What is the role of LIST_POISON1 and LIST_POISON2?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: navych@126.com (Navy Cheng)
To: kernelnewbies@lists.kernelnewbies.org
Subject: What is the role of LIST_POISON1 and LIST_POISON2?
Date: Fri, 4 Mar 2016 21:01:42 +0800	[thread overview]
Message-ID: <20160304130142.GA5044@debian> (raw)
In-Reply-To: <120221.1457075246@turing-police.cc.vt.edu>

On Fri, Mar 04, 2016 at 02:07:26AM -0500, Valdis.Kletnieks at vt.edu wrote:
> On Fri, 04 Mar 2016 13:02:02 +0800, Navy Cheng said:
> > Hi,
> >
> > When I read the code of list_del(), I find LIST_POISON1 and LIST_POISON2:
> >
> >     static inline void list_del(struct list_head *entry)
> >     {
> > 	__list_del(entry->prev, entry->next);
> > 	entry->next = LIST_POISON1;
> > 	entry->prev = LIST_POISON2;
> >     }
> >
> > Why not set entry->next and entry->prev to NULL ?
> 
> To more easily detect different classes of list corruption, use-after-free, and
> other programming errors.  If ->next and ->prev are NULL, it may be the result
> of following a bad pointer.  If  they're equal to POISON 1 and 2, you're almost
> certainly looking at a once-valid pointer that is a use-after-free situation.
> It's easy to end up pointing at a zeroed page.  The chances of pointing at
> some random data that happens to be POISON 1/2 is much lower.
> 
> See the code in lib/list_debug.c
> 

Thank you, but I don't quite understand. Could you give an example or tell me
some books and documnets about this?

next prev parent reply	other threads:[~2016-03-04 13:01 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-04  5:02 What is the role of LIST_POISON1 and LIST_POISON2? Navy Cheng
2016-03-04  7:07 ` Valdis.Kletnieks at vt.edu
2016-03-04 13:01   ` Navy Cheng [this message]
2016-03-04 20:11     ` Vasu M

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160304130142.GA5044@debian \
    --to=navych@126.com \
    --cc=kernelnewbies@lists.kernelnewbies.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.