| Message ID | 20240218173809.work.286-kees@kernel.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-70459-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:693c:2685:b0:108:e6aa:91d0 with SMTP id mn5csp881525dyc;
Sun, 18 Feb 2024 09:38:33 -0800 (PST)
X-Forwarded-Encrypted: i=3;
AJvYcCW6nshjf0HnGOyiuX6uASEgpUVML8gZp0vvEcU6RIyxWdmZUABKOndD/uEuPh0rUMEUceohdS4L1TNHhgrHnanO1bHGxQ==
X-Google-Smtp-Source:
AGHT+IFq85VTbKoOxKFyRHyuDJrTXoXS/IMzMpdYZCWMt06XKMENQVBj8sMbf/OtW0R+UC3oEIew
X-Received: by 2002:a05:6a20:d04a:b0:19e:9873:aa54 with SMTP id
hv10-20020a056a20d04a00b0019e9873aa54mr15711103pzb.58.1708277913177;
Sun, 18 Feb 2024 09:38:33 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1708277913; cv=pass;
d=google.com; s=arc-20160816;
b=TEmxD8icbUjn6glXC0QUlGqxZ4D4v41kSJyxPjrXT2xKVa5Qmc6YH0JIYNkIbab0I7
RCMd3VuWSNeo4sgVLR40LKZVZsQoLjGnHRyTP98aLlPac7ydUTiVGBnE5uKPIUICHqzS
NTAUHcd5kBD7k9NBf0gBbFej1dh/Xnsa3w/qOj3wpiIkT5uz86ILFKsKrp6/k2OJrwQx
W5+hku9A/auhszOCTWMesJjjWvHonYJ4GoFSIds+JpyCYB4PnojEIOjBCkta9L3tniLA
ir/k7OpHLcW72AGs6R0W3j/fBv9hUgMdJGnwtiQJNUCRqm3fBSv0UbBcSY9QcVs5tjys
PFrw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-transfer-encoding:mime-version:list-unsubscribe
:list-subscribe:list-id:precedence:message-id:date:subject:cc:to
:from:dkim-signature;
bh=Hh9EATpmgCzyJUwdSpfM2xdtAniiVIGVgEMoMg2JFk0=;
fh=nR5BfwBKqeaZZs2/HyyDjTPCcBdfQjyYmFtTQ7xV41A=;
b=S5/QDbdrXsIqpf5jZqOm5u1zpPLZxIfm4PvQnWuLk1clSuxVSiJJ8pwQk8a9/mKRWU
1OZgy4/o1/H/N2WqSTfEvUjDdArR96HukkmbcOblQIbJQgrAmsqPdRO7O5u99BvbH1SZ
dYwPn7YsDyJYeQaZ7TMnmTfuXgeEf0Oo+9+GB2ul0WOMP3kprWz4s8reBRlkDxy0kdrB
PzlVVktjnc87qjHm78PGvKn8ABu+IrT/4PK9kqG2gWl+S+bRpbxUlV7sl767Xp2ReMZp
w/Q5WmyLEHLGc+pNcCHNv+hSsLV5t51FwgOypfDbGKomjfdTZyqbz747pNmGxH3QL1WX
IkDQ==;
dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b=ivoiaAYV;
arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass
dkdomain=chromium.org dmarc=pass fromdomain=chromium.org);
spf=pass (google.com: domain of
linux-kernel+bounces-70459-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45e3:2400::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-70459-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org.
