Unnamed repository; edit this file 'description' to name the repository. https://git.kobert.dev/pm24.git/atom?h=v4.18 2018-04-06T22:50:34Z 2018-04-06T22:50:34Z Tobin C. Harding me@tobin.cc 2018-03-01T21:49:55Z urn:sha1:c73dff595f259736a90f52b38cf5798abeae4a3c Sometimes files may be created by using output from printk. As the scan traverses the directory tree we should parse each path name and check if it is leaking an address. Add check for leaking address on each path name. Suggested-by: Tycho Andersen <tycho@tycho.ws> Acked-by: Tycho Andersen <tycho@tycho.ws> Signed-off-by: Tobin C. Harding <me@tobin.cc> 2018-04-06T22:50:34Z Tobin C. Harding me@tobin.cc 2018-03-01T21:42:59Z urn:sha1:2306a67745ebdf3f98bc954248b74a3f1d57cdc2 Currently sub routine may_leak_address() is checking regex against Perl special variable $_ which is _fortunately_ being set correctly in a loop before this sub routine is called. We already have declared a variable to hold this value '$line' we should use it. Use $line in regex match instead of implicit $_ Signed-off-by: Tobin C. Harding <me@tobin.cc> 2018-04-06T22:50:34Z Tobin C. Harding me@tobin.cc 2018-02-27T04:15:34Z urn:sha1:34827374492580b27c3cba29d493dab28c8c25d3 We have git now, we don't need a version number. This was originally added because leaking_addresses.pl shamelessly (and mindlessly) copied checkpatch.pl Remove version number from script. Signed-off-by: Tobin C. Harding <me@tobin.cc> 2018-04-06T22:50:34Z Tobin C. Harding me@tobin.cc 2018-02-27T03:14:24Z urn:sha1:2ad742939283ed0613be654ad0aaf29b797f9905 The pointers listed in /proc/1/syscall are user pointers, and negative syscall args will show up like kernel addresses. For example /proc/31808/syscall: 0 0x3 0x55b107a38180 0x2000 0xffffffffffffffb0 \ 0x55b107a302d0 0x55b107a38180 0x7fffa313b8e8 0x7ff098560d11 Skip parsing /proc/1/syscall Suggested-by: Tycho Andersen <tycho@tycho.ws> Signed-off-by: Tobin C. Harding <me@tobin.cc> 2018-04-06T22:50:34Z Tobin C. Harding me@tobin.cc 2018-02-27T04:02:57Z urn:sha1:472c9e1085f20de71fc482500c8f1e4e45dff651 When the system is idle it is likely that most files under /proc/PID will be identical for various processes. Scanning _all_ the PIDs under /proc is unnecessary and implies that we are thoroughly scanning /proc. This is _not_ the case because there may be ways userspace can trigger creation of /proc files that leak addresses but were not present during a scan. For these two reasons we should exclude all PID directories under /proc except '1/' Exclude all /proc/PID except /proc/1. Signed-off-by: Tobin C. Harding <me@tobin.cc> 2018-04-06T22:50:34Z Tobin C. Harding me@tobin.cc 2018-02-19T02:23:44Z urn:sha1:5e4bac34edc7829b4a0749e3870d4a171c1f036f Currently we are repeatedly calling `uname -m`. This is causing the script to take a long time to run (more than 10 seconds to parse /proc/kallsyms). We can use Perl state variables to cache the result of the first call to `uname -m`. With this change in place the script scans the whole kernel in under a minute. Cache machine architecture in state variable. Signed-off-by: Tobin C. Harding <me@tobin.cc> 2018-04-06T22:50:34Z Tobin C. Harding me@tobin.cc 2018-02-19T00:03:37Z urn:sha1:b401f56f33bf551304cc4ca4f503863ee6ac7787 Currently script has multiple configuration arrays. This is confusing, evident by the fact that a bunch of the entries are in the wrong place. We can simplify the code by just having a single array for absolute paths to skip and a single array for file names to skip wherever they appear in the scanned directory tree. There are also currently multiple subroutines to handle the different arrays, we can reduce these to a single subroutine also. Simplify the path skipping code. Signed-off-by: Tobin C. Harding <me@tobin.cc> 2018-04-06T22:50:34Z Tobin C. Harding me@tobin.cc 2018-02-18T23:22:15Z urn:sha1:e2858caddc71f61521254a5359d17d058d6dda08 Currently script parses binary files. Since we are scanning for readable kernel addresses there is no need to parse binary files. We can use Perl to check if file is binary and skip parsing it if so. Do not parse binary files. Signed-off-by: Tobin C. Harding <me@tobin.cc> 2018-04-06T22:50:34Z Tobin C. Harding me@tobin.cc 2018-01-29T04:00:16Z urn:sha1:1410fe4eea22959bd31c05e4c1846f1718300bde Currently script only supports x86_64 and ppc64. It would be nice to be able to scan 32-bit machines also. We can add support for 32-bit architectures by modifying how we check for false positives, taking advantage of the page offset used by the kernel, and using the correct regular expression. Support for 32-bit machines is enabled by the observation that the kernel addresses on 32-bit machines are larger [in value] than the page offset. We can use this to filter false positives when scanning the kernel for leaking addresses. Programmatic determination of the running architecture is not immediately obvious (current 32-bit machines return various strings from `uname -m`). We therefore provide a flag to enable scanning of 32-bit kernels. Also we can check the kernel config file for the offset and if not found default to 0xc0000000. A command line option to parse in the page offset is also provided. We do automatically detect architecture if running on ix86. Add support for 32-bit kernels. Add a command line option for page offset. Suggested-by: Kaiwan N Billimoria <kaiwan.billimoria@gmail.com> Signed-off-by: Tobin C. Harding <me@tobin.cc> 2018-04-06T22:50:34Z Tobin C. Harding me@tobin.cc 2018-01-29T03:33:49Z urn:sha1:5eb0da0568a241f72732eb2143538fb14879a52c Currently there is duplicate code when checking the architecture type. We can remove the duplication by implementing a wrapper function is_arch(). Implement and use wrapper function is_arch(). Signed-off-by: Tobin C. Harding <me@tobin.cc>