From: kaiwan.billimoria@gmail.com
To: me@tobin.cc
Cc: linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com
Subject: [kernel-hardening] [PATCH v1] scripts: leaking_addresses.pl: add support for 32-bit kernel addresses
Date: Tue, 21 Nov 2017 13:28:14 +0530 [thread overview]
Message-ID: <1511251094.25970.18.camel@gmail.com> (raw)
The current leaking_addresses.pl script only supports showing "leaked"
64-bit kernel virtual addresses. This patch adds support for showing
"leaked" 32-bit kernel virtual addresses.
The way it currently works- once it detects we're running on an i'x'86 platform
(where x=3|4|5|6), it takes this arch into account for checking: the essential
rationale:
virt-addr >= PAGE_OFFSET => it's a kernel virtual address.
Note-
1. It's a work in progress; some pending TODOs:
- support for ARM-32
- programatically query and set the PAGE_OFFSET based on arch (it's currently
hard-coded)
2. Minor edit:
the '--raw', '--suppress-dmesg', '--squash-by-path' and
'--squash-by-filename' option switches are only meaningful
when the '----input-raw=' option is used. So, indent the 'Help' screen lines
to reflect the fact.
Feedback welcome..
Signed-off-by: Kaiwan N Billimoria <kaiwan.billimoria@gmail.com>
---
diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl
index bc5788000018..e139de445ad1 100755
--- a/scripts/leaking_addresses.pl
+++ b/scripts/leaking_addresses.pl
@@ -12,7 +12,10 @@
#
# You may like to set kptr_restrict=2 before running script
# (see Documentation/sysctl/kernel.txt).
-
+#
+# 32-bit kernel address support : Kaiwan N Billimoria
+# <kaiwan.billimoria@gmail.com>
+#
use warnings;
use strict;
use POSIX;
@@ -35,7 +38,7 @@ my $TIMEOUT = 10;
# Script can only grep for kernel addresses on the following architectures. If
# your architecture is not listed here and has a grep'able kernel address please
# consider submitting a patch.
-my @SUPPORTED_ARCHITECTURES = ('x86_64', 'ppc64');
+my @SUPPORTED_ARCHITECTURES = ('x86_64', 'ppc64', 'i[3456]86');
# Command line options.
my $help = 0;
@@ -48,6 +51,9 @@ my $suppress_dmesg = 0; # Don't show dmesg in output.
my $squash_by_path = 0; # Summary report grouped by absolute path.
my $squash_by_filename = 0; # Summary report grouped by filename.
+my $bit_size = 64; # Check 64-bit kernel addresses by default
+my $PAGE_OFFSET_32BIT = 0xc0000000;
+
# Do not parse these files (absolute path).
my @skip_parse_files_abs = ('/proc/kmsg',
'/proc/kcore',
@@ -97,10 +103,10 @@ Options:
-o, --output-raw=<file> Save results for future processing.
-i, --input-raw=<file> Read results from file instead of scanning.
- --raw Show raw results (default).
- --suppress-dmesg Do not show dmesg results.
- --squash-by-path Show one result per unique path.
- --squash-by-filename Show one result per unique filename.
+ --raw Show raw results (default).
+ --suppress-dmesg Do not show dmesg results.
+ --squash-by-path Show one result per unique path.
+ --squash-by-filename Show one result per unique filename.
-d, --debug Display debugging output.
-h, --help, --version Display this help and exit.
@@ -177,7 +183,7 @@ sub dprint
sub is_supported_architecture
{
- return (is_x86_64() or is_ppc64());
+ return (is_x86_64() or is_ppc64() or is_ix86_32());
}
sub is_x86_64
@@ -185,6 +191,7 @@ sub is_x86_64
my $archname = $Config{archname};
if ($archname =~ m/x86_64/) {
+ $bit_size=64;
return 1;
}
return 0;
@@ -195,6 +202,19 @@ sub is_ppc64
my $archname = $Config{archname};
if ($archname =~ m/powerpc/ and $archname =~ m/64/) {
+ $bit_size=64;
+ return 1;
+ }
+ return 0;
+}
+
+# 32-bit x86: is_i'x'86_32() ; where x is [3 or 4 or 5 or 6]
+sub is_ix86_32
+{
+ my $archname = $Config{archname};
+
+ if ($archname =~ m/i[3456]86-linux/) {
+ $bit_size=32;
return 1;
}
return 0;
@@ -215,6 +235,15 @@ sub is_false_positive
$match =~ '\bf{10}601000\b') {
return 1;
}
+ } elsif ($bit_size == 32) {
+ my $addr32 = eval hex($match);
+ if ($addr32 < $PAGE_OFFSET_32BIT ) {
+ return 1;
+ }
+ if ($match =~ '\b(0x)?(f|F){8}\b') {
+ return 1;
+ }
}
return 0;
@@ -243,6 +272,8 @@ sub may_leak_address
$address_re = '\b(0x)?ffff[[:xdigit:]]{12}\b';
} elsif (is_ppc64()) {
$address_re = '\b(0x)?[89abcdef]00[[:xdigit:]]{13}\b';
+ } elsif (is_ix86_32()) {
+ $address_re = '\b(0x)?[[:xdigit:]]{8}\b';
}
while (/($address_re)/g) {
WARNING: multiple messages have this Message-ID (diff)
From: kaiwan.billimoria@gmail.com
To: me@tobin.cc
Cc: linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com
Subject: [PATCH v1] scripts: leaking_addresses.pl: add support for 32-bit kernel addresses
Date: Tue, 21 Nov 2017 13:28:14 +0530 [thread overview]
Message-ID: <1511251094.25970.18.camel@gmail.com> (raw)
The current leaking_addresses.pl script only supports showing "leaked"
64-bit kernel virtual addresses. This patch adds support for showing
"leaked" 32-bit kernel virtual addresses.
