1 files changed, 23 insertions, 2 deletions
diff --git a/include/linux/poison.h b/include/linux/poison.h
index 7fc194aef8c2..34066ffd893d 100644
--- a/include/linux/poison.h
+++ b/include/linux/poison.h
@@ -2,13 +2,25 @@
 #define _LINUX_POISON_H
 /********** include/linux/list.h **********/
+/*
+ * Architectures might want to move the poison pointer offset
+ * into some well-recognized area such as 0xdead000000000000,
+ * that is also not mappable by user-space exploits:
+ */
+#ifdef CONFIG_ILLEGAL_POINTER_VALUE
+# define POISON_POINTER_DELTA _AC(CONFIG_ILLEGAL_POINTER_VALUE, UL)
+#else
+# define POISON_POINTER_DELTA 0
+#endif
 /*
 * These are non-NULL pointers that will result in page faults
 * under normal circumstances, used to verify that nobody uses
 * non-initialized list entries.
 */
-#define LIST_POISON1  ((void *) 0x00100100)
+#define LIST_POISON1  ((void *) 0x00100100 + POISON_POINTER_DELTA)
-#define LIST_POISON2  ((void *) 0x00200200)
+#define LIST_POISON2  ((void *) 0x00200200 + POISON_POINTER_DELTA)
 /********** include/linux/timer.h **********/
 /*
@@ -36,6 +48,15 @@
 #define POISON_FREE     0x6b    /* for use-after-free poisoning */
 #define POISON_END      0xa5    /* end-byte of poisoning */
+/********** mm/hugetlb.c **********/
+/*
+ * Private mappings of hugetlb pages use this poisoned value for
+ * page->mapping. The core VM should not be doing anything with this mapping
+ * but futex requires the existence of some page->mapping value even though it
+ * is unused if PAGE_MAPPING_ANON is set.
+ */
+#define HUGETLB_POISON  ((void *)(0x00300300 + POISON_POINTER_DELTA + PAGE_MAPPING_ANON))
 /********** arch/$ARCH/mm/init.c **********/
 #define POISON_FREE_INITMEM     0xcc

diff --git a/include/linux/poison.h b/include/linux/poison.h index 7fc194aef8c2..34066ffd893d 100644 --- a/include/linux/poison.h +++ b/include/linux/poison.h
@@ -2,13 +2,25 @@
2	#define _LINUX_POISON_H	2	#define _LINUX_POISON_H
3		3
4	/******** include/linux/list.h ********/	4	/******** include/linux/list.h ********/
		5
		6	/*
		7	* Architectures might want to move the poison pointer offset
		8	* into some well-recognized area such as 0xdead000000000000,
		9	* that is also not mappable by user-space exploits:
		10	*/
		11	#ifdef CONFIG_ILLEGAL_POINTER_VALUE
		12	# define POISON_POINTER_DELTA _AC(CONFIG_ILLEGAL_POINTER_VALUE, UL)
		13	#else
		14	# define POISON_POINTER_DELTA 0
		15	#endif
		16
5	/*	17	/*
6	* These are non-NULL pointers that will result in page faults	18	* These are non-NULL pointers that will result in page faults
7	* under normal circumstances, used to verify that nobody uses	19	* under normal circumstances, used to verify that nobody uses
8	* non-initialized list entries.	20	* non-initialized list entries.
9	*/	21	*/
10	#define LIST_POISON1 ((void *) 0x00100100)	22	#define LIST_POISON1 ((void *) 0x00100100 + POISON_POINTER_DELTA)
11	#define LIST_POISON2 ((void *) 0x00200200)	23	#define LIST_POISON2 ((void *) 0x00200200 + POISON_POINTER_DELTA)
12		24
13	/******** include/linux/timer.h ********/	25	/******** include/linux/timer.h ********/
14	/*	26	/*
@@ -36,6 +48,15 @@
36	#define POISON_FREE 0x6b /* for use-after-free poisoning */	48	#define POISON_FREE 0x6b /* for use-after-free poisoning */
37	#define POISON_END 0xa5 /* end-byte of poisoning */	49	#define POISON_END 0xa5 /* end-byte of poisoning */
38		50
		51	/******** mm/hugetlb.c ********/
		52	/*
		53	* Private mappings of hugetlb pages use this poisoned value for
		54	* page->mapping. The core VM should not be doing anything with this mapping
		55	* but futex requires the existence of some page->mapping value even though it
		56	* is unused if PAGE_MAPPING_ANON is set.
		57	*/
		58	#define HUGETLB_POISON ((void *)(0x00300300 + POISON_POINTER_DELTA + PAGE_MAPPING_ANON))
		59
39	/******** arch/$ARCH/mm/init.c ********/	60	/******** arch/$ARCH/mm/init.c ********/
40	#define POISON_FREE_INITMEM 0xcc	61	#define POISON_FREE_INITMEM 0xcc
41		62