From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Vasily Kulikov <segoon@openwall.com>,
Solar Designer <solar@openwall.com>,
Thomas Gleixner <tglx@linutronix.de>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 3.14 30/37] include/linux/poison.h: fix LIST_POISON{1,2} offset
Date: Mon, 2 May 2016 17:12:19 -0700 [thread overview]
Message-ID: <20160503000424.525177902@linuxfoundation.org> (raw)
In-Reply-To: <20160503000423.577563140@linuxfoundation.org>
3.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vasily Kulikov <segoon@openwall.com>
commit 8a5e5e02fc83aaf67053ab53b359af08c6c49aaf upstream.
Poison pointer values should be small enough to find a room in
non-mmap'able/hardly-mmap'able space. E.g. on x86 "poison pointer space"
is located starting from 0x0. Given unprivileged users cannot mmap
anything below mmap_min_addr, it should be safe to use poison pointers
lower than mmap_min_addr.
The current poison pointer values of LIST_POISON{1,2} might be too big for
mmap_min_addr values equal or less than 1 MB (common case, e.g. Ubuntu
uses only 0x10000). There is little point to use such a big value given
the "poison pointer space" below 1 MB is not yet exhausted. Changing it
to a smaller value solves the problem for small mmap_min_addr setups.
The values are suggested by Solar Designer:
http://www.openwall.com/lists/oss-security/2015/05/02/6
Signed-off-by: Vasily Kulikov <segoon@openwall.com>
Cc: Solar Designer <solar@openwall.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/poison.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/include/linux/poison.h
+++ b/include/linux/poison.h
@@ -19,8 +19,8 @@
* under normal circumstances, used to verify that nobody uses
* non-initialized list entries.
*/
-#define LIST_POISON1 ((void *) 0x00100100 + POISON_POINTER_DELTA)
-#define LIST_POISON2 ((void *) 0x00200200 + POISON_POINTER_DELTA)
+#define LIST_POISON1 ((void *) 0x100 + POISON_POINTER_DELTA)
+#define LIST_POISON2 ((void *) 0x200 + POISON_POINTER_DELTA)
/********** include/linux/timer.h **********/
/*
next prev parent reply other threads:[~2016-05-03 0:15 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-03 0:11 [PATCH 3.14 00/37] 3.14.68-stable review Greg Kroah-Hartman
2016-05-03 0:11 ` [PATCH 3.14 01/37] ARM: OMAP2+: hwmod: Fix updating of sysconfig register Greg Kroah-Hartman
2016-05-03 0:11 ` [PATCH 3.14 02/37] assoc_array: dont call compare_object() on a node Greg Kroah-Hartman
2016-05-03 0:11 ` [PATCH 3.14 03/37] usb: xhci: fix wild pointers in xhci_mem_cleanup Greg Kroah-Hartman
2016-05-03 0:11 ` [PATCH 3.14 04/37] usb: hcd: out of bounds access in for_each_companion Greg Kroah-Hartman
2016-05-03 0:11 ` [PATCH 3.14 05/37] lib: lz4: fixed zram with lz4 on big endian machines Greg Kroah-Hartman
2016-05-03 0:11 ` [PATCH 3.14 06/37] x86/iopl/64: Properly context-switch IOPL on Xen PV Greg Kroah-Hartman
2016-05-03 0:11 ` [PATCH 3.14 07/37] futex: Acknowledge a new waiter in counter before plist Greg Kroah-Hartman
2016-05-03 0:11 ` [PATCH 3.14 08/37] drm/qxl: fix cursor position with non-zero hotspot Greg Kroah-Hartman
2016-05-03 0:11 ` [PATCH 3.14 09/37] crypto: ccp - Prevent information leakage on export Greg Kroah-Hartman
2016-05-03 0:11 ` [PATCH 3.14 10/37] crypto: gcm - Fix rfc4543 decryption crash Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 11/37] nl80211: check netlink protocol in socket release notification Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 12/37] Input: gtco - fix crash on detecting device without endpoints Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 13/37] pinctrl: single: Fix pcs_parse_bits_in_pinctrl_entry to use __ffs than ffs Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 14/37] i2c: cpm: Fix build break due to incompatible pointer types Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 15/37] i2c: exynos5: Fix possible ABBA deadlock by keeping I2C clock prepared Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 16/37] EDAC: i7core, sb_edac: Dont return NOTIFY_BAD from mce_decoder callback Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 17/37] ASoC: s3c24xx: use const snd_soc_component_driver pointer Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 18/37] ASoC: rt5640: Correct the digital interface data select Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 19/37] efi: Fix out-of-bounds read in variable_matches() Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 20/37] workqueue: fix ghost PENDING flag while doing MQ IO Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 21/37] USB: usbip: fix potential out-of-bounds write Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 22/37] paride: make verbose parameter an int again Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 23/37] fbdev: da8xx-fb: fix videomodes of lcd panels Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 24/37] misc/bmp085: Enable building as a module Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 25/37] rtc: hym8563: fix invalid year calculation Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 27/37] drivers/misc/ad525x_dpot: AD5274 fix RDAC read back errors Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 28/37] ext4: fix NULL pointer dereference in ext4_mark_inode_dirty() Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 29/37] serial: sh-sci: Remove cpufreq notifier to fix crash/deadlock Greg Kroah-Hartman
2016-05-03 0:12 ` Greg Kroah-Hartman [this message]
2016-05-03 0:12 ` [PATCH 3.14 31/37] Drivers: hv: vmbus: prevent cpu offlining on newer hypervisors Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 32/37] perf stat: Document --detailed option Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 34/37] bus: imx-weim: Take the status property value into account Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 35/37] jme: Do not enable NIC WoL functions on S0 Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 36/37] jme: Fix device PM wakeup API usage Greg Kroah-Hartman
2016-05-03 0:12 ` [PATCH 3.14 37/37] sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race Greg Kroah-Hartman
2016-05-03 7:19 ` [PATCH 3.14 00/37] 3.14.68-stable review Guenter Roeck
2016-05-03 18:21 ` Greg Kroah-Hartman
2016-05-03 15:00 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160503000424.525177902@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=segoon@openwall.com \
--cc=solar@openwall.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox