From: linux@arm.linux.org.uk (Russell King - ARM Linux)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] arm: mm: Poison freed init memory
Date: Thu, 6 Jan 2011 09:07:41 +0000 [thread overview]
Message-ID: <20110106090741.GQ8638@n2100.arm.linux.org.uk> (raw)
In-Reply-To: <4D255263.7040106@codeaurora.org>
On Wed, Jan 05, 2011 at 09:25:55PM -0800, Stephen Boyd wrote:
> On 01/05/2011 12:26 PM, Russell King - ARM Linux wrote:
> > On Wed, Jan 05, 2011 at 11:47:25AM -0800, Stephen Boyd wrote:
> >> Poisoning __init marked memory can be useful when tracking down
> >> obscure memory corruption bugs. When a pointer is 0xCCCCCCCC in an
> >
> > That's a bad idea for a value. With a 3GB page offset and 256MB or
> > more memory, accesses to such an address will always succeed.
> >
> > There's two things to be considered when selecting a possible poison
> > value:
> >
> > 1. what value is guaranteed to provoke an undefined instruction exception?
> > 2. what value when used as an address and dereferenced is mostly always
> > going to abort?
> >
> > 1 for ARM mode implies an 0xe7fXXXfX value. For Thumb mode 0xdeXX. We
> > use this space for breakpoints.
> >
> > 2 unfortunately depends on the platform.
>
> A coworker proposed we use a SWI instruction. We could do that if the
> poison is 0xEF and then do something in the SWI handler where that
> number causes us to blow up?
Doesn't work with EABI - the comment field in the SWI instruction is
ignored on EABI.
> If I'm following correctly, point 1 is about __init functions and point
> 2 is about __initdata. I'm more concerned about __initdata because
> __init functions called from non __init marked functions are usually
> caught with section mismatch checks. Also, if we're jumping to
> 0xCCCCCCCC we're probably not in the text section of the kernel with a
But, as I pointed out, you don't know that 0xCCCCCCCC isn't a valid
address _and_ on modern platforms it won't fault. So it's pointless
to use it as a poison value.
next prev parent reply other threads:[~2011-01-06 9:07 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-05 19:47 [PATCH] arm: mm: Poison freed init memory Stephen Boyd
2011-01-05 20:26 ` Russell King - ARM Linux
2011-01-06 5:25 ` Stephen Boyd
2011-01-06 9:07 ` Russell King - ARM Linux [this message]
2011-01-11 5:00 ` Stephen Boyd
2011-01-11 9:06 ` Russell King - ARM Linux
2011-01-11 13:33 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110106090741.GQ8638@n2100.arm.linux.org.uk \
--to=linux@arm.linux.org.uk \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).