linux.git/scripts/leaking_addresses.pl, branch v6.12.80 Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git leaking_addresses: Provide mechanism to scan binary files 2024-02-29T21:38:03+00:00 Kees Cook keescook@chromium.org 2024-02-22T22:00:51+00:00 67bbd2f00735d7f5ad6c3d08eff6c5403c3a9c33 Introduce --kallsyms argument for scanning binary files for known symbol addresses. This would have found the exposure in /sys/kernel/notes: $ scripts/leaking_addresses.pl --kallsyms=<(sudo cat /proc/kallsyms) /sys/kernel/notes: hypercall_page @ 156 /sys/kernel/notes: xen_hypercall_set_trap_table @ 156 /sys/kernel/notes: startup_xen @ 132 Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Tycho Andersen <tandersen@netflix.com> Link: https://lore.kernel.org/r/20240222220053.1475824-4-keescook@chromium.org Signed-off-by: Kees Cook <keescook@chromium.org> 
Introduce --kallsyms argument for scanning binary files for known symbol
addresses. This would have found the exposure in /sys/kernel/notes:

$ scripts/leaking_addresses.pl --kallsyms=<(sudo cat /proc/kallsyms)
/sys/kernel/notes: hypercall_page @ 156
/sys/kernel/notes: xen_hypercall_set_trap_table @ 156
/sys/kernel/notes: startup_xen @ 132

Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Tycho Andersen <tandersen@netflix.com>
Link: https://lore.kernel.org/r/20240222220053.1475824-4-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
leaking_addresses: Ignore input device status lines 2024-02-29T21:38:03+00:00 Kees Cook keescook@chromium.org 2024-02-22T22:00:50+00:00 3e389d457badb1dc07f9fb3197bd7cb5c2833e36 These are false positives from the input subsystem: /proc/bus/input/devices: B: KEY=402000000 3803078f800d001 feffffdfffefffff fffffffffffffffe /sys/devices/platform/i8042/serio0/input/input1/uevent: KEY=402000000 3803078f800d001 feffffdfffefffff fffffffffffffffe /sys/devices/platform/i8042/serio0/input/input1/capabilities/key: 402000000 3803078f800d001 feffffdf Pass in the filename for more context and expand the "ignored pattern" matcher to notice these. Reviewed-by: Tycho Andersen <tandersen@netflix.com> Link: https://lore.kernel.org/r/20240222220053.1475824-3-keescook@chromium.org Signed-off-by: Kees Cook <keescook@chromium.org> 
These are false positives from the input subsystem:

/proc/bus/input/devices: B: KEY=402000000 3803078f800d001 feffffdfffefffff fffffffffffffffe
/sys/devices/platform/i8042/serio0/input/input1/uevent: KEY=402000000 3803078f800d001 feffffdfffefffff fffffffffffffffe
/sys/devices/platform/i8042/serio0/input/input1/capabilities/key: 402000000 3803078f800d001 feffffdf

Pass in the filename for more context and expand the "ignored pattern"
matcher to notice these.

Reviewed-by: Tycho Andersen <tandersen@netflix.com>
Link: https://lore.kernel.org/r/20240222220053.1475824-3-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
leaking_addresses: Use File::Temp for /tmp files 2024-02-29T21:38:02+00:00 Kees Cook keescook@chromium.org 2024-02-22T22:00:49+00:00 1b1bcbf454f8e422c1e8e36bb21d726c39833576 Instead of using a statically named path in /tmp, use File::Temp to create (and remove) the temporary file used for parsing /proc/config.gz. Reviewed-by: Tycho Andersen <tandersen@netflix.com> Link: https://lore.kernel.org/r/20240222220053.1475824-2-keescook@chromium.org Signed-off-by: Kees Cook <keescook@chromium.org> 
Instead of using a statically named path in /tmp, use File::Temp to create
(and remove) the temporary file used for parsing /proc/config.gz.

Reviewed-by: Tycho Andersen <tandersen@netflix.com>
Link: https://lore.kernel.org/r/20240222220053.1475824-2-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
leaking_addresses: also skip canonical ftrace path 2023-03-29T10:52:08+00:00 Ross Zwisler zwisler@google.com 2023-03-13T21:17:44+00:00 d1c27c55427e3fe54c1bc22bd4d40fc21ff5406c The canonical location for the tracefs filesystem is at /sys/kernel/tracing. But, from Documentation/trace/ftrace.rst: Before 4.1, all ftrace tracing control files were within the debugfs file system, which is typically located at /sys/kernel/debug/tracing. For backward compatibility, when mounting the debugfs file system, the tracefs file system will be automatically mounted at: /sys/kernel/debug/tracing scripts/leaking_addresses.pl only skipped this older debugfs path, so let's add the canonical path as well. Link: https://lkml.kernel.org/r/20230313211746.1541525-2-zwisler@kernel.org Cc: "Tobin C. Harding" <me@tobin.cc> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Shuah Khan <shuah@kernel.org> Acked-by: Tycho Andersen <tycho@tycho.pizza> Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Ross Zwisler <zwisler@google.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> 
The canonical location for the tracefs filesystem is at /sys/kernel/tracing.

