On Sun, Nov 21, 2010 at 4:45 AM, Robert P. J. Day <rpjday@xxxxxxxxxxxxxx> wrote:
examples of why the values are always set:
http://lkml.org/lkml/2003/12/3/104
http://lkml.org/lkml/2003/6/14/155
even without debugging on, its still immediately obvious when a poisoned pointer is deferenced.
And it does matter what the values are, they are set to addresses that won't normally be mapped in order to trigger a fault. This catches programming errors even when full debugging isn't enabled.
continuing my journey into the depths of kernel data structures, i'm
curious about the design and usage of list "poisoning".
first, here are the magic values used to poison list node pointers,
defined in poison.h:
#define LIST_POISON1 ((void *) 0x00100100 + POISON_POINTER_DELTA)
#define LIST_POISON2 ((void *) 0x00200200 + POISON_POINTER_DELTA)
doesn't really matter what those value are, they're just magic and
immediately identifiable values. and they're used as the new values
for the prev and next pointers of list nodes that are, among other
things, removed from a list. this is from list.h:
examples of why the values are always set:
http://lkml.org/lkml/2003/12/3/104
http://lkml.org/lkml/2003/6/14/155
even without debugging on, its still immediately obvious when a poisoned pointer is deferenced.
And it does matter what the values are, they are set to addresses that won't normally be mapped in order to trigger a fault. This catches programming errors even when full debugging isn't enabled.