The way it currently works- once it detects we're running on an i'x'86 platform
(where x=3|4|5|6), it takes this arch into account for checking: the essential
rationale:
virt-addr >= PAGE_OFFSET => it's a kernel virtual address.
Note-
1. It's a work in progress; some pending TODOs:
- support for ARM-32
- programatically query and set the PAGE_OFFSET based on arch (it's currently
hard-coded)
2. Minor edit:
the '--raw', '--suppress-dmesg', '--squash-by-path' and
'--squash-by-filename' option switches are only meaningful
when the '----input-raw=' option is used. So, indent the 'Help' screen lines
to reflect the fact.
Feedback welcome..
Signed-off-by: Kaiwan N Billimoria <kaiwan.billimoria@gmail.com>
---
diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl
index bc5788000018..e139de445ad1 100755
--- a/scripts/leaking_addresses.pl
+++ b/scripts/leaking_addresses.pl
@@ -12,7 +12,10 @@
#
# You may like to set kptr_restrict=2 before running script
# (see Documentation/sysctl/kernel.txt).
-
+#
+# 32-bit kernel address support : Kaiwan N Billimoria
+# <kaiwan.billimoria@gmail.com>
+#
use warnings;
use strict;
use POSIX;
@@ -35,7 +38,7 @@ my $TIMEOUT = 10;
# Script can only grep for kernel addresses on the following architectures. If
# your architecture is not listed here and has a grep'able kernel address please
# consider submitting a patch.
-my @SUPPORTED_ARCHITECTURES = ('x86_64', 'ppc64');
+my @SUPPORTED_ARCHITECTURES = ('x86_64', 'ppc64', 'i[3456]86');
# Command line options.
my $help = 0;
@@ -48,6 +51,9 @@ my $suppress_dmesg = 0; # Don't show dmesg in output.
my $squash_by_path = 0; # Summary report grouped by absolute path.
my $squash_by_filename = 0; # Summary report grouped by filename.
+my $bit_size = 64; # Check 64-bit kernel addresses by default
+my $PAGE_OFFSET_32BIT = 0xc0000000;
+
# Do not parse these files (absolute path).
my @skip_parse_files_abs = ('/proc/kmsg',
'/proc/kcore',
@@ -97,10 +103,10 @@ Options:
-o, --output-raw=<file> Save results for future processing.
-i, --input-raw=<file> Read results from file instead of scanning.
- --raw Show raw results (default).
- --suppress-dmesg Do not show dmesg results.
- --squash-by-path Show one result per unique path.
- --squash-by-filename Show one result per unique filename.
+ --raw Show raw results (default).
+ --suppress-dmesg Do not show dmesg results.
+ --squash-by-path Show one result per unique path.
+ --squash-by-filename Show one result per unique filename.
-d, --debug Display debugging output.
-h, --help, --version Display this help and exit.
@@ -177,7 +183,7 @@ sub dprint
sub is_supported_architecture
{
- return (is_x86_64() or is_ppc64());
+ return (is_x86_64() or is_ppc64() or is_ix86_32());
}
sub is_x86_64
@@ -185,6 +191,7 @@ sub is_x86_64
my $archname = $Config{archname};
if ($archname =~ m/x86_64/) {
+ $bit_size=64;
return 1;
}
return 0;
@@ -195,6 +202,19 @@ sub is_ppc64
my $archname = $Config{archname};
if ($archname =~ m/powerpc/ and $archname =~ m/64/) {
+ $bit_size=64;
+ return 1;
+ }
+ return 0;
+}
+
+# 32-bit x86: is_i'x'86_32() ; where x is [3 or 4 or 5 or 6]
+sub is_ix86_32
+{
+ my $archname = $Config{archname};
+
+ if ($archname =~ m/i[3456]86-linux/) {
+ $bit_size=32;
return 1;
}
return 0;
@@ -215,6 +235,15 @@ sub is_false_positive
$match =~ '\bf{10}601000\b') {
return 1;
}
+ } elsif ($bit_size == 32) {
+ my $addr32 = eval hex($match);
+ if ($addr32 < $PAGE_OFFSET_32BIT ) {
+ return 1;
+ }
+ if ($match =~ '\b(0x)?(f|F){8}\b') {
+ return 1;
+ }
}
return 0;
@@ -243,6 +272,8 @@ sub may_leak_address
$address_re = '\b(0x)?ffff[[:xdigit:]]{12}\b';
} elsif (is_ppc64()) {
$address_re = '\b(0x)?[89abcdef]00[[:xdigit:]]{13}\b';
+ } elsif (is_ix86_32()) {
+ $address_re = '\b(0x)?[[:xdigit:]]{8}\b';
}
while (/($address_re)/g) {
next reply other threads:[~2017-11-21 7:58 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-21 7:58 kaiwan.billimoria [this message]
2017-11-21 7:58 ` [PATCH v1] scripts: leaking_addresses.pl: add support for 32-bit kernel addresses kaiwan.billimoria
2017-11-21 23:59 ` [kernel-hardening] " Tobin C. Harding
2017-11-21 23:59 ` Tobin C. Harding
2017-11-22 6:11 ` [kernel-hardening] " Kaiwan N Billimoria
2017-11-22 6:11 ` Kaiwan N Billimoria
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1511251094.25970.18.camel@gmail.com \
--to=kaiwan.billimoria@gmail.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=me@tobin.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.