[2604:1380:45e3:2400::1])
by mx.google.com with ESMTPS id
c8-20020a17090a558800b0029660751038si3241318pji.79.2024.02.18.09.38.33
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 18 Feb 2024 09:38:33 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-70459-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
dkim=pass header.i=@chromium.org header.s=google header.b=ivoiaAYV;
arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass
dkdomain=chromium.org dmarc=pass fromdomain=chromium.org);
spf=pass (google.com: domain of
linux-kernel+bounces-70459-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45e3:2400::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-70459-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by sv.mirrors.kernel.org (Postfix) with ESMTPS id F10EB2815FA
for <ouuuleilei@gmail.com>; Sun, 18 Feb 2024 17:38:32 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id 39D916F07B;
Sun, 18 Feb 2024 17:38:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org
header.b="ivoiaAYV"
Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com
[209.85.214.172])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6EE4842A96
for <linux-kernel@vger.kernel.org>; Sun, 18 Feb 2024 17:38:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=209.85.214.172
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1708277898; cv=none;
b=byMUMV/+ZtOUTjwbHKQaKdIKWbo6L/wTkJan5I168Ay+X8BrOrIL5jH3+JcntyZXwadukN5AtJ/Uucz5XBCb8eJurNcgEt3xYlAKxn3hH3JYAiO2DN+TF4XP1tMZ3dsOwWEb5GUb8MyxoaPqxXfAzz6wBNk92hwS1pMABYh7h3g=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1708277898; c=relaxed/simple;
bh=fOi63sMG14wosBcU+xQx6Pnzfjt7UBebBFJw8HndHpI=;
h=From:To:Cc:Subject:Date:Message-Id:MIME-Version;
b=kW/LR8E76Nz9GxoDXTihx2eGpQDEqYcSzxzbn+IitmNLEscST6vhstkFTa62oOeQ5T1rs7WdyOKcMHQ6t8j+fJsnatlqVVn1cJ7JI4p1Z0Xwl9ETw+5QZ7neldCca4Qm6ShnIcFKMiQJHyjRHaa3EodKbCkrtSdE0jG5GvVhTYI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=chromium.org;
spf=pass smtp.mailfrom=chromium.org;
dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org
header.b=ivoiaAYV; arc=none smtp.client-ip=209.85.214.172
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=chromium.org
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=chromium.org
Received: by mail-pl1-f172.google.com with SMTP id
d9443c01a7336-1d953fa3286so19920135ad.2
for <linux-kernel@vger.kernel.org>;
Sun, 18 Feb 2024 09:38:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=chromium.org; s=google; t=1708277896; x=1708882696;
darn=vger.kernel.org;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=Hh9EATpmgCzyJUwdSpfM2xdtAniiVIGVgEMoMg2JFk0=;
b=ivoiaAYVOzaieC5nVagJP7XIlISH8ZbXC5Y7LsszclV4Th7DOIj/zdmzci7fZ3sj+G
qrWfqGTUAchMkhrOESgfi8abpm1FsOW3ypCOoi8Rp6Q0pLKc1lSZLXeQwZabao4DuQin
DsxYhRv3h1EWI/TsUUwbiHhPjvHw3RXMb1swI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1708277896; x=1708882696;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=Hh9EATpmgCzyJUwdSpfM2xdtAniiVIGVgEMoMg2JFk0=;
b=kAYRwcA06PNweRnM16Z4YhIi39y4ylg4SZqLk5hEvEdNKuEEqbu8D3iPFWgR7DDZxu
QdD/euD48aWR/C9nOL6E3/MIlLQJ8qkyRhVp8tbAOVm2Sb2SJpLX1uF3D6QKt7g22Wr2
w7ztKEu/JnXjD3vHirlq5t70itUl2cqcceQWXyeIfDEtQY7OeI0mf+fv4/SpSGzuKQIG
hILfavMjzVZqHAeWZB9TPK9N3uOchRWDH18cD6yKUDlvdZqA9IY2c1Le2PFTKov1bTYT
Kl8WIWJJc2kBvsJgHl1eIJYJSitvMDILUmDG7fDEfNM5FvxXyP+kCx/bnGrXea/9xxVv
6lVg==
X-Forwarded-Encrypted: i=1;
AJvYcCU2x3/sgNxyg5CK+YFj/sGghNsSJyea8pdPC4hiLn2z02PMbPStnYzdE8rE6Ymvw9mLQbxMN15c3ERgp+i5kv8uLDVIHTZaMxWzhDC9
X-Gm-Message-State: AOJu0YzhTSxUGuiurBgiC5syCmLV0I6TcjF4JVmrY8d4GvxxcKO84ryR
Hz9AHLuBLCFTJKLiTHKbmYnhxPLVawpTU2a1m8uvb2eVQjZxF6YSv8CnlsmQuWzBJbnKVwhgXzs
=
X-Received: by 2002:a17:902:e5d0:b0:1db:e6f6:e284 with SMTP id
u16-20020a170902e5d000b001dbe6f6e284mr2525345plf.68.1708277895594;
Sun, 18 Feb 2024 09:38:15 -0800 (PST)
Received: from www.outflux.net ([198.0.35.241])
by smtp.gmail.com with ESMTPSA id
h15-20020a170902f7cf00b001db4433ef95sm2895483plw.152.2024.02.18.09.38.14
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 18 Feb 2024 09:38:14 -0800 (PST)
From: Kees Cook <keescook@chromium.org>
To: "Tobin C. Harding" <me@tobin.cc>
Cc: Kees Cook <keescook@chromium.org>,
Tycho Andersen <tycho@tycho.pizza>,
Greg KH <gregkh@linuxfoundation.org>,
Guixiong Wei <guixiongwei@gmail.com>,
linux-hardening@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH] leaking_addresses: Provide mechanism to scan binary files
Date: Sun, 18 Feb 2024 09:38:12 -0800
Message-Id: <20240218173809.work.286-kees@kernel.org>
X-Mailer: git-send-email 2.34.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=3736; i=keescook@chromium.org;
h=from:subject:message-id; bh=fOi63sMG14wosBcU+xQx6Pnzfjt7UBebBFJw8HndHpI=;
b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBl0kCEiQb58OHQzHl2G7UhYX9JgRRCdCZvoZewO
AV2DXHyBLOJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZdJAhAAKCRCJcvTf3G3A
JuVAD/43HbHPxACwrZxImnCyHR2FGGIldZcjwL9rzxA2xEfpQenKFlWdRFW8KBtc1PV3IS5xGVE
eq7/yB1FOlcsrXRFpmAaC7wKVVITm5/8HiPRKuxCEe+Dl19v/bi41bBKibOCxTStMBJXScul3Cz
vAUHiq6GxL/jEQ2nArezBD0VVjHwGbUvMHulFUSvTASAh9E+fPjMPxik5CzMORhxQyiiIk05yYo
ljFQk6sXP8Q+6kupVRVYiqApWYiT7Upb1oDF4kg3hDNVecbz7e/H1tOu70wBGmJ5jpAlwbr4vSb
lhj5UOhJL1611IIKaVF3DAQNhpNhw7kvfzk1pQFiCjQLgg9ZLTMV7BIiPxAs1V7heOePYqSxa72
6XKU4g/oJF+iZrrrvvOT66s/QzgnHOS9vrLT+P4OaY8t7Lhe7uLh5mMnw2Al+mu2D+iOJSwRDqv
LWAS7tterhyusC68jlEKcikaM17g4NyZkdLuqH2Bd6y6pruDx+qvedQveZbKX3P1Jf2lwyp9/5M
UXqyzi7KPwT9nENEMPKt3Ry93nALTRwbMtfp/HRp91yCQDxuXtkzJpYAzwN+e8MQb1rAOQoR8Ac
lklMBifu1KULxvDf7CGaFR9vUix4sBDYJMSisNwimqRPCUPYmjiJ+5DFI/w74nHJnMDXupK/v6N
pbZ541i eDjibwBg==
X-Developer-Key: i=keescook@chromium.org; a=openpgp;
fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Content-Transfer-Encoding: 8bit
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1791259221043246564
X-GMAIL-MSGID: 1791259221043246564
|
| Series |
leaking_addresses: Provide mechanism to scan binary files
|
|
Commit Message
Kees Cook
Feb. 18, 2024, 5:38 p.m. UTC
Introduce --kallsyms argument for scanning binary files for known symbol
addresses. This would have found the exposure in /sys/kernel/notes:
$ scripts/leaking_addresses.pl --kallsyms=<(sudo cat /proc/kallsyms)
/sys/kernel/notes: hypercall_page @ 156
/sys/kernel/notes: xen_hypercall_set_trap_table @ 156
/sys/kernel/notes: startup_xen @ 132
Signed-off-by: Kees Cook <keescook@chromium.org>
---
Cc: "Tobin C. Harding" <me@tobin.cc>
Cc: Tycho Andersen <tycho@tycho.pizza>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Guixiong Wei <guixiongwei@gmail.com>
Cc: linux-hardening@vger.kernel.org
---
scripts/leaking_addresses.pl | 53 ++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
Comments
On Sun, Feb 18, 2024 at 09:38:12AM -0800, Kees Cook wrote: > Introduce --kallsyms argument for scanning binary files for known symbol > addresses. This would have found the exposure in /sys/kernel/notes: > > $ scripts/leaking_addresses.pl --kallsyms=<(sudo cat /proc/kallsyms) > /sys/kernel/notes: hypercall_page @ 156 > /sys/kernel/notes: xen_hypercall_set_trap_table @ 156 > /sys/kernel/notes: startup_xen @ 132 > > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > Cc: "Tobin C. Harding" <me@tobin.cc> > Cc: Tycho Andersen <tycho@tycho.pizza> > Cc: Greg KH <gregkh@linuxfoundation.org> > Cc: Guixiong Wei <guixiongwei@gmail.com> > Cc: linux-hardening@vger.kernel.org > --- > scripts/leaking_addresses.pl | 53 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 53 insertions(+) Nice! Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Hi Kees, On Sun, Feb 18, 2024 at 09:38:12AM -0800, Kees Cook wrote: > Introduce --kallsyms argument for scanning binary files for known symbol > addresses. This would have found the exposure in /sys/kernel/notes: > > $ scripts/leaking_addresses.pl --kallsyms=<(sudo cat /proc/kallsyms) > /sys/kernel/notes: hypercall_page @ 156 > /sys/kernel/notes: xen_hypercall_set_trap_table @ 156 > /sys/kernel/notes: startup_xen @ 132 > > Signed-off-by: Kees Cook <keescook@chromium.org> Patch itself is Reviewed-by: Tycho Andersen <tandersen@netflix.com> And if you can carry it, that would be great (see below :). This does bring up some interesting questions. From off-list discussions with Tobin, I believe he is not particularly interested in maintaining this script any more. I was never set up to do the PRs myself, I agreed to be a reviewer to help Tobin out. I'm happy to adopt it if that makes sense, but I'm curious about the future of the script: 1. is it useful? (seems like yes if you're adding features) 2. does it make sense to live here as a separate thing? should we perhaps run it as part of kselftests or similar? I think that e.g. 681ff0181bbf ("x86/mm/init/32: Stop printing the virtual memory layout") was not discovered with this script, but maybe if we put it inline with some other stuff people regularly run more of these would fall out? Maybe it makes sense to live somewhere else entirely (syzkaller)? I can probably set up some x86/arm64 infra to run it regularly, but that won't catch other less popular arches. 3. perl. I'm mostly not a perl programmer, but would be happy to rewrite it in python pending the outcome of discussion above. Thoughts? Tycho
On Thu, Feb 22, 2024 at 08:24:02AM -0700, Tycho Andersen wrote: > Hi Kees, > > On Sun, Feb 18, 2024 at 09:38:12AM -0800, Kees Cook wrote: > > Introduce --kallsyms argument for scanning binary files for known symbol > > addresses. This would have found the exposure in /sys/kernel/notes: > > > > $ scripts/leaking_addresses.pl --kallsyms=<(sudo cat /proc/kallsyms) > > /sys/kernel/notes: hypercall_page @ 156 > > /sys/kernel/notes: xen_hypercall_set_trap_table @ 156 > > /sys/kernel/notes: startup_xen @ 132 > > > > Signed-off-by: Kees Cook <keescook@chromium.org> > > Patch itself is > > Reviewed-by: Tycho Andersen <tandersen@netflix.com> > > And if you can carry it, that would be great (see below :). Sure! > This does bring up some interesting questions. From off-list > discussions with Tobin, I believe he is not particularly interested in > maintaining this script any more. I was never set up to do the PRs > myself, I agreed to be a reviewer to help Tobin out. I'm happy to > adopt it if that makes sense, but I'm curious about the future of the > script: > > 1. is it useful? (seems like yes if you're adding features) Yes, LKP runs it as part of 0-day, and it's found leaks in the past[1]. (Though its usage could be improved.) > 2. does it make sense to live here as a separate thing? should we > perhaps run it as part of kselftests or similar? I think that e.g. > 681ff0181bbf ("x86/mm/init/32: Stop printing the virtual memory > layout") was not discovered with this script, but maybe if we put it > inline with some other stuff people regularly run more of these would > fall out? Maybe it makes sense to live somewhere else entirely > (syzkaller)? I can probably set up some x86/arm64 infra to run it > regularly, but that won't catch other less popular arches. We could certainly do that. It would need some work to clean it up, though -- it seems like it wasn't designed to run as root (which is how LKP runs it, and likely how at least some CIs would run it). > 3. perl. I'm mostly not a perl programmer, but would be happy to > rewrite it in python pending the outcome of discussion above. I am not a Perl fan either. It does work as-is, though. Address leaks, while worth fixing, are relatively low priority over all, so I wouldn't prioritize a rewrite very highly. -Kees [1] https://lore.kernel.org/all/20210103142726.GC30643@xsang-OptiPlex-9020/
On Thu, Feb 22, 2024 at 01:00:40PM -0800, Kees Cook wrote: > On Thu, Feb 22, 2024 at 08:24:02AM -0700, Tycho Andersen wrote: > > Hi Kees, > > > > On Sun, Feb 18, 2024 at 09:38:12AM -0800, Kees Cook wrote: > > > Introduce --kallsyms argument for scanning binary files for known symbol > > > addresses. This would have found the exposure in /sys/kernel/notes: > > > > > > $ scripts/leaking_addresses.pl --kallsyms=<(sudo cat /proc/kallsyms) > > > /sys/kernel/notes: hypercall_page @ 156 > > > /sys/kernel/notes: xen_hypercall_set_trap_table @ 156 > > > /sys/kernel/notes: startup_xen @ 132 > > > > > > Signed-off-by: Kees Cook <keescook@chromium.org> > > > > Patch itself is > > > > Reviewed-by: Tycho Andersen <tandersen@netflix.com> > > > > And if you can carry it, that would be great (see below :). > > Sure! > > > This does bring up some interesting questions. From off-list > > discussions with Tobin, I believe he is not particularly interested in > > maintaining this script any more. I was never set up to do the PRs > > myself, I agreed to be a reviewer to help Tobin out. I'm happy to > > adopt it if that makes sense, but I'm curious about the future of the > > script: > > > > 1. is it useful? (seems like yes if you're adding features) > > Yes, LKP runs it as part of 0-day, and it's found leaks in the past[1]. > (Though its usage could be improved.) > > > 2. does it make sense to live here as a separate thing? should we > > perhaps run it as part of kselftests or similar? I think that e.g. > > 681ff0181bbf ("x86/mm/init/32: Stop printing the virtual memory > > layout") was not discovered with this script, but maybe if we put it > > inline with some other stuff people regularly run more of these would > > fall out? Maybe it makes sense to live somewhere else entirely > > (syzkaller)? I can probably set up some x86/arm64 infra to run it > > regularly, but that won't catch other less popular arches. > > We could certainly do that. It would need some work to clean it up, > though -- it seems like it wasn't designed to run as root (which is how > LKP runs it, and likely how at least some CIs would run it). This is wrong -- it's not run as root. It was fall over very badly. I'm not sure why the CI output looks strange.
On Thu, Feb 22, 2024 at 01:00:40PM -0800, Kees Cook wrote: > > This does bring up some interesting questions. From off-list > > discussions with Tobin, I believe he is not particularly interested in > > maintaining this script any more. I was never set up to do the PRs > > myself, I agreed to be a reviewer to help Tobin out. I'm happy to > > adopt it if that makes sense, but I'm curious about the future of the > > script: > > > > 1. is it useful? (seems like yes if you're adding features) > > Yes, LKP runs it as part of 0-day, and it's found leaks in the past[1]. > (Though its usage could be improved.) Oh! That is good news :) > > 2. does it make sense to live here as a separate thing? should we > > perhaps run it as part of kselftests or similar? I think that e.g. > > 681ff0181bbf ("x86/mm/init/32: Stop printing the virtual memory > > layout") was not discovered with this script, but maybe if we put it > > inline with some other stuff people regularly run more of these would > > fall out? Maybe it makes sense to live somewhere else entirely > > (syzkaller)? I can probably set up some x86/arm64 infra to run it > > regularly, but that won't catch other less popular arches. > > We could certainly do that. It would need some work to clean it up, > though -- it seems like it wasn't designed to run as root (which is how > LKP runs it, and likely how at least some CIs would run it). > > > 3. perl. I'm mostly not a perl programmer, but would be happy to > > rewrite it in python pending the outcome of discussion above. > > I am not a Perl fan either. It does work as-is, though. Address leaks, > while worth fixing, are relatively low priority over all, so I wouldn't > prioritize a rewrite very highly. Yep, fair enough. Tycho
On Thu, Feb 22, 2024 at 04:49:26PM -0700, Tycho Andersen wrote: > On Thu, Feb 22, 2024 at 01:00:40PM -0800, Kees Cook wrote: > > > This does bring up some interesting questions. From off-list > > > discussions with Tobin, I believe he is not particularly interested in > > > maintaining this script any more. I was never set up to do the PRs > > > myself, I agreed to be a reviewer to help Tobin out. I'm happy to > > > adopt it if that makes sense, but I'm curious about the future of the > > > script: > > > > > > 1. is it useful? (seems like yes if you're adding features) > > > > Yes, LKP runs it as part of 0-day, and it's found leaks in the past[1]. > > (Though its usage could be improved.) > > Oh! That is good news :) > > > > 2. does it make sense to live here as a separate thing? should we > > > perhaps run it as part of kselftests or similar? I think that e.g. > > > 681ff0181bbf ("x86/mm/init/32: Stop printing the virtual memory > > > layout") was not discovered with this script, but maybe if we put it > > > inline with some other stuff people regularly run more of these would > > > fall out? Maybe it makes sense to live somewhere else entirely > > > (syzkaller)? I can probably set up some x86/arm64 infra to run it > > > regularly, but that won't catch other less popular arches. > > > > We could certainly do that. It would need some work to clean it up, > > though -- it seems like it wasn't designed to run as root (which is how > > LKP runs it, and likely how at least some CIs would run it). > > > > > 3. perl. I'm mostly not a perl programmer, but would be happy to > > > rewrite it in python pending the outcome of discussion above. > > > > I am not a Perl fan either. It does work as-is, though. Address leaks, > > while worth fixing, are relatively low priority over all, so I wouldn't > > prioritize a rewrite very highly. > > Yep, fair enough. Thanks for taking this in through your tree Kees! And Tycho for picking up the pieces I dropped :) I can help review a re-write if it helps though I don't write Python daily and I am long way away from kernel work these days so I doubt I'd be all that much help. I originally wrote it in Perl because I figured it would be easier to get past the old guys, six moths later I regretted the decision when I tried to re-read it. Thanks for ping'ing me. All the best, Tobin.
On Thu, Feb 29, 2024 at 03:40:13PM +1100, Tobin Harding wrote: > On Thu, Feb 22, 2024 at 04:49:26PM -0700, Tycho Andersen wrote: > > On Thu, Feb 22, 2024 at 01:00:40PM -0800, Kees Cook wrote: > > > > This does bring up some interesting questions. From off-list > > > > discussions with Tobin, I believe he is not particularly interested in > > > > maintaining this script any more. I was never set up to do the PRs > > > > myself, I agreed to be a reviewer to help Tobin out. I'm happy to > > > > adopt it if that makes sense, but I'm curious about the future of the > > > > script: > > > > > > > > 1. is it useful? (seems like yes if you're adding features) > > > > > > Yes, LKP runs it as part of 0-day, and it's found leaks in the past[1]. > > > (Though its usage could be improved.) > > > > Oh! That is good news :) > > > > > > 2. does it make sense to live here as a separate thing? should we > > > > perhaps run it as part of kselftests or similar? I think that e.g. > > > > 681ff0181bbf ("x86/mm/init/32: Stop printing the virtual memory > > > > layout") was not discovered with this script, but maybe if we put it > > > > inline with some other stuff people regularly run more of these would > > > > fall out? Maybe it makes sense to live somewhere else entirely > > > > (syzkaller)? I can probably set up some x86/arm64 infra to run it > > > > regularly, but that won't catch other less popular arches. > > > > > > We could certainly do that. It would need some work to clean it up, > > > though -- it seems like it wasn't designed to run as root (which is how > > > LKP runs it, and likely how at least some CIs would run it). > > > > > > > 3. perl. I'm mostly not a perl programmer, but would be happy to > > > > rewrite it in python pending the outcome of discussion above. > > > > > > I am not a Perl fan either. It does work as-is, though. Address leaks, > > > while worth fixing, are relatively low priority over all, so I wouldn't > > > prioritize a rewrite very highly. > > > > Yep, fair enough. > > Thanks for taking this in through your tree Kees! And Tycho for > picking up the pieces I dropped :) Hi! You're welcome; I'm glad I have this script to build on! > I can help review a re-write if it helps though I don't write Python > daily and I am long way away from kernel work these days so I doubt > I'd be all that much help. No worries. I suppose we could rewrite it in Rust! :) > I originally wrote it in Perl because I figured it would be easier to > get past the old guys, six moths later I regretted the decision when I > tried to re-read it. > > Thanks for ping'ing me. Good to hear from you! Take care, -Kees
diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index e695634d153d..cbaa17c244cc 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -51,10 +51,13 @@ my $input_raw = ""; # Read raw results from file instead of scanning. my $suppress_dmesg = 0; # Don't show dmesg in output. my $squash_by_path = 0; # Summary report grouped by absolute path. my $squash_by_filename = 0; # Summary report grouped by filename. +my $kallsyms_file = ""; # Kernel symbols file. my $kernel_config_file = ""; # Kernel configuration file. my $opt_32bit = 0; # Scan 32-bit kernel. my $page_offset_32bit = 0; # Page offset for 32-bit kernel. +my @kallsyms = (); + # Skip these absolute paths. my @skip_abs = ( '/proc/kmsg', @@ -95,6 +98,8 @@ Options: --squash-by-path Show one result per unique path. --squash-by-filename Show one result per unique filename. --kernel-config-file=<file> Kernel configuration file (e.g /boot/config) + --kallsyms=<file> Read kernel symbol addresses from file (for + scanning binary files). --32-bit Scan 32-bit kernel. --page-offset-32-bit=o Page offset (for 32-bit kernel 0xABCD1234). -d, --debug Display debugging output. @@ -115,6 +120,7 @@ GetOptions( 'squash-by-path' => \$squash_by_path, 'squash-by-filename' => \$squash_by_filename, 'raw' => \$raw, + 'kallsyms=s' => \$kallsyms_file, 'kernel-config-file=s' => \$kernel_config_file, '32-bit' => \$opt_32bit, 'page-offset-32-bit=o' => \$page_offset_32bit, @@ -155,6 +161,25 @@ if ($output_raw) { select $fh; } +if ($kallsyms_file) { + open my $fh, '<', $kallsyms_file or die "$0: $kallsyms_file: $!\n"; + while (<$fh>) { + chomp; + my @entry = split / /, $_; + my $addr_text = $entry[0]; + # TODO: Why is hex() so impossibly slow? + my $addr = hex($addr_text); + my $symbol = $entry[2]; + # Only keep kernel text addresses. + if ($addr_text !~ /^0/) { + my $long = pack("J", $addr); + my $entry = [$long, $symbol]; + push @kallsyms, $entry; + } + } + close $fh; +} + parse_dmesg(); walk(@DIRS); @@ -442,6 +467,25 @@ sub timed_parse_file } } +sub parse_binary +{ + my ($file) = @_; + + open my $fh, "<:raw", $file or return; + local $/ = undef; + my $bytes = <$fh>; + close $fh; + + foreach my $entry (@kallsyms) { + my $addr = $entry->[0]; + my $symbol = $entry->[1]; + my $offset = index($bytes, $addr); + if ($offset != -1) { + printf("$file: $symbol @ $offset\n"); + } + } +} + sub parse_file { my ($file) = @_; @@ -451,6 +495,15 @@ sub parse_file } if (! -T $file) { + if ($file =~ m|^/sys/kernel/btf/| or + $file =~ m|^/sys/devices/pci| or + $file =~ m|^/sys/firmware/efi/efivars/| or + $file =~ m|^/proc/bus/pci/|) { + return; + } + if (scalar @kallsyms > 0) { + parse_binary($file); + } return; }