From patchwork Thu Nov 9 05:09:28 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 836176 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=tobin.cc header.i=@tobin.cc header.b="XodbmzGe"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="BQYKhpKX"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3yXWVq4wbwz9s5L for ; Thu, 9 Nov 2017 16:12:03 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751213AbdKIFJ7 (ORCPT ); Thu, 9 Nov 2017 00:09:59 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:56697 "EHLO out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750736AbdKIFJz (ORCPT ); Thu, 9 Nov 2017 00:09:55 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 05F2420D66; Thu, 9 Nov 2017 00:09:55 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Thu, 09 Nov 2017 00:09:55 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=UcHiLZWr2plgieR9P aB9lh0Gyq+kmFtxSyMT2wkC6l4=; b=XodbmzGeMkAtjQ0g0NlJR8Jfe/dtNS6qx Zjf6Tn8XEKWPPClCKgkMAmRJNO1c2iFc/7BSHKyqoaJC27PZEKsbzIUWb5lAk04R zHRq+avrl9CuDV9xpN+2Sjpc2O9Cq8Fz1aD7g5/VhgZJ8uArPyUddXs7QEYx9zK9 ORSS1XLaGYKboZDFu+Rk9m/1AneBCb4u1glpPcP0N0Egarmc9C20jtiEGHPecDY2 h64xR2le2Nn2TNj+trgK+KYX7VqKdnIHHWk4tzNFb5+eyBfKUuwy1spf6FgLvSot bIVnLX02urt8X8JZs8z0mnmimaqLZ5BLtq0DnpoFcruepr7mr8Kzw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=UcHiLZWr2plgieR9PaB9lh0Gyq+kmFtxSyMT2wkC6l4=; b=BQYKhpKX pBqF95oDX1+F5tYqxZefDS0+7KyUN8Zzas63TJsa5weOXEkut1fJPQHlhltwHvdM pmD9rSdEmVvYmoyMZ2me/eNHCrQWiwQlyrG7rPTyhS7Y/JsrCCUJ9+u8kD+MuzTM WqKf8dSIaHRwzJu9Hpo+5yURUi0+PWwUtwu5dKLuj9S77LgV/eqvGSQiV+aS+J18 eINUw80enqNYgdLOKPJbD1GbONktNS9SsuBHmWbhZYV9K7661/R5NbVS3o+kVGE0 nacL8wCOys+UVbzeTMAiv+WK9Vo6+Bg9CNZS5fEbvN4y6AcVyvnRsgR8CytGCMgI KPSaH8eTvO9v/w== X-ME-Sender: Received: from localhost (124-170-203-151.dyn.iinet.net.au [124.170.203.151]) by mail.messagingengine.com (Postfix) with ESMTPA id 164A32484C; Thu, 9 Nov 2017 00:09:54 -0500 (EST) From: "Tobin C. Harding" To: Linus Torvalds Cc: "Tobin C. Harding" , "Jason A. Donenfeld" , Theodore Ts'o , Kees Cook , Paolo Bonzini , Tycho Andersen , "Roberts, William C" , Tejun Heo , Jordan Glover , Greg KH , Petr Mladek , Joe Perches , Ian Campbell , Sergey Senozhatsky , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein , Daniel Micay , Djalal Harouni , "Paul E. McKenney" , Andy Lutomirski , Peter Zijlstra , Michael Ellerman , David Miller , Network Development , linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH v2 1/8] scripts/leaking_addresses: use tabs not spaces Date: Thu, 9 Nov 2017 16:09:28 +1100 Message-Id: <1510204175-10138-2-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510204175-10138-1-git-send-email-me@tobin.cc> References: <1510204175-10138-1-git-send-email-me@tobin.cc> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Current code uses spaces instead of tabs in places. Use tabs instead of spaces. Signed-off-by: Tobin C. Harding --- scripts/leaking_addresses.pl | 54 ++++++++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index 2977371b2956..b64efcecbb5e 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -170,46 +170,46 @@ sub push_to_global sub is_false_positive { - my ($match) = @_; + my ($match) = @_; + + if ($match =~ '\b(0x)?(f|F){16}\b' or + $match =~ '\b(0x)?0{16}\b') { + return 1; + } - if ($match =~ '\b(0x)?(f|F){16}\b' or - $match =~ '\b(0x)?0{16}\b') { - return 1; - } - # vsyscall memory region, we should probably check against a range here. - if ($match =~ '\bf{10}600000\b' or - $match =~ '\bf{10}601000\b') { - return 1; - } + if ($match =~ '\bf{10}600000\b' or# vsyscall memory region, we should probably check against a range here. + $match =~ '\bf{10}601000\b') { + return 1; + } - return 0; + return 0; } # True if argument potentially contains a kernel address. sub may_leak_address { - my ($line) = @_; - my $address = '\b(0x)?ffff[[:xdigit:]]{12}\b'; + my ($line) = @_; + my $address = '\b(0x)?ffff[[:xdigit:]]{12}\b'; - # Signal masks. - if ($line =~ '^SigBlk:' or - $line =~ '^SigCgt:') { - return 0; - } + # Signal masks. + if ($line =~ '^SigBlk:' or + $line =~ '^SigCgt:') { + return 0; + } - if ($line =~ '\bKEY=[[:xdigit:]]{14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b' or - $line =~ '\b[[:xdigit:]]{14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b') { + if ($line =~ '\bKEY=[[:xdigit:]]{14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b' or + $line =~ '\b[[:xdigit:]]{14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b') { return 0; - } + } - while (/($address)/g) { - if (!is_false_positive($1)) { - return 1; - } - } + while (/($address)/g) { + if (!is_false_positive($1)) { + return 1; + } + } - return 0; + return 0; } sub parse_dmesg From patchwork Thu Nov 9 05:09:29 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 836178 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=tobin.cc header.i=@tobin.cc header.b="jB0gizh4"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="NPj7+qg5"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3yXWW817Xrz9s5L