` [PATCH] Change ZERO_SIZE_PTR to point at unmapped space Peter Zijlstra
2009-05-30 22:51 ` Larry H.
2009-05-30 22:51 ` Larry H.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1243722771.6645.162.camel@laptop \
--to=peterz@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=research@subreption.com \
--cc=riel@redhat.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.