linux-stable.git/scripts/leaking_addresses.pl, branch v4.16.2 Linux kernel stable tree leaking_addresses: add SigIgn to false positives 2017-11-13T22:29:27+00:00 Tobin C. Harding me@tobin.cc 2017-11-13T22:25:11+00:00 a11949ec20635b43d82ee229315fd2e3c80c22a3 Signal masks are false positives, we already check for SigBlk and SigCgt but we missed SigIgn. Add SigIgn to false positive check. Signed-off-by: Tobin C. Harding <me@tobin.cc> 
Signal masks are false positives, we already check for SigBlk and SigCgt
but we missed SigIgn.

Add SigIgn to false positive check.

Signed-off-by: Tobin C. Harding <me@tobin.cc>
leaking_addresses: add timeout on file read 2017-11-13T22:29:27+00:00 Tobin C. Harding me@tobin.cc 2017-11-09T04:37:06+00:00 dd98c252aea2a3dcd4014cb71bcdf9588519b800 Currently script can stall if we read certain files (like /proc/kmsg). While we have a mechanism to skip these files once they are discovered it would be nice to not stall on as yet undiscovered files of this kind. Set a timer before each file is parsed, warn user if timer expires. Suggested-by: Kees Cook <keescook@chromium.org> Signed-off-by: Tobin C. Harding <me@tobin.cc> 
Currently script can stall if we read certain files (like
/proc/kmsg). While we have a mechanism to skip these files once they are
discovered it would be nice to not stall on as yet undiscovered files of
this kind.

Set a timer before each file is parsed, warn user if timer expires.

Suggested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Tobin C. Harding <me@tobin.cc>
leaking_addresses: add support for ppc64 2017-11-13T22:29:27+00:00 Tobin C. Harding me@tobin.cc 2017-11-09T04:19:40+00:00 62139c1242b573cb647776e3abc503a69fbd2c08 Currently script is targeted at x86_64. We can support other architectures by using the correct regular expressions for each architecture. Add the infrastructure to support multiple architectures. Add support for ppc64. Signed-off-by: Tobin C. Harding <me@tobin.cc> 
Currently script is targeted at x86_64. We can support other
architectures by using the correct regular expressions for each
architecture.

Add the infrastructure to support multiple architectures. Add support
for ppc64.

Signed-off-by: Tobin C. Harding <me@tobin.cc>
leaking_addresses: add summary reporting options 2017-11-13T22:29:27+00:00 Tobin C. Harding me@tobin.cc 2017-11-09T04:07:15+00:00 d09bd8da8812a4df69ea3303e6df846a729ec623 Currently script just dumps all results found. Potentially, this risks losing single results among multiple duplicate results. We need some way of restricting duplicates to assist users of the script. It would also be nice if we got a report instead of raw results. Duplicates can be defined in various ways, instead of trying to find a single perfect solution we can present the user with various options to display the output. Doing so will typically lead to users wanting to view the output multiple times. Currently we scan the kernel each time, this is slow and unnecessary. We can expedite the process by writing the results to file for subsequent viewing. Add command line options to enable summary reporting, including options to write to and read from file. Signed-off-by: Tobin C. Harding <me@tobin.cc> 
Currently script just dumps all results found. Potentially, this risks
losing single results among multiple duplicate results. We need some
way of restricting duplicates to assist users of the script. It would
also be nice if we got a report instead of raw results.

Duplicates can be defined in various ways, instead of trying to find a
single perfect solution we can present the user with various options to
display the output. Doing so will typically lead to users wanting to
view the output multiple times. Currently we scan the kernel each time,
this is slow and unnecessary. We can expedite the process by writing the
results to file for subsequent viewing.

Add command line options to enable summary reporting, including options
to write to and read from file.

Signed-off-by: Tobin C. Harding <me@tobin.cc>
leaking_addresses: add to exclude files/paths list 2017-11-13T22:29:27+00:00 Tobin C. Harding me@tobin.cc 2017-11-09T03:02:41+00:00 1c1e3be0bf37db1396b4ecd995992643a6d92c00 There are a couple more files that cause the script to stall. /sys/firmware/devicetree and its symlink /proc/device-tree, reported by Michael Ellerman. usbmon should be skipped were ever it appears. Reported by Kees Cook Add files to be excluded from parsing. Signed-off-by: Tobin C. Harding <me@tobin.cc> 
There are a couple more files that cause the script to stall.

/sys/firmware/devicetree and its symlink /proc/device-tree, reported by
Michael Ellerman.

usbmon should be skipped were ever it appears. Reported by Kees Cook

Add files to be excluded from parsing.

Signed-off-by: Tobin C. Harding <me@tobin.cc>
leaking_addresses: fix comment string typo 2017-11-13T22:29:27+00:00 Tobin C. Harding me@tobin.cc 2017-11-09T02:28:43+00:00 a284733e26e8e173cb5f589531a655d723ecb3ea Fix typo in comment string. Signed-off-by: Tobin C. Harding <me@tobin.cc> 
Fix typo in comment string.

Signed-off-by: Tobin C. Harding <me@tobin.cc>
leaking_addresses: remove command line options 2017-11-13T22:29:27+00:00 Tobin C. Harding me@tobin.cc 2017-11-08T00:11:09+00:00 ecd39dbd27d6f2907630678cbff464374edff8fe Currently script accepts files to skip. This was added to make running the script faster (for repeat runs). We can remove this functionality in preparation for adding sub commands (scan and format) to the script. Remove command line options. Signed-off-by: Tobin C. Harding <me@tobin.cc> 
Currently script accepts files to skip. This was added to make running
the script faster (for repeat runs). We can remove this functionality in
preparation for adding sub commands (scan and format) to the script.

Remove command line options.

Signed-off-by: Tobin C. Harding <me@tobin.cc>
leaking_addresses: remove dead/unused code 2017-11-13T22:29:27+00:00 Tobin C. Harding me@tobin.cc 2017-11-08T00:04:27+00:00 fa31a58202c5d9ebb26f562913b17e81357fe0e7 debug_arrays is not called. Also, %seen hash is not used. We should remove unused code. Remove dead code. Signed-off-by: Tobin C. Harding <me@tobin.cc> 
debug_arrays is not called. Also, %seen hash is not used. We should
remove unused code.

Remove dead code.

Signed-off-by: Tobin C. Harding <me@tobin.cc>
leaking_addresses: use tabs instead of spaces 2017-11-13T22:29:27+00:00 Tobin C. Harding me@tobin.cc 2017-11-08T00:01:59+00:00 7e5758f7f74a591b52c6e8a8cfe82e6288ddced0 Current code uses spaces instead of tabs in places. Use tabs instead of spaces. Signed-off-by: Tobin C. Harding <me@tobin.cc> 
Current code uses spaces instead of tabs in places.

Use tabs instead of spaces.

Signed-off-by: Tobin C. Harding <me@tobin.cc>
scripts: add leaking_addresses.pl 2017-11-06T19:46:42+00:00 Tobin C. Harding me@tobin.cc 2017-11-06T05:19:27+00:00 136fc5c41f349296db1910677bb7402b0eeff376 Currently we are leaking addresses from the kernel to user space. This script is an attempt to find some of those leakages. Script parses `dmesg` output and /proc and /sys files for hex strings that look like kernel addresses. Only works for 64 bit kernels, the reason being that kernel addresses on 64 bit kernels have 'ffff' as the leading bit pattern making greping possible. On 32 kernels we don't have this luxury. Scripts is _slightly_ smarter than a straight grep, we check for false positives (all 0's or all 1's, and vsyscall start/finish addresses). [ I think there is a lot of room for improvement here, but it's already useful, so I'm merging it as-is. The whole "hash %p format" series is expected to go into 4.15, but will not fix %x users, and will not incentivize people to look at what they are leaking. - Linus ] Signed-off-by: Tobin C. Harding <me@tobin.cc> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Currently we are leaking addresses from the kernel to user space. This
script is an attempt to find some of those leakages. Script parses
`dmesg` output and /proc and /sys files for hex strings that look like
kernel addresses.

Only works for 64 bit kernels, the reason being that kernel addresses on
64 bit kernels have 'ffff' as the leading bit pattern making greping
possible. On 32 kernels we don't have this luxury.

Scripts is _slightly_ smarter than a straight grep, we check for false
positives (all 0's or all 1's, and vsyscall start/finish addresses).

[ I think there is a lot of room for improvement here, but it's already
  useful, so I'm merging it as-is. The whole "hash %p format" series is
  expected to go into 4.15, but will not fix %x users, and will not
  incentivize people to look at what they are leaking.     - Linus ]

Signed-off-by: Tobin C. Harding <me@tobin.cc>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>