Re: [PATCH 2/4] leaking_addresses: simplify path skipping

From: Tycho Andersen
Date: Sun Feb 25 2018 - 20:26:53 EST


Hi Tobin,

On Mon, Feb 19, 2018 at 01:50:47PM +1100, Tobin C. Harding wrote:
> -# Do not parse these files under any subdirectory.
> -my @skip_parse_files_any = ('0',
> - '1',
> - '2',
> - 'pagemap',
> - 'events',
> - 'access',
> - 'registers',
> - 'snapshot_raw',
> - 'trace_pipe_raw',
> - 'ptmx',
> - 'trace_pipe');

It might be worth adding 'syscall' here; the pointers listed are user
pointers, and negative syscall args will show up like kernel pointers,
e.g. I get this output, which is spurious:

/proc/31808/syscall: 0 0x3 0x55b107a38180 0x2000 0xffffffffffffffb0 0x55b107a302d0 0x55b107a38180 0x7fffa313b8e8 0x7ff098560d11

Cheers,

Tycho