Re: [PATCH v4] scripts: add leaking_addresses.pl

From: Greg KH
Date: Tue Nov 07 2017 - 05:51:20 EST


On Tue, Nov 07, 2017 at 09:32:11PM +1100, Tobin C. Harding wrote:
> Currently we are leaking addresses from the kernel to user space. This
> script is an attempt to find some of those leakages. Script parses
> `dmesg` output and /proc and /sys files for hex strings that look like
> kernel addresses.
>
> Only works for 64 bit kernels, the reason being that kernel addresses
> on 64 bit kernels have 'ffff' as the leading bit pattern making greping
> possible. On 32 kernels we don't have this luxury.
>
> Scripts is _slightly_ smarter than a straight grep, we check for false
> positives (all 0's or all 1's, and vsyscall start/finish addresses).
>
> Output is saved to file to expedite repeated formatting/viewing of
> output.
>
> Signed-off-by: Tobin C. Harding <me@xxxxxxxx>
> ---
>
> This version outputs a report instead of the raw results by default. Designing
> this proved to be non-trivial, the reason being that it is not immediately clear
> what constitutes a duplicate entry (similar message, address range, same
> file?). Also, the aim of the report is to assist users _not_ missing correct
> results; limiting the output is inherently a trade off between noise and
> correct, clear results.
>
> Without testing on various real kernels its not clear that this reporting is any
> good, my test cases were a bit contrived. Your usage may vary.
>
> It would be super helpful to get some comments from people running this with
> different set ups.
>
> Please feel free to say 'try harder Tobin, this reporting is shit'.
>
> Thanks, appreciate your time,
> Tobin.
>
> v4:
> - Add `scan` and `format` sub-commands.
> - Output report by default.
> - Add command line option to send scan results (to me).

As the script is already in Linus's tree, you might need to send a patch
on top of that, instead of this one, as this one will not apply anymore.

thanks,

greg k-h