for ; Thu, 9 Nov 2017 16:12:20 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751108AbdKIFMD (ORCPT ); Thu, 9 Nov 2017 00:12:03 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:55459 "EHLO out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751201AbdKIFJ7 (ORCPT ); Thu, 9 Nov 2017 00:09:59 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id AF08920D2C; Thu, 9 Nov 2017 00:09:58 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Thu, 09 Nov 2017 00:09:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=ejwhCN7GAnzDKaH3L JEcaTS37NbH/JxB/xYxHSdbp6c=; b=jB0gizh4ksim+VPs+/gRfUa0myJjxxmUy cENL+jxHj+UzA+fYgP7eqrMOAo90oP9y+O4Qqn0Z0EbMHER0z4rz/+gl4HzXWe6g suqdSGDdIsO4kuVc5X4hinorh4fdNC88BLTJpU2ASvuLi1GLHnYazJi1ZqqQRdR5 aCJ0AcALFiVT0h4nBCd/MMKHT7OhYjRebsOMQNTyfS62UiGjmzNwxHouubhjyZHD 6UXJ1invele0Bf/iP8Y9V72bgLwwwsJAfRBEVX81dObUEKpVi5i5McOwx6pSBqRZ Ks+5lWoc2H3J/k2+TObc53E4QU6B/9VEZXTa4YSocq+KnbcRphCVg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=ejwhCN7GAnzDKaH3LJEcaTS37NbH/JxB/xYxHSdbp6c=; b=NPj7+qg5 WPHNwr3kp9oR2t4YzzFfWTxPzT49lhd8KwhkIZG8U21qj19aV+9354UnoLRlFvT7 FyYU5OF79S+aR23x0H/qoouGyvblRExlxQy7wS60NILPPOIUyO12zkWVrYLj/AuN E8v8MGBJn7gghFCilW7l4FY8BNk/nOqEvbdwt0XaNMMmEJMr/6PaCGsNARuWF4AJ cLlhjD7BFrLHah21fLwxN/oJxyktMhwiLtwmpDSdZfGRPSANO/0DKV7Mx70S3Szn ZWIqFsdCTKxsz1uZRabEuLI5n0PvKEi6fmwPYESRlYRMtEq8+ldz3ReOYdU67NUy 6KrexEhoG18pOw== X-ME-Sender: Received: from localhost (124-170-203-151.dyn.iinet.net.au [124.170.203.151]) by mail.messagingengine.com (Postfix) with ESMTPA id BEAD97E954; Thu, 9 Nov 2017 00:09:57 -0500 (EST) From: "Tobin C. Harding" To: Linus Torvalds Cc: "Tobin C. Harding" , "Jason A. Donenfeld" , Theodore Ts'o , Kees Cook , Paolo Bonzini , Tycho Andersen , "Roberts, William C" , Tejun Heo , Jordan Glover , Greg KH , Petr Mladek , Joe Perches , Ian Campbell , Sergey Senozhatsky , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein , Daniel Micay , Djalal Harouni , "Paul E. McKenney" , Andy Lutomirski , Peter Zijlstra , Michael Ellerman , David Miller , Network Development , linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH v2 2/8] scripts/leaking_addresses: remove dead code Date: Thu, 9 Nov 2017 16:09:29 +1100 Message-Id: <1510204175-10138-3-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510204175-10138-1-git-send-email-me@tobin.cc> References: <1510204175-10138-1-git-send-email-me@tobin.cc> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org debug_arrays is not called. Also, %seen hash is not used. We should remove unused code. Remove dead code. Signed-off-by: Tobin C. Harding --- scripts/leaking_addresses.pl | 9 --------- 1 file changed, 9 deletions(-) diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index b64efcecbb5e..94b22d5b9237 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -133,14 +133,6 @@ walk(@DIRS); exit 0; -sub debug_arrays -{ - print 'dirs_any: ' . join(", ", @skip_walk_dirs_any) . "\n"; - print 'dirs_abs: ' . join(", ", @skip_walk_dirs_abs) . "\n"; - print 'parse_any: ' . join(", ", @skip_parse_files_any) . "\n"; - print 'parse_abs: ' . join(", ", @skip_parse_files_abs) . "\n"; -} - sub dprint { printf(STDERR @_) if $debug; @@ -281,7 +273,6 @@ sub skip_walk sub walk { my @dirs = @_; - my %seen; while (my $pwd = shift @dirs) { next if (skip_walk($pwd)); From patchwork Thu Nov 9 05:09:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 836175 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=tobin.cc header.i=@tobin.cc header.b="b/u0nwcD"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="ciNxlmWw"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3yXWVb11cMz9s5L for ; Thu, 9 Nov 2017 16:11:51 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751311AbdKIFKF (ORCPT ); Thu, 9 Nov 2017 00:10:05 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:40489 "EHLO out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750736AbdKIFKD (ORCPT ); Thu, 9 Nov 2017 00:10:03 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 80D5120CE3; Thu, 9 Nov 2017 00:10:02 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Thu, 09 Nov 2017 00:10:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=fu+eN1vMjU+H4jbFA tHrhAXXBPC4nRpSYUtJPmE3CRs=; b=b/u0nwcDF1hb/Pu36RtK+ZRb9MEfus6DP 5spiVYXBRsWSAqD8jRKFhmza0IbxmLVfx/biVlOQ1/28IvN7W5xVW6rMimHLahHj BRCZnxBcdUdYr0gU6vBqFZG/GTCpo+So5BLe/19+cfwajFJkivNPDRJEytfGD0eX B+Gh34WYN0gJSnEkCT9wWE0b7Fc4XL/RDesnkEdDN/FV2h1SzO+pPDlMHTyWFaRs LUPSr8jI8VWjrEjxX57rAc5i+kjQEaqX/9a4ugbAVp28OV3jW7hAH41N6njamCgD u69CL9E7Za0q6kO4KphreZLhMpmevcaQC0vP+pE/IL8HwmSJO8+XA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=fu+eN1vMjU+H4jbFAtHrhAXXBPC4nRpSYUtJPmE3CRs=; b=ciNxlmWw 9SE1PH3BkrBtGmAQQuHvc3hWTUbZQcLOSvDHnz2ycKxRaGza42mysF8F3t04IQlX 2XcG8bbqZACztyd1IIfr9wBU37Kxbtr7E9Mjk2N6LHlt3JUW8pu2X4vfVdgpL/Jh Us9cwOYbWmtQjj3qFfTc2/XxQsTudON/LtLtTrOnNPr9UAvYMiLBUBT95EFC5sYt ioDr8AR7y43PHTmwgRfZkRy3YX5GZt2iXcBT9SlgKjwD3hToFRVTB+3OXuBKuTqo LEvZuURCearb/8IJntoTFz7LIfTx3yXVfrFPSY+DZyvj6Z/GK8XV9iYFMaY4R1CY EDCyETDLhMsT+A== X-ME-Sender: Received: from localhost (124-170-203-151.dyn.iinet.net.au [124.170.203.151]) by mail.messagingengine.com (Postfix) with ESMTPA id 1BDC2240A4; Thu, 9 Nov 2017 00:10:01 -0500 (EST) From: "Tobin C. Harding" To: Linus Torvalds Cc: "Tobin C. Harding" , "Jason A. Donenfeld" , Theodore Ts'o , Kees Cook , Paolo Bonzini , Tycho Andersen , "Roberts, William C" , Tejun Heo , Jordan Glover , Greg KH , Petr Mladek , Joe Perches , Ian Campbell , Sergey Senozhatsky , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein , Daniel Micay , Djalal Harouni , "Paul E. McKenney" , Andy Lutomirski , Peter Zijlstra , Michael Ellerman , David Miller , Network Development , linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH v2 3/8] scripts/leaking_addresses: remove command line options Date: Thu, 9 Nov 2017 16:09:30 +1100 Message-Id: <1510204175-10138-4-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510204175-10138-1-git-send-email-me@tobin.cc> References: <1510204175-10138-1-git-send-email-me@tobin.cc> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Currently script accepts files to skip. This was added to make running the script faster (for repeat runs). We can remove this functionality in preparation for adding sub commands (scan and format) to the script. Remove command line options. Signed-off-by: Tobin C. Harding --- scripts/leaking_addresses.pl | 58 -------------------------------------------- 1 file changed, 58 deletions(-) diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index 94b22d5b9237..719ed0aaede7 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -7,25 +7,6 @@ # - Scans dmesg output. # - Walks directory tree and parses each file (for each directory in @DIRS). # -# You can configure the behaviour of the script; -# -# - By adding paths, for directories you do not want to walk; -# absolute paths: @skip_walk_dirs_abs -# directory names: @skip_walk_dirs_any -# -# - By adding paths, for files you do not want to parse; -# absolute paths: @skip_parse_files_abs -# file names: @skip_parse_files_any -# -# The use of @skip_xxx_xxx_any causes files to be skipped where ever they occur. -# For example adding 'fd' to @skip_walk_dirs_any causes the fd/ directory to be -# skipped for all PID sub-directories of /proc -# -# The same thing can be achieved by passing command line options to --dont-walk -# and --dont-parse. If absolute paths are supplied to these options they are -# appended to the @skip_xxx_xxx_abs arrays. If file names are supplied to these -# options, they are appended to the @skip_xxx_xxx_any arrays. -# # Use --debug to output path before parsing, this is useful to find files that # cause the script to choke. # @@ -50,8 +31,6 @@ my @DIRS = ('/proc', '/sys'); # Command line options. my $help = 0; my $debug = 0; -my @dont_walk = (); -my @dont_parse = (); # Do not parse these files (absolute path). my @skip_parse_files_abs = ('/proc/kmsg', @@ -96,20 +75,9 @@ Version: $V Options: - --dont-walk= Don't walk tree starting at . - --dont-parse= Don't parse . -d, --debug Display debugging output. -h, --help, --version Display this help and exit. -If an absolute path is passed to --dont_XXX then this path is skipped. If a -single filename is passed then this file/directory will be skipped when -appearing under any subdirectory. - -Example: - - # Just scan dmesg output. - scripts/leaking_addresses.pl --dont_walk_abs /proc --dont_walk_abs /sys - Scans the running (64 bit) kernel for potential leaking addresses. EOM @@ -117,8 +85,6 @@ EOM } GetOptions( - 'dont-walk=s' => \@dont_walk, - 'dont-parse=s' => \@dont_parse, 'd|debug' => \$debug, 'h|help' => \$help, 'version' => \$help @@ -126,8 +92,6 @@ GetOptions( help(0) if ($help); -push_to_global(); - parse_dmesg(); walk(@DIRS); @@ -138,28 +102,6 @@ sub dprint printf(STDERR @_) if $debug; } -sub push_in_abs_any -{ - my ($in, $abs, $any) = @_; - - foreach my $path (@$in) { - if (File::Spec->file_name_is_absolute($path)) { - push @$abs, $path; - } elsif (index($path,'/') == -1) { - push @$any, $path; - } else { - print 'path error: ' . $path; - } - } -} - -# Push command line options to global arrays. -sub push_to_global -{ - push_in_abs_any(\@dont_walk, \@skip_walk_dirs_abs, \@skip_walk_dirs_any); - push_in_abs_any(\@dont_parse, \@skip_parse_files_abs, \@skip_parse_files_any); -} - sub is_false_positive { my ($match) = @_; From patchwork Thu Nov 9 05:09:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 836174 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=tobin.cc header.i=@tobin.cc header.b="hxjN0ADC"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="qh/UuwMN"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3yXWVS5XCkz9s5L for ; Thu, 9 Nov 2017 16:11:44 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751182AbdKIFLa (ORCPT ); Thu, 9 Nov 2017 00:11:30 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:49825 "EHLO out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751351AbdKIFKG (ORCPT ); Thu, 9 Nov 2017 00:10:06 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 3F71920D61; Thu, 9 Nov 2017 00:10:06 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Thu, 09 Nov 2017 00:10:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=uCzOJf186S7AZcoZd sM0sMQp4+swTyk28ShTbN4Coqk=; b=hxjN0ADCtA530E9Etdq0jR1g3qbc9FQJN aMzit+XuZsjgSxyC0kdwoF11NwkebeIhxAJC/OK0U9H/cpx8G8lAjtItX72mEos4 is8Ge0MUmHjvBxOLplQE0MIiTgtgbPu0h6TabKFycFVQF/r1ARhuVDaeespkA5Y0 KVuxElVofldFc0wn8QlzMPGg8YL2VuNpWIvcL4D7gtpbTZmqvCk5ylT9QlTFf6bw k6Fdrl/yEzFqGeIKMJW23p4UUGLeXfrrQIC+VP0RQLnAniWPdGi+0OCh7gVmHkkF E0IwzG7UjcDtBJgMiylFaH3iDzaUd01pJ7i7SJiqcJ7X3lL1Z70pw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=uCzOJf186S7AZcoZdsM0sMQp4+swTyk28ShTbN4Coqk=; b=qh/UuwMN HQRE1LhgOg/OC9pwGelsMEp2th44QIaK0AT3HuwJxk7rP55faAnsfhJqBZ7nCs0x SNJpd460873NVMTAmzAalHLW9eb+YFdI4XaG/mFiqvrVBLn58ZbXC6hggEYnC6pZ WvXN6O5xTiJZPbgCmwt20qwSXwpTkzTngUdR1cgINZ3BIxd3/8X2eci8TQ/RdzBF YpVEtiv6nGUu11V08Z33XEAbbC38aMTMyXG17aZFzkPGu3zm+eepSDU9KEJBqiXB Ly1iDFfU4I/MJm/au8xB7Dkin27lrtXJHP2nceWutWue/3hI1tfA/mXic1/BgsKs AX0UEH4xs8yCNQ== X-ME-Sender: Received: from localhost (124-170-203-151.dyn.iinet.net.au [124.170.203.151]) by mail.messagingengine.com (Postfix) with ESMTPA id 237E5245A8; Thu, 9 Nov 2017 00:10:05 -0500 (EST) From: "Tobin C. Harding" To: Linus Torvalds Cc: "Tobin C. Harding" , "Jason A. Donenfeld" , Theodore Ts'o , Kees Cook , Paolo Bonzini , Tycho Andersen , "Roberts, William C" , Tejun Heo , Jordan Glover , Greg KH , Petr Mladek , Joe Perches , Ian Campbell , Sergey Senozhatsky , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein , Daniel Micay , Djalal Harouni , "Paul E. McKenney" , Andy Lutomirski , Peter Zijlstra , Michael Ellerman , David Miller , Network Development , linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH v2 4/8] scripts/leaking_addresses: fix comment typo Date: Thu, 9 Nov 2017 16:09:31 +1100 Message-Id: <1510204175-10138-5-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510204175-10138-1-git-send-email-me@tobin.cc> References: <1510204175-10138-1-git-send-email-me@tobin.cc> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Fix typo in comment string. Signed-off-by: Tobin C. Harding --- scripts/leaking_addresses.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index 719ed0aaede7..3f8c6e230962 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -40,7 +40,7 @@ my @skip_parse_files_abs = ('/proc/kmsg', '/sys/kernel/debug/tracing/trace_pipe', '/sys/kernel/security/apparmor/revision'); -# Do not parse thes files under any subdirectory. +# Do not parse these files under any subdirectory. my @skip_parse_files_any = ('0', '1', '2', From patchwork Thu Nov 9 05:09:32 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 836173 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=tobin.cc header.i=@tobin.cc header.b="bo+FJIRn"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="byapwC7e"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3yXWTz3JWnz9s5L for ; Thu, 9 Nov 2017 16:11:19 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751479AbdKIFKM (ORCPT ); Thu, 9 Nov 2017 00:10:12 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:37327 "EHLO out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750736AbdKIFKK (ORCPT ); Thu, 9 Nov 2017 00:10:10 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 9445320D0E; Thu, 9 Nov 2017 00:10:09 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Thu, 09 Nov 2017 00:10:09 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=75nD7xszyvi9G5AIe 7SmZBexb/vopdJ+dYF3g8XQDX0=; b=bo+FJIRn8xfm9hy6Pj6JHBv2tbmt72ab+ OFyfuAsWlxH+NRelNuj2ZnN+uoRB0MKlhrKWNbScdlAKW3V3pMO7E3gBZLiCdzMz CqvxKub0ZMRYjD2Xgzu82o93XDjPyTGJ+/L3iPIm3WF8z6XiCr44lXdRLGsz0bBU mmNuzftNwI1MOdlNz2fZR60NO5Hc9sIJRVSrBEbagBb+Bfe4BUlv0zR1ynhb2Ili 289KHpo7D8J44mtXwnnDKWowGP/RfKpWWMlvRugCE5IPeH5KCC/NT4kH0dkO9eTW b8R4x0nh7Hq1QsAUzs7Wu5iAN9r+TUnST5BCRlJKzJ7gTWkJ+DAlA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=75nD7xszyvi9G5AIe7SmZBexb/vopdJ+dYF3g8XQDX0=; b=byapwC7e SgoJVL6JlSPyZAUcXADxN9p3UgMSkEfhsQ2/8o+RcOclu1UNSOgejVj8KbpHei7m 9CeQb2IgIi/t2abNjc2HB1bqm3bQy1NGePWonfGpyXcjT7SRMs46I+3gSELOw3o9 cltM2Hq3LzbLql1a3g+FLLsyXjCAkyEJNGXdadHj2ybtuxkv/WpG2lUOPQFENruZ QCAeKHoYJrIn0vLtZ/nohrJvcB74SkF1y4+GkjZ+h81aKDHSau6FxiXb1Ia+QGiS sReYWAEX4/tFTad7W2x7l511ap3BcH3ZnAwQciW87zKjoY/D0hwvrqt/c2hhUoG+ ZQFP8dsE8dkG6w== X-ME-Sender: Received: from localhost (124-170-203-151.dyn.iinet.net.au [124.170.203.151]) by mail.messagingengine.com (Postfix) with ESMTPA id A2688240A4; Thu, 9 Nov 2017 00:10:08 -0500 (EST) From: "Tobin C. Harding" To: Linus Torvalds Cc: "Tobin C. Harding" , "Jason A. Donenfeld" , Theodore Ts'o , Kees Cook , Paolo Bonzini , Tycho Andersen , "Roberts, William C" , Tejun Heo , Jordan Glover , Greg KH , Petr Mladek , Joe Perches , Ian Campbell , Sergey Senozhatsky , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein , Daniel Micay , Djalal Harouni , "Paul E. McKenney" , Andy Lutomirski , Peter Zijlstra , Michael Ellerman , David Miller , Network Development , linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH v2 5/8] scripts/leaking_addresses: add to exclude files/paths Date: Thu, 9 Nov 2017 16:09:32 +1100 Message-Id: <1510204175-10138-6-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510204175-10138-1-git-send-email-me@tobin.cc> References: <1510204175-10138-1-git-send-email-me@tobin.cc> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org There are a couple more files that cause the script to stall. /sys/firmware/devicetree and its symlink /proc/device-tree, reported by Michael Ellerman. usbmon should be skipped were ever it appears. Reported by Kees Cook Add files to be excluded from parsing. Signed-off-by: Tobin C. Harding --- scripts/leaking_addresses.pl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index 3f8c6e230962..0aac03a020a8 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -37,6 +37,8 @@ my @skip_parse_files_abs = ('/proc/kmsg', '/proc/kcore', '/proc/fs/ext4/sdb1/mb_groups', '/proc/1/fd/3', + '/sys/firmware/devicetree', + '/proc/device-tree', '/sys/kernel/debug/tracing/trace_pipe', '/sys/kernel/security/apparmor/revision'); @@ -61,6 +63,7 @@ my @skip_walk_dirs_any = ('self', 'thread-self', 'cwd', 'fd', + 'usbmon', 'stderr', 'stdin', 'stdout'); From patchwork Thu Nov 9 05:09:33 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 836171 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=tobin.cc header.i=@tobin.cc header.b="DPjORHXU"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="EvPodfUO"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3yXWTK67P4z9sP9 for ; Thu, 9 Nov 2017 16:10:45 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751786AbdKIFKS (ORCPT ); Thu, 9 Nov 2017 00:10:18 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:54393 "EHLO out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750736AbdKIFKN (ORCPT ); Thu, 9 Nov 2017 00:10:13 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id D08D320CB3; Thu, 9 Nov 2017 00:10:12 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Thu, 09 Nov 2017 00:10:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=lkWkBM2uwp/oEqpL2 SGAYOpllDY46GU2lwPSux6yiCo=; b=DPjORHXU84oMhRjvwYg+l/Ss3Y03Iq1hp 2CZC71Ltgv5RzFn6yIt85F7MIPvwkhWNM/1qutvqvhi5+gAx5xcQk4Dj542hR6F2 zvb/1eyPwh/NTAYunwEshNFJdFhzBAYkKxHHdSMUZCBz+EhkIb2trY6vhiGvFmkQ +odSlXzv+GVQyC3hkXeKpEWgxLazduSWDoMcFYynT+p5TxmcwYHaXFVyPckPqSfg oH+xcRytGuYLsr3tO+DIHZ64K8HoBxcjZxj444tpILhIsyJHUJZ7cLj6fDPWb3ck tc0eWXhYygPYtt3CedGIxCdB/jiTvGs8LLHSPy2l1tCNt5H4vjLng== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=lkWkBM2uwp/oEqpL2SGAYOpllDY46GU2lwPSux6yiCo=; b=EvPodfUO Zidfj7K8UGJbeVTmhqWOsTQLuCm5zT4lSB0hpCtIGxyxI/D0ill8yLaJgkeKauQK eD2Lc6kD7U3Wrj3mgmY1rhWFQjqzBUZBzjJBzOIYQRRpMEqC2AbzPpmCo5U5QX57 Z3s22FiOMvgecVqrCRWwYMWY+wvIE1o63I4+i+Axi0OoNu+ua2oHZf6uCLAZFqbr lUAXLw9Ar638iQcblFH+fw3+Eidnnh3xSEprUGKUklGqHlJhRb/Y1o3yFg2wT/mW 0kg4o8aAmuEHhnlPBThDwGK5mbdb0Y1KGI3Pw6+2Fr8jO1v3POa3L4f2uxnP/SQk Hu6iJ/T0ZMy4Kg== X-ME-Sender: Received: from localhost (124-170-203-151.dyn.iinet.net.au [124.170.203.151]) by mail.messagingengine.com (Postfix) with ESMTPA id D4598240A4; Thu, 9 Nov 2017 00:10:11 -0500 (EST) From: "Tobin C. Harding" To: Linus Torvalds Cc: "Tobin C. Harding" , "Jason A. Donenfeld" , Theodore Ts'o , Kees Cook , Paolo Bonzini , Tycho Andersen , "Roberts, William C" , Tejun Heo , Jordan Glover , Greg KH , Petr Mladek , Joe Perches , Ian Campbell , Sergey Senozhatsky , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein , Daniel Micay , Djalal Harouni , "Paul E. McKenney" , Andy Lutomirski , Peter Zijlstra , Michael Ellerman , David Miller , Network Development , linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH v2 6/8] scripts/leaking_addresses: add summary reporting Date: Thu, 9 Nov 2017 16:09:33 +1100 Message-Id: <1510204175-10138-7-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510204175-10138-1-git-send-email-me@tobin.cc> References: <1510204175-10138-1-git-send-email-me@tobin.cc> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Currently script just dumps all results found. Potentially, this risks losing single results among multiple duplicate results. We need some way of restricting duplicates to assist users of the script. It would also be nice if we got a report instead of raw results. Duplicates can be defined in various ways, instead of trying to find a single perfect solution we can present the user with various options to display the output. Doing so will typically lead to users wanting to view the output multiple times. Currently we scan the kernel each time, this is slow and unnecessary. We can expedite the process by writing the results to file for subsequent viewing. Add command line options to enable summary reporting, including options to write to and read from file. Signed-off-by: Tobin C. Harding --- scripts/leaking_addresses.pl | 191 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 188 insertions(+), 3 deletions(-) diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index 0aac03a020a8..4610ad3c80c2 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -31,6 +31,13 @@ my @DIRS = ('/proc', '/sys'); # Command line options. my $help = 0; my $debug = 0; +my $raw = 0; +my $output_raw = ""; # Write raw results to file. +my $input_raw = ""; # Read raw results from file instead of scanning. + +my $suppress_dmesg = 0; # Don't show dmesg in output. +my $squash_by_path = 0; # Summary report grouped by absolute path. +my $squash_by_filename = 0; # Summary report grouped by filename. # Do not parse these files (absolute path). my @skip_parse_files_abs = ('/proc/kmsg', @@ -73,13 +80,31 @@ sub help my ($exitcode) = @_; print << "EOM"; + Usage: $P [OPTIONS] Version: $V Options: - -d, --debug Display debugging output. - -h, --help, --version Display this help and exit. + -o, --output-raw= Save results for future processing. + -i, --input-raw= Read results from file instead of scanning. + --raw Show raw results (default). + --suppress-dmesg Do not show dmesg results. + --squash-by-path Show one result per unique path. + --squash-by-filename Show one result per unique filename. + -d, --debug Display debugging output. + -h, --help, --version Display this help and exit. + +Examples: + + # Scan kernel and dump raw results. + $0 + + # Scan kernel and save results to file. + $0 --output-raw scan.out + + # View summary report. + $0 --input-raw scan.out --squash-by-filename Scans the running (64 bit) kernel for potential leaking addresses. @@ -90,11 +115,33 @@ EOM GetOptions( 'd|debug' => \$debug, 'h|help' => \$help, - 'version' => \$help + 'version' => \$help, + 'o|output-raw=s' => \$output_raw, + 'i|input-raw=s' => \$input_raw, + 'suppress-dmesg' => \$suppress_dmesg, + 'squash-by-path' => \$squash_by_path, + 'squash-by-filename' => \$squash_by_filename, + 'raw' => \$raw, ) or help(1); help(0) if ($help); +if ($input_raw) { + format_output($input_raw); + exit(0); +} + +if (!$input_raw and ($squash_by_path or $squash_by_filename)) { + printf "\nSummary reporting only available with --input-raw=\n"; + printf "(First run scan with --output-raw=.)\n"; + exit(128); +} + +if ($output_raw) { + open my $fh, '>', $output_raw or die "$0: $output_raw: $!\n"; + select $fh; +} + parse_dmesg(); walk(@DIRS); @@ -239,3 +286,141 @@ sub walk } } } + +sub format_output +{ + my ($file) = @_; + + # Default is to show raw results. + if ($raw or (!$squash_by_path and !$squash_by_filename)) { + dump_raw_output($file); + return; + } + + my ($total, $dmesg, $paths, $files) = parse_raw_file($file); + + printf "\nTotal number of results from scan (incl dmesg): %d\n", $total; + + if (!$suppress_dmesg) { + print_dmesg($dmesg); + } + + if ($squash_by_filename) { + squash_by($files, 'filename'); + } + + if ($squash_by_path) { + squash_by($paths, 'path'); + } +} + +sub dump_raw_output +{ + my ($file) = @_; + + open (my $fh, '<', $file) or die "$0: $file: $!\n"; + while (<$fh>) { + if ($suppress_dmesg) { + if ("dmesg:" eq substr($_, 0, 6)) { + next; + } + } + print $_; + } + close $fh; +} + +sub parse_raw_file +{ + my ($file) = @_; + + my $total = 0; # Total number of lines parsed. + my @dmesg; # dmesg output. + my %files; # Unique filenames containing leaks. + my %paths; # Unique paths containing leaks. + + open (my $fh, '<', $file) or die "$0: $file: $!\n"; + while (my $line = <$fh>) { + $total++; + + if ("dmesg:" eq substr($line, 0, 6)) { + push @dmesg, $line; + next; + } + + cache_path(\%paths, $line); + cache_filename(\%files, $line); + } + + return $total, \@dmesg, \%paths, \%files; +} + +sub print_dmesg +{ + my ($dmesg) = @_; + + print "\ndmesg output:\n"; + + if (@$dmesg == 0) { + print "\n"; + return; + } + + foreach(@$dmesg) { + my $index = index($_, ': '); + $index += 2; # skid ': ' + print substr($_, $index); + } +} + +sub squash_by +{ + my ($ref, $desc) = @_; + + print "\nResults squashed by $desc (excl dmesg). "; + print "Displaying [ <$desc>], \n"; + + if (keys %$ref == 0) { + print "\n"; + return; + } + + foreach(keys %$ref) { + my $lines = $ref->{$_}; + my $length = @$lines; + printf "[%d %s] %s", $length, $_, @$lines[0]; + } +} + +sub cache_path +{ + my ($paths, $line) = @_; + + my $index = index($line, ': '); + my $path = substr($line, 0, $index); + + $index += 2; # skip ': ' + add_to_cache($paths, $path, substr($line, $index)); +} + +sub cache_filename +{ + my ($files, $line) = @_; + + my $index = index($line, ': '); + my $path = substr($line, 0, $index); + my $filename = basename($path); + + $index += 2; # skip ': ' + add_to_cache($files, $filename, substr($line, $index)); +} + +sub add_to_cache +{ + my ($cache, $key, $value) = @_; + + if (!