From patchwork Thu Dec  7 04:32:23 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tobin Harding <me@tobin.cc>
X-Patchwork-Id: 10097609
Return-Path: 
 <kernel-hardening-return-10913-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	34D0A602BF for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu,  7 Dec 2017 04:33:12 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 264B92877E
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu,  7 Dec 2017 04:33:12 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 1A99529026; Thu,  7 Dec 2017 04:33:12 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 5590A2877E
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu,  7 Dec 2017 04:33:11 +0000 (UTC)
Received: (qmail 13583 invoked by uid 550); 7 Dec 2017 04:32:59 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 13411 invoked from network); 7 Dec 2017 04:32:58 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc
	:date:from:in-reply-to:message-id:references:subject:to
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=d7rEEjHi2TB02AMAE
	az4TWg3xv5WkHXMzMTl/yexgFU=; b=rDRhqr2LL4S8hCGrzXH85QIgsgTTyNK3Z
	pTCn9jDrVhDix9+/fobfhn8rxeHmiweG+fVxS0dJS+0z/4kcp9NndRFo8gMAc7Rj
	mFf6uPVqYfVcLdyQwDECPCCIZ2JyQ966Y6lMRebw0U5LJILI/9OrtyUgFJpUcDe0
	N4oz81BAkjEjzZCccxGBpwmkUqyksbLS4UVYGT6JJXHR/IH6JcTydYUgLUvFGLEF
	JqgZGLYYJmqtLkXQ/C2q866fW8/i2R93V3kZ+n4DEB+jbtrmcH9ZixDN65ewGuet
	W9x7cAQrXmu0NQTNrOv2EeX8qK0/KZ78PRhNf4W4n0VMOkSGWTG9w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:date:from:in-reply-to:message-id
	:references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm1; bh=d7rEEjHi2TB02AMAEaz4TWg3xv5WkHXMzMTl/yexgFU=; b=hgyzfoy5
	CzypjoicnJdUReHPE9N+aK+ZTAT14G8qp41EgZ4DyBMWHVcDxCeWlfvaXizZ5ogE
	3CE6GMYegOB+iCdoT9orxDvF/Gxn++GyBtoMUdTfC6lXJjBHKRJdou2rEIIVhBez
	Ivnt3z8ePI9DpmFdK7qMw0wvhTcHEp9EkvVD5COXF9lULaEDrmkWduUuPiVhq2G3
	IGrnjMZWB2plE35MARDk6t0kAsKyCmKR8wOSXRtGNwXj6Tml5bXyCepmV6iIqu3B
	Hd0zMAcoxfdWw8B95RmbxJ1Ja6hVIJJQnMG6jY+KspbML+pwDF/7Y3jds/U5ouZ6
	ObqUSlN1FTUpvQ==
X-ME-Sender: <xms:b8QoWnJ5LLzWfvJZHYkj5tn6l6A1PVLmmu1h7wY0rUlPKgCSJjpqHA>
From: "Tobin C. Harding" <me@tobin.cc>
To: me@tobin.cc,
	kaiwan.billimoria@gmail.com
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>,
	Alexander Kapshuk <alexander.kapshuk@gmail.com>,
	LKML <linux-kernel@vger.kernel.org>, kernel-hardening@lists.openwall.com
Date: Thu,  7 Dec 2017 15:32:23 +1100
Message-Id: <1512621145-4783-4-git-send-email-me@tobin.cc>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1512621145-4783-1-git-send-email-me@tobin.cc>
References: <1512621145-4783-1-git-send-email-me@tobin.cc>
Subject: [kernel-hardening] [PATCH 3/5] leaking_addresses: add range check
	for vsyscall memory
X-Virus-Scanned: ClamAV using ClamSMTP

Currently script checks only first and last address in the vsyscall
memory range. We can do better than this.

When checking for false positives against $match, convert $match to
a hexadecimal value then check if it lies within the range of vsyscall
addresses.

Signed-off-by: Tobin C. Harding <me@tobin.cc>
---
 scripts/leaking_addresses.pl | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl
index 066c609b1adb..cb69ccd4153a 100755
--- a/scripts/leaking_addresses.pl
+++ b/scripts/leaking_addresses.pl
@@ -20,6 +20,7 @@ use Cwd 'abs_path';
 use Term::ANSIColor qw(:constants);
 use Getopt::Long qw(:config no_auto_abbrev);
 use Config;
+use bigint qw/hex/;
 
 my $P = $0;
 my $V = '0.01';
@@ -196,17 +197,24 @@ sub is_false_positive
 		return 1;
 	}
 
-	if (is_x86_64()) {
-		# vsyscall memory region, we should probably check against a range here.
-		if ($match =~ '\bf{10}600000\b' or
-		    $match =~ '\bf{10}601000\b') {
-			return 1;
-		}
+	if (is_x86_64() and is_in_vsyscall_memory_region($match)) {
+		return 1;
 	}
 
 	return 0;
 }
 
+sub is_in_vsyscall_memory_region
+{
+	my ($match) = @_;
+
+	my $hex = hex($match);
+	my $region_min = hex("0xffffffffff600000");
+	my $region_max = hex("0xffffffffff601000");
+
+	return ($hex >= $region_min and $hex <= $region_max);
+}
+
 # True if argument potentially contains a kernel address.
 sub may_leak_address
 {