Re: [PATCH v4] scripts: add leaking_addresses.pl

From: Kirill A. Shutemov
Date: Sat Nov 11 2017 - 18:10:34 EST

Next message: Guenter Roeck: "Re: [v8, 4/5] x86/xsave: Make XSAVE check the base CPUID features before enabling"
Previous message: Mimi Zohar: "Re: [RFC PATCH v1] fw_lockdown: new micro LSM module to prevent loading unsigned firmware"
Next in thread: Tobin C. Harding: "Re: [PATCH v4] scripts: add leaking_addresses.pl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 07, 2017 at 09:32:11PM +1100, Tobin C. Harding wrote:
> Currently we are leaking addresses from the kernel to user space. This
> script is an attempt to find some of those leakages. Script parses
> `dmesg` output and /proc and /sys files for hex strings that look like
> kernel addresses.
>
> Only works for 64 bit kernels, the reason being that kernel addresses
> on 64 bit kernels have 'ffff' as the leading bit pattern making greping
> possible. On 32 kernels we don't have this luxury.

Well, it's not going to work as well as intented on x86 machine with
5-level paging. Kernel address space there starts at 0xff10000000000000.
It will still catch pointers to kernel/modules text, but the rest is
outside of 0xffff... space. See Documentation/x86/x86_64/mm.txt.

Not sure if we care. It won't work too for other 64-bit architectrues that
have more than 256TB of virtual address space.

Just wanted to point to the limitation.

--
Kirill A. Shutemov

Next message: Guenter Roeck: "Re: [v8, 4/5] x86/xsave: Make XSAVE check the base CPUID features before enabling"
Previous message: Mimi Zohar: "Re: [RFC PATCH v1] fw_lockdown: new micro LSM module to prevent loading unsigned firmware"
Next in thread: Tobin C. Harding: "Re: [PATCH v4] scripts: add leaking_addresses.pl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]