ÿØÿà JFIF    ÿÛ „  ( %"1!%)+...383,7(-.+  -+++--++++---+-+-----+---------------+---+-++7-----ÿÀ  ß â" ÿÄ     ÿÄ H    !1AQaq"‘¡2B±ÁÑð#R“Ò Tbr‚²á3csƒ’ÂñDS¢³$CÿÄ   ÿÄ %  !1AQa"23‘ÿÚ   ? ôÿ ¨pŸªáÿ —åYõõ\?àÒü©ŠÄï¨pŸªáÿ —åYõõ\?àÓü©ŠÄá 0Ÿªáÿ Ÿå[úƒ ú®ði~TÁbqÐ8OÕpÿ ƒOò¤Oè`–RÂáœá™êi€ßÉ< FtŸI“öÌ8úDf´°å}“¾œ6  öFá°y¥jñÇh†ˆ¢ã/ÃÐ:ªcÈ "Y¡ðÑl>ÿ ”ÏËte:qž\oäŠe÷󲍷˜HT4&ÿ ÓÐü6ö®¿øþßèô Ÿ•7Ñi’•j|“ñì>b…þS?*Óôÿ ÓÐü*h¥£ír¶ü UãSç‚Ÿ[AÐaè[ûª•õ&õj?†Éö+EzP—WeÒírJFt ‘BŒ†Ï‡%#tE Øz ¥OÛ«!1›üä±Í™%ºÍãö]°î(–:@<‹ŒÊö×òÆt¦ãº+‡¦%ÌÁ²h´OƒJŒtMÜ>ÀÜÊw3Y´•牋4ǍýʏTì>œú=Íwhyë,¾Ôò×õ¿ßÊa»«þˆѪQ|%6ž™A õ%:øj<>É—ÿ Å_ˆCbõ¥š±ý¯Ýƒï…¶|RëócÍf溪“t.СøTÿ *Ä¿-{†çàczůŽ_–^XþŒ±miB[X±d 1,é”zEù»& î9gœf™9Ð'.;—™i}!ôšåîqêÛ٤ёý£½ÆA–àôe"A$˝Úsäÿ ÷Û #°xŸëí(l »ý3—¥5m! rt`†0~'j2(]S¦¦kv,ÚÇ l¦øJA£Šƒ J3E8ÙiŽ:cÉžúeZ°€¯\®kÖ(79«Ž:¯X”¾³Š&¡* ….‰Ž(ÜíŸ2¥ª‡×Hi²TF¤ò[¨íÈRëÉ䢍mgÑ.Ÿ<öäS0í„ǹÁU´f#Vß;Õ–…P@3ío<ä-±»Ž.L|kªÀê›fÂ6@»eu‚|ÓaÞÆŸ…¨ááå>åŠ?cKü6ùTÍÆ”†sĤÚ;H2RÚ†õ\Ö·Ÿn'¾ ñ#ºI¤Å´%çÁ­‚â7›‹qT3Iï¨ÖÚ5I7Ë!ÅOóŸ¶øÝñØôת¦$Tcö‘[«Ö³šÒ';Aþ ¸èíg A2Z"i¸vdÄ÷.iõ®§)¿]¤À†–‡É&ä{V¶iŽ”.Ó×Õÿ û?h¬Mt–íª[ÿ Ñÿ ÌV(í}=ibÔ¡›¥¢±b Lô¥‡piη_Z<‡z§èŒ)iÖwiÇ 2hÙ3·=’d÷8éŽ1¦¸c¤µ€7›7Ø ð\á)} ¹fËí›pAÃL%âc2 í§æQz¿;T8sæ°qø)QFMð‰XŒÂ±N¢aF¨…8¯!U  Z©RÊ ÖPVÄÀÍin™Ì-GˆªÅËŠ›•zË}º±ŽÍFò¹}Uw×#ä5B¤{î}Ð<ÙD é©¤&‡ïDbàÁôMÁ." ¤‡ú*õ'VŽ|¼´Úgllº¼klz[Æüï÷Aób‡Eÿ dÑ»Xx9ÃÜ£ÁT/`¼¸vI±Ýµ·Ë‚“G³þ*Ÿû´r|*}<¨îºœ @¦mÄ’M¹”.œ«Y–|6ÏU¤jç¥ÕÞqO ˜kDÆÁ¨5ÿ š;Њ¦¦€GÙk \ –Þ=â¼=SͧµªS°ÚÍpÜãQűÀõ¬?ÃÁ1Ñ•õZà?hóœ€ L¦l{Y*K˜Ù›zc˜–ˆâ ø+¾ ­-Ök¥%ùEÜA'}ˆ><ÊIè“bpÍ/qÞâvoX€w,\úªò6Z[XdÒæ­@Ö—€$òJí#é>'°Ú ôª˜<)4ryÙ£|óAÅn5žêŸyÒäMÝ2{"}‰–¤l÷ûWX\l¾Á¸góÉOÔ /óñB¤f¸çñ[.P˜ZsÊË*ßT܈§QN¢’¡¨§V¼(Üù*eÕ“”5T¨‹Âê¥FŒã½Dü[8'Ò¥a…Ú¶k7a *•›¼'Ò·\8¨ª\@\õ¢¦íq+DÙrmÎ…_ªæ»ŠÓœ¡¯’Ré9MÅ×D™lælffc+ŒÑ,ý™ÿ ¯þǤ=Å’Á7µ÷ÚÛ/“Ü€ñýã¼àí¾ÕÑ+ƒ,uµMâÀÄbm:ÒÎPæ{˜Gz[ƒ¯«® KHà`ßØŠéí¯P8Aq.C‰ à€kòpj´kN¶qô€…Õ,ÜNŠª-­{Zö’æû44‰sŽè‰îVíRœÕm" 6?³D9¡ÇTíÅꋇ`4«¸ÝÁô ï’ýorqКÇZ«x4Žâéþuïf¹µö[P ,Q£éaX±`PÉÍZ ¸äYúg üAx ’6Lê‚xÝÓ*äQ  Ï’¨hÍ =²,6ï#rÃ<¯–£»ƒ‹,–ê•€ aÛsñ'%Æ"®ÛüìBᝠHÚ3ß°©$“XnœÖ’î2ËTeûìxîß ¦å¿çÉ ðK§þ{‘t‚Ϋ¬jéîZ[ ”š7L¥4VÚCE×]m¤Øy”ä4-dz£œ§¸x.*ãÊÊ b÷•h:©‡¦s`BTÁRû¾g⻩‹jø sF¢àJøFl‘È•Xᓁà~*j¯ +(ÚÕ6-£¯÷GŠØy‚<Ç’.F‹Hœw(+)ÜÜâÈzÄäT§FߘãÏ;DmVœ3Àu@mÚüXÝü•3B¨òÌÁÛ<·ÃÜ z,Ì@õÅ·d2]ü8s÷IôÞ¯^Ç9¢u„~ëAŸï4«M? K]­ÅàPl@s_ p:°¬ZR”´›JC[CS.h‹ƒïËœ«Æ]–÷ó‚wR×k7X‰k›‘´ù¦=¡«‰¨¨Â')—71ó’c‡Ðúµ `é.{§p¹ój\Ž{1h{o±Ý=áUÊïGÖŒõ–-BÄm+AZX¶¡ ïHðæ¥JmