| Message ID | 1515193172-20279-1-git-send-email-me@tobin.cc (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Fri, Jan 5, 2018 at 2:59 PM, Tobin C. Harding <me@tobin.cc> wrote: > Script currently times out when parsing the following files: > > /proc/kallsyms > /proc/sched_debug > /proc/PID/smaps Seems like kallsyms would be one to absolutely scan... it shouldn't cause hangs either. -Kees > > None of these files leak kernel addresses. We can skip parsing them. > > Add entries to list of files to skip. > > Signed-off-by: Tobin C. Harding <me@tobin.cc> > --- > scripts/leaking_addresses.pl | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl > index ce5d58f3e619..32e2fc9fc8c3 100755 > --- a/scripts/leaking_addresses.pl > +++ b/scripts/leaking_addresses.pl > @@ -58,7 +58,9 @@ my @skip_parse_files_abs = ('/proc/kmsg', > '/sys/firmware/devicetree', > '/proc/device-tree', > '/sys/kernel/debug/tracing/trace_pipe', > - '/sys/kernel/security/apparmor/revision'); > + '/sys/kernel/security/apparmor/revision', > + '/proc/kallsyms', > + '/proc/sched_debug'); > > # Do not parse these files under any subdirectory. > my @skip_parse_files_any = ('0', > @@ -71,7 +73,8 @@ my @skip_parse_files_any = ('0', > 'snapshot_raw', > 'trace_pipe_raw', > 'ptmx', > - 'trace_pipe'); > + 'trace_pipe', > + 'smaps'); > > # Do not walk these directories (absolute path). > my @skip_walk_dirs_abs = (); > -- > 2.7.4 >
On Fri, Jan 05, 2018 at 04:11:07PM -0800, Kees Cook wrote: > On Fri, Jan 5, 2018 at 2:59 PM, Tobin C. Harding <me@tobin.cc> wrote: > > Script currently times out when parsing the following files: > > > > /proc/kallsyms > > /proc/sched_debug > > /proc/PID/smaps > > Seems like kallsyms would be one to absolutely scan... it shouldn't > cause hangs either. Haven't we fixed kallsyms now? Do you mean that we should be checking to see if the scanned kernel has been patched to include the kallsysms fixes in 4.14? If so perhaps we should add functionality to just check the first line for an address and warn if one is found. No real reason to include ever address in kallsyms in the output. Script doesn't hang but it times out with the default timer (10 seconds). thanks, Tobin.
diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index ce5d58f3e619..32e2fc9fc8c3 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -58,7 +58,9 @@ my @skip_parse_files_abs = ('/proc/kmsg', '/sys/firmware/devicetree', '/proc/device-tree', '/sys/kernel/debug/tracing/trace_pipe', - '/sys/kernel/security/apparmor/revision'); + '/sys/kernel/security/apparmor/revision', + '/proc/kallsyms', + '/proc/sched_debug'); # Do not parse these files under any subdirectory. my @skip_parse_files_any = ('0', @@ -71,7 +73,8 @@ my @skip_parse_files_any = ('0', 'snapshot_raw', 'trace_pipe_raw', 'ptmx', - 'trace_pipe'); + 'trace_pipe', + 'smaps'); # Do not walk these directories (absolute path). my @skip_walk_dirs_abs = ();
Script currently times out when parsing the following files: /proc/kallsyms /proc/sched_debug /proc/PID/smaps None of these files leak kernel addresses. We can skip parsing them. Add entries to list of files to skip. Signed-off-by: Tobin C. Harding <me@tobin.cc> --- scripts/leaking_addresses.pl | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)