From patchwork Thu Dec 7 04:32:25 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tobin Harding X-Patchwork-Id: 10097617 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 861686056F for ; Thu, 7 Dec 2017 04:33:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 788FF2877E for ; Thu, 7 Dec 2017 04:33:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6D58729026; Thu, 7 Dec 2017 04:33:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 901CF2877E for ; Thu, 7 Dec 2017 04:33:26 +0000 (UTC) Received: (qmail 14335 invoked by uid 550); 7 Dec 2017 04:33:06 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 14187 invoked from network); 7 Dec 2017 04:33:05 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=XC4f5W8LlWlo1YOTZ 7H1x+VEXSAKX8k2l8NuAAto3Lw=; b=e1MRjQXkeURH5wKroYMHK4l9/igIZ6eK2 31/WPhIr5CWPW9PGamR7kM/O/ZAY8mm4uBmPGnsy80GzBFYLgNAVxF7r9sO5e2Mm xPsoqtrrJefOBTnTY8FdYf9zd6Oa75yZDdiyWrJ9wmwqcsV344+NTZUiqx6P9LR4 R1AjMLzPwcfiyz+mS6Mk0U4qLTT3Etd38YsWnVmkPS/GJFY786Su38m/QRo+Juqn Z2/utYuk1KVc5Kvmp229p+OlH66bznYEXhC9kRXqcxHwqO2FN6fC7YmPsqmkN5oK bBHq8PRsSUZhtQaVF3o9h0MPGXeg1VAYs/uo3yTboLCauVyxuEhQA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=XC4f5W8LlWlo1YOTZ7H1x+VEXSAKX8k2l8NuAAto3Lw=; b=LI+Dlg2y uT4l7VIJEpERAXVrv8nw1uyZQfNCoW/VkKndMZay45LYZzYFHv1rmgWcBcOPbr21 144gbU1eD0XqJrTLxaUENn6JLbodcyxiO4FV/vbNZXaH3ke1XScyVySy9uShyule ZM0WWXJdBVuVl8aF6ueQSr52ZGyV3q5hnFohfNBbKDuko4I0h8N4V8VFEWZLm5ee bCwTKRUcQF3brakITjZk9OTvplx/kX97/jJXoTLDKixMEp2H2Mbcp07+Ouq0lDWY YFXghZ+hM9bOIITQ4u6hI7tzRIku5/fE/rfOPtCxyq8R9EClkz/LzYYcrbUQi+QI c/AykhPPFBsoMg== X-ME-Sender: From: "Tobin C. Harding" To: me@tobin.cc, kaiwan.billimoria@gmail.com Cc: "Kirill A. Shutemov" , Alexander Kapshuk , LKML , kernel-hardening@lists.openwall.com Date: Thu, 7 Dec 2017 15:32:25 +1100 Message-Id: <1512621145-4783-6-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512621145-4783-1-git-send-email-me@tobin.cc> References: <1512621145-4783-1-git-send-email-me@tobin.cc> Subject: [kernel-hardening] [PATCH 5/5] leaking_addresses: add support for 5 page table levels X-Virus-Scanned: ClamAV using ClamSMTP Currently script only supports 4 page table levels because of the way the kernel address regular expression is crafted. We can do better than this. Using previously added support for kernel configuration options we can get the number of page table levels defined by CONFIG_PGTABLE_LEVELS. Using this value a correct regular expression can be crafted. This only supports 5 page tables on x86_64. Add support for 5 page table levels on x86_64. Signed-off-by: Tobin C. Harding --- scripts/leaking_addresses.pl | 60 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 53 insertions(+), 7 deletions(-) diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index 892bfe9e01fe..82be5f18ea5f 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -21,6 +21,7 @@ use Term::ANSIColor qw(:constants); use Getopt::Long qw(:config no_auto_abbrev); use Config; use bigint qw/hex/; +use feature 'state'; my $P = $0; my $V = '0.01'; @@ -39,12 +40,14 @@ my @SUPPORTED_ARCHITECTURES = ('x86_64', 'ppc64'); # Command line options. my $help = 0; my $debug = 0; + my $raw = 0; my $output_raw = ""; # Write raw results to file. my $input_raw = ""; # Read raw results from file instead of scanning. my $suppress_dmesg = 0; # Don't show dmesg in output. my $squash_by_path = 0; # Summary report grouped by absolute path. my $squash_by_filename = 0; # Summary report grouped by filename. + my $kernel_config_file = ""; # Kernel configuration file. # Do not parse these files (absolute path). @@ -212,11 +215,13 @@ sub get_kernel_config_option } else { my $file = '/boot/config-' . `uname -r`; + chomp $file; @config_files = ($file, '/boot/config'); } foreach my $file (@config_files) { -# chomp $config_file; + printf("file: %s\n", $file); + $value = option_from_file($option, $file); if ($value ne "") { last; @@ -295,12 +300,8 @@ sub may_leak_address return 0; } - # One of these is guaranteed to be true. - if (is_x86_64()) { - $address_re = '\b(0x)?ffff[[:xdigit:]]{12}\b'; - } elsif (is_ppc64()) { - $address_re = '\b(0x)?[89abcdef]00[[:xdigit:]]{13}\b'; - } + $address_re = get_address_re(); + dprint("Kernel address regular expression: %s\n", $address_re); while (/($address_re)/g) { if (!is_false_positive($1)) { @@ -311,6 +312,51 @@ sub may_leak_address return 0; } +sub get_address_re +{ + my $re; + + if (is_x86_64()) { + $re = get_x86_64_re(); + } elsif (is_ppc64()) { + $re = '\b(0x)?[89abcdef]00[[:xdigit:]]{13}\b'; + } + + if ($re eq "") { + print STDERR "$0: failed to build kernel address regular expression\n"; + } + + return $re; +} + +sub get_x86_64_re +{ + state $ptl = get_page_table_levels(); + my $re; + + if ($ptl == 5) { + $re = '\b(0x)?ff[[:xdigit:]]{14}\b'; + } else { + $re = '\b(0x)?ffff[[:xdigit:]]{12}\b'; + } + + return $re; +} + +sub get_page_table_levels +{ + my $ptl = ""; + my $default_ptl = "4"; + + $ptl = get_kernel_config_option('CONFIG_PGTABLE_LEVELS'); + if ($ptl eq "") { + $ptl = $default_ptl; + printf(STDERR "$0: defaulting to %s page table levels\n", $default_ptl); + } + + return $ptl; +} + sub parse_dmesg { open my $cmd, '-|', 'dmesg';