$cache->{$key}) { + $cache->{$key} = (); + } + push @{$cache->{$key}}, $value; +} From patchwork Thu Nov 9 05:09:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 836172 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=tobin.cc header.i=@tobin.cc header.b="W7l7vMKk"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="pquIJK9l"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3yXWTr54pLz9s5L for ; Thu, 9 Nov 2017 16:11:12 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752462AbdKIFK4 (ORCPT ); Thu, 9 Nov 2017 00:10:56 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:39965 "EHLO out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751577AbdKIFKQ (ORCPT ); Thu, 9 Nov 2017 00:10:16 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 261B020DBE; Thu, 9 Nov 2017 00:10:16 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Thu, 09 Nov 2017 00:10:16 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=fetdASzV08h0yGSTQ hixCWQOsiy+K9uV+nUueevc0qk=; b=W7l7vMKktIKg7qDE4C1psdJn383og++x1 0HkQpSchBhjSacUD7pAXE5mkyJpe9dUaW07AFTGPcRsotKEE3qMSe7Jj2vJ+j160 Wv66jOhq5IOI9/rvkjGAV7XJbFc02lBPh9paGMv7rph4RcGNcF1+D8T1wRQVyK3D 8B+Y8MWvyf3L1LSWGAHgafb4qeV2pNPLKvakUkETujAUeI1GH/WFVOdo3gqDt5R7 SLqqm98zplTatAsCsMELu+cpZb1Hw6x7omzKy3Rbm5bEOERJreC6DsfgekTNnBHF zHKs7sY8SDu11LIWlgrALeCZBd4XF9SsYyNWc5/nK+cOcAqB8jeVw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=fetdASzV08h0yGSTQhixCWQOsiy+K9uV+nUueevc0qk=; b=pquIJK9l 6mM71xYFQtyP9V2U3UAeA1N89cUGspHWGeQx0UPAzArqiQ6CxMRfQKdbOUAhXEBu 5O3FrMkmPQqYEGZO/bPZrQIWN5Fu5dkFKwFeYM+kyD2BGfdwu3LMfFetiskzSS1c bXR/piE+fS3bjeT6rdxRs3kBbrwd7TKn7H07ibyR9k9MJzFn/nYKtXoxfefmsQ7i GzT4NYmPobZIO30bwl2fxw8CAThSSfIuqukC4uHiZykGXBipR54OOzp9/BKRWhpJ lGUgKHjXS0y+ywM0IPuNVgM7j76ZUyYdJXy2AK8MT6AI89CjpWgwQDjyNwEXPQAE Byofd+u69piXig== X-ME-Sender: Received: from localhost (124-170-203-151.dyn.iinet.net.au [124.170.203.151]) by mail.messagingengine.com (Postfix) with ESMTPA id 1BC1E240A4; Thu, 9 Nov 2017 00:10:15 -0500 (EST) From: "Tobin C. Harding" To: Linus Torvalds Cc: "Tobin C. Harding" , "Jason A. Donenfeld" , Theodore Ts'o , Kees Cook , Paolo Bonzini , Tycho Andersen , "Roberts, William C" , Tejun Heo , Jordan Glover , Greg KH , Petr Mladek , Joe Perches , Ian Campbell , Sergey Senozhatsky , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein , Daniel Micay , Djalal Harouni , "Paul E. McKenney" , Andy Lutomirski , Peter Zijlstra , Michael Ellerman , David Miller , Network Development , linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH v2 7/8] scripts/leaking_addresses: add support for ppc64 Date: Thu, 9 Nov 2017 16:09:34 +1100 Message-Id: <1510204175-10138-8-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510204175-10138-1-git-send-email-me@tobin.cc> References: <1510204175-10138-1-git-send-email-me@tobin.cc> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Currently script is targeted at x86_64. We can support other architectures by using the correct regular expressions for each architecture. Add the infrastructure to support multiple architectures. Add support for ppc64. Signed-off-by: Tobin C. Harding --- scripts/leaking_addresses.pl | 66 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 60 insertions(+), 6 deletions(-) diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index 4610ad3c80c2..1d6ab7f1b10c 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -21,6 +21,7 @@ use File::Spec; use Cwd 'abs_path'; use Term::ANSIColor qw(:constants); use Getopt::Long qw(:config no_auto_abbrev); +use Config; my $P = $0; my $V = '0.01'; @@ -28,6 +29,11 @@ my $V = '0.01'; # Directories to scan. my @DIRS = ('/proc', '/sys'); +# Script can only grep for kernel addresses on the following architectures. If +# your architecture is not listed here and has a grep'able kernel address please +# consider submitting a patch. +my @SUPPORTED_ARCHITECTURES = ('x86_64', 'ppc64'); + # Command line options. my $help = 0; my $debug = 0; @@ -137,6 +143,20 @@ if (!$input_raw and ($squash_by_path or $squash_by_filename)) { exit(128); } +if (!is_supported_architecture()) { + printf "\nScript does not support your architecture, sorry.\n"; + printf "\nCurrently we support: \n\n"; + foreach(@SUPPORTED_ARCHITECTURES) { + printf "\t%s\n", $_; + } + + my $archname = $Config{archname}; + printf "\n\$ perl -MConfig -e \'print \"\$Config{archname}\\n\"\'\n"; + printf "%s\n", $archname; + + exit(129); +} + if ($output_raw) { open my $fh, '>', $output_raw or die "$0: $output_raw: $!\n"; select $fh; @@ -152,6 +172,31 @@ sub dprint printf(STDERR @_) if $debug; } +sub is_supported_architecture +{ + return (is_x86_64() or is_ppc64()); +} + +sub is_x86_64 +{ + my $archname = $Config{archname}; + + if ($archname =~ m/x86_64/) { + return 1; + } + return 0; +} + +sub is_ppc64 +{ + my $archname = $Config{archname}; + + if ($archname =~ m/powerpc/ and $archname =~ m/64/) { + return 1; + } + return 0; +} + sub is_false_positive { my ($match) = @_; @@ -161,10 +206,12 @@ sub is_false_positive return 1; } - - if ($match =~ '\bf{10}600000\b' or# vsyscall memory region, we should probably check against a range here. - $match =~ '\bf{10}601000\b') { - return 1; + if (is_x86_64) { + # vsyscall memory region, we should probably check against a range here. + if ($match =~ '\bf{10}600000\b' or + $match =~ '\bf{10}601000\b') { + return 1; + } } return 0; @@ -174,7 +221,7 @@ sub is_false_positive sub may_leak_address { my ($line) = @_; - my $address = '\b(0x)?ffff[[:xdigit:]]{12}\b'; + my $address_re; # Signal masks. if ($line =~ '^SigBlk:' or @@ -187,7 +234,14 @@ sub may_leak_address return 0; } - while (/($address)/g) { + # One of these is guaranteed to be true. + if (is_x86_64()) { + $address_re = '\b(0x)?ffff[[:xdigit:]]{12}\b'; + } elsif (is_ppc64()) { + $address_re = '\b(0x)?[89abcdef]00[[:xdigit:]]{13}\b'; + } + + while (/($address_re)/g) { if (!is_false_positive($1)) { return 1; } From patchwork Thu Nov 9 05:09:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 836170 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=tobin.cc header.i=@tobin.cc header.b="FiBlxMlD"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="GZizkP1I"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3yXWT71m8cz9sNc for ; Thu, 9 Nov 2017 16:10:35 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752284AbdKIFKY (ORCPT ); Thu, 9 Nov 2017 00:10:24 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:48899 "EHLO out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751093AbdKIFKU (ORCPT ); Thu, 9 Nov 2017 00:10:20 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id CF2CF20D06; Thu, 9 Nov 2017 00:10:19 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Thu, 09 Nov 2017 00:10:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=QPkr2cRVwxXCZwazm sALfESR/4gZE3z1s6NChZjZWyk=; b=FiBlxMlD8HsRA2dFciIgsMp1sQx2R3URB WyhmaAHxTJLM51/H6I9wVWwD3x0fagic+hBr1SDlOvvz6+qi39PcjtCSqSNs8CkN O3VC4uwfKhWQovEUI9qS+mgF8BWeXfi53rG88VzZ1QgvPY8fkSK31kCDCxROniK2 OwI3V1EFJmTP4UXl5nPzPd8HvGJ5yYjBM//XTsOG4Cvu6asj0lcL7LOXctiP4ad5 VSBcf/ymqAPVp5KhgAglGEt2HZ/0QNVrdWP0vup7yeabc0SzIJSfoo/Jfaupe4N1 FnE0aAAp3/uKhnBpsM9ygtQJSihRIUo/ZyTYbBI+5MB4dZ2yfKiXg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=QPkr2cRVwxXCZwazmsALfESR/4gZE3z1s6NChZjZWyk=; b=GZizkP1I 6+txmCcxJRrNXShW4PzpCstTHiEFq41BLtQOqykHSfQb0/V8GRz+Z+sHo0IeH/T9 YhwIOLM6HvFVLH8YJegXRvx6qEm/uBoZZUO/6h+vepwFmzzaj09/OnuPw83hDQZV Hn1ojipS6b6Z33AbGi46lRwNhQ8Pv7c1YPU88opf9Qnzu6ZNEGjzbMX0h9iBpeV/ 3Fsz0WdQiHqGu7Fh4nnyTFqc6OWFLeRy41TPW4FfP52iPbaRJUrS4DFBTt/UGHae 9kBXk9KCmT/oajnnAEkWEVH8+TXOCSwzkysq0y4ZjLBmXeJjQ4+MmPtTcsoSSzEF 5u6176nxLVbZeA== X-ME-Sender: Received: from localhost (124-170-203-151.dyn.iinet.net.au [124.170.203.151]) by mail.messagingengine.com (Postfix) with ESMTPA id A3772240A4; Thu, 9 Nov 2017 00:10:18 -0500 (EST) From: "Tobin C. Harding" To: Linus Torvalds Cc: "Tobin C. Harding" , "Jason A. Donenfeld" , Theodore Ts'o , Kees Cook , Paolo Bonzini , Tycho Andersen , "Roberts, William C" , Tejun Heo , Jordan Glover , Greg KH , Petr Mladek , Joe Perches , Ian Campbell , Sergey Senozhatsky , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein , Daniel Micay , Djalal Harouni , "Paul E. McKenney" , Andy Lutomirski , Peter Zijlstra , Michael Ellerman , David Miller , Network Development , linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH v2 8/8] scripts/leaking_addresses: add timeout on file read Date: Thu, 9 Nov 2017 16:09:35 +1100 Message-Id: <1510204175-10138-9-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510204175-10138-1-git-send-email-me@tobin.cc> References: <1510204175-10138-1-git-send-email-me@tobin.cc> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Currently script can stall if we read certain files (like /proc/kmsg). While we have a mechanism to skip these files once they are discovered it would be nice to not stall on as yet undiscovered files of this kind. Set a timer before each file is parsed, warn user if timer expires. Suggested-by: Kees Cook Signed-off-by: Tobin C. Harding --- scripts/leaking_addresses.pl | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index 1d6ab7f1b10c..6efd1fdb7d25 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -29,6 +29,9 @@ my $V = '0.01'; # Directories to scan. my @DIRS = ('/proc', '/sys'); +# Timer for parsing each file, in seconds. +my $TIMEOUT = 10; + # Script can only grep for kernel addresses on the following architectures. If # your architecture is not listed here and has a grep'able kernel address please # consider submitting a patch. @@ -284,6 +287,23 @@ sub skip_parse return skip($path, \@skip_parse_files_abs, \@skip_parse_files_any); } +sub timed_parse_file +{ + my ($file) = @_; + + eval { + local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required. + alarm $TIMEOUT; + parse_file($file); + alarm 0; + }; + + if ($@) { + die unless $@ eq "alarm\n"; # Propagate unexpected errors. + printf STDERR "timed out parsing: %s\n", $file; + } +} + sub parse_file { my ($file) = @_; @@ -335,7 +355,7 @@ sub walk if (-d $path) { push @dirs, $path; } else { - parse_file($path); + timed_parse_file($path); } } }