From patchwork Thu Nov 9 05:09:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tobin Harding X-Patchwork-Id: 10050125 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B1F79602D7 for ; Thu, 9 Nov 2017 05:11:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9F9B02AA5E for ; Thu, 9 Nov 2017 05:11:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 944332AAEF; Thu, 9 Nov 2017 05:11:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 9C4DF2AA63 for ; Thu, 9 Nov 2017 05:11:27 +0000 (UTC) Received: (qmail 3929 invoked by uid 550); 9 Nov 2017 05:10:33 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 3712 invoked from network); 9 Nov 2017 05:10:31 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=QPkr2cRVwxXCZwazm sALfESR/4gZE3z1s6NChZjZWyk=; b=FiBlxMlD8HsRA2dFciIgsMp1sQx2R3URB WyhmaAHxTJLM51/H6I9wVWwD3x0fagic+hBr1SDlOvvz6+qi39PcjtCSqSNs8CkN O3VC4uwfKhWQovEUI9qS+mgF8BWeXfi53rG88VzZ1QgvPY8fkSK31kCDCxROniK2 OwI3V1EFJmTP4UXl5nPzPd8HvGJ5yYjBM//XTsOG4Cvu6asj0lcL7LOXctiP4ad5 VSBcf/ymqAPVp5KhgAglGEt2HZ/0QNVrdWP0vup7yeabc0SzIJSfoo/Jfaupe4N1 FnE0aAAp3/uKhnBpsM9ygtQJSihRIUo/ZyTYbBI+5MB4dZ2yfKiXg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=QPkr2cRVwxXCZwazmsALfESR/4gZE3z1s6NChZjZWyk=; b=GZizkP1I 6+txmCcxJRrNXShW4PzpCstTHiEFq41BLtQOqykHSfQb0/V8GRz+Z+sHo0IeH/T9 YhwIOLM6HvFVLH8YJegXRvx6qEm/uBoZZUO/6h+vepwFmzzaj09/OnuPw83hDQZV Hn1ojipS6b6Z33AbGi46lRwNhQ8Pv7c1YPU88opf9Qnzu6ZNEGjzbMX0h9iBpeV/ 3Fsz0WdQiHqGu7Fh4nnyTFqc6OWFLeRy41TPW4FfP52iPbaRJUrS4DFBTt/UGHae 9kBXk9KCmT/oajnnAEkWEVH8+TXOCSwzkysq0y4ZjLBmXeJjQ4+MmPtTcsoSSzEF 5u6176nxLVbZeA== X-ME-Sender: From: "Tobin C. Harding" To: Linus Torvalds Cc: "Tobin C. Harding" , "Jason A. Donenfeld" , Theodore Ts'o , Kees Cook , Paolo Bonzini , Tycho Andersen , "Roberts, William C" , Tejun Heo , Jordan Glover , Greg KH , Petr Mladek , Joe Perches , Ian Campbell , Sergey Senozhatsky , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein , Daniel Micay , Djalal Harouni , "Paul E. McKenney" , Andy Lutomirski , Peter Zijlstra , Michael Ellerman , David Miller , Network Development , linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Date: Thu, 9 Nov 2017 16:09:35 +1100 Message-Id: <1510204175-10138-9-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510204175-10138-1-git-send-email-me@tobin.cc> References: <1510204175-10138-1-git-send-email-me@tobin.cc> Subject: [kernel-hardening] [PATCH v2 8/8] scripts/leaking_addresses: add timeout on file read X-Virus-Scanned: ClamAV using ClamSMTP Currently script can stall if we read certain files (like /proc/kmsg). While we have a mechanism to skip these files once they are discovered it would be nice to not stall on as yet undiscovered files of this kind. Set a timer before each file is parsed, warn user if timer expires. Suggested-by: Kees Cook Signed-off-by: Tobin C. Harding --- scripts/leaking_addresses.pl | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index 1d6ab7f1b10c..6efd1fdb7d25 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -29,6 +29,9 @@ my $V = '0.01'; # Directories to scan. my @DIRS = ('/proc', '/sys'); +# Timer for parsing each file, in seconds. +my $TIMEOUT = 10; + # Script can only grep for kernel addresses on the following architectures. If # your architecture is not listed here and has a grep'able kernel address please # consider submitting a patch. @@ -284,6 +287,23 @@ sub skip_parse return skip($path, \@skip_parse_files_abs, \@skip_parse_files_any); } +sub timed_parse_file +{ + my ($file) = @_; + + eval { + local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required. + alarm $TIMEOUT; + parse_file($file); + alarm 0; + }; + + if ($@) { + die unless $@ eq "alarm\n"; # Propagate unexpected errors. + printf STDERR "timed out parsing: %s\n", $file; + } +} + sub parse_file { my ($file) = @_; @@ -335,7 +355,7 @@ sub walk if (-d $path) { push @dirs, $path; } else { - parse_file($path); + timed_parse_file($path); } } }