But, from Documentation/trace/ftrace.rst:

  Before 4.1, all ftrace tracing control files were within the debugfs
  file system, which is typically located at /sys/kernel/debug/tracing.
  For backward compatibility, when mounting the debugfs file system,
  the tracefs file system will be automatically mounted at:

  /sys/kernel/debug/tracing

scripts/leaking_addresses.pl only skipped this older debugfs path, so
let's add the canonical path as well.

Link: https://lkml.kernel.org/r/20230313211746.1541525-2-zwisler@kernel.org

Cc: "Tobin C. Harding" <me@tobin.cc>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Shuah Khan <shuah@kernel.org>
Acked-by: Tycho Andersen <tycho@tycho.pizza>
Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Ross Zwisler <zwisler@google.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
leaking_addresses: Always print a trailing newline 2021-10-15T09:25:13+00:00 Kees Cook keescook@chromium.org 2021-09-29T22:02:18+00:00 cf2a85efdade117e2169d6e26641016cbbf03ef0 For files that lack trailing newlines and match a leaking address (e.g. wchan[1]), the leaking_addresses.pl report would run together with the next line, making things look corrupted. Unconditionally remove the newline on input, and write it back out on output. [1] https://lore.kernel.org/all/20210103142726.GC30643@xsang-OptiPlex-9020/ Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/20211008111626.151570317@infradead.org 
For files that lack trailing newlines and match a leaking address (e.g.
wchan[1]), the leaking_addresses.pl report would run together with the
next line, making things look corrupted.

Unconditionally remove the newline on input, and write it back out on
output.

[1] https://lore.kernel.org/all/20210103142726.GC30643@xsang-OptiPlex-9020/

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20211008111626.151570317@infradead.org
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 166 2019-05-30T18:26:39+00:00 Thomas Gleixner tglx@linutronix.de 2019-05-27T06:55:14+00:00 4f19048fd0a0036e02443237952db5bfa5b5cdf0 Based on 1 normalized pattern(s): licensed under the terms of the gnu gpl license version 2 extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 62 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Richard Fontana <rfontana@redhat.com> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190527070033.929121379@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Based on 1 normalized pattern(s):

  licensed under the terms of the gnu gpl license version 2

extracted by the scancode license scanner the SPDX license identifier

  GPL-2.0-only

has been chosen to replace the boilerplate/reference in 62 file(s).

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Allison Randal <allison@lohutok.net>
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Richard Fontana <rfontana@redhat.com>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190527070033.929121379@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
leaking_addresses: Completely remove --version flag 2019-03-06T21:53:18+00:00 Tobin C. Harding tobin@kernel.org 2018-10-23T00:37:02+00:00 9ac060a708e054233265f8febfcef009ac3da826 Recently attempt to remove the '--version' flag was made, badly. We failed to remove mention of it from the help output. And we (me) failed to actually remove the flag from the options list. _Completely_ remove --version flag. 
Recently attempt to remove the '--version' flag was made, badly.  We
failed to remove mention of it from the help output.  And we (me) failed
to actually remove the flag from the options list.

_Completely_ remove --version flag.
leaking_addresses: Fix calls to dprint 2019-03-06T21:53:18+00:00 Tobin C. Harding tobin@kernel.org 2018-10-22T23:51:08+00:00 0f2994333315f004265571eab787474b73d72ed6 Currently calls to function dprint() are non uniform and at times incorrect. Use uniform _correct_ call to function dprint(). Signed-off-by: Tobin C. Harding <tobin@kernel.org> 
Currently calls to function dprint() are non uniform and at times
incorrect.

Use uniform _correct_ call to function dprint().

Signed-off-by: Tobin C. Harding <tobin@kernel.org>
leaking_addresses: check if file name contains address 2018-04-06T22:50:34+00:00 Tobin C. Harding me@tobin.cc 2018-03-01T21:49:55+00:00 c73dff595f259736a90f52b38cf5798abeae4a3c Sometimes files may be created by using output from printk. As the scan traverses the directory tree we should parse each path name and check if it is leaking an address. Add check for leaking address on each path name. Suggested-by: Tycho Andersen <tycho@tycho.ws> Acked-by: Tycho Andersen <tycho@tycho.ws> Signed-off-by: Tobin C. Harding <me@tobin.cc> 
Sometimes files may be created by using output from printk.  As the scan
traverses the directory tree we should parse each path name and check if
it is leaking an address.

Add check for leaking address on each path name.

Suggested-by: Tycho Andersen <tycho@tycho.ws>
Acked-by: Tycho Andersen <tycho@tycho.ws>
Signed-off-by: Tobin C. Harding <me@tobin.cc>
leaking_addresses: explicitly name variable used in regex 2018-04-06T22:50:34+00:00 Tobin C. Harding me@tobin.cc 2018-03-01T21:42:59+00:00 2306a67745ebdf3f98bc954248b74a3f1d57cdc2 Currently sub routine may_leak_address() is checking regex against Perl special variable $_ which is _fortunately_ being set correctly in a loop before this sub routine is called. We already have declared a variable to hold this value '$line' we should use it. Use $line in regex match instead of implicit $_ Signed-off-by: Tobin C. Harding <me@tobin.cc> 
Currently sub routine may_leak_address() is checking regex against Perl
special variable $_ which is _fortunately_ being set correctly in a loop
before this sub routine is called.  We already have declared a variable
to hold this value '$line' we should use it.

Use $line in regex match instead of implicit $_

Signed-off-by: Tobin C. Harding <me@tobin.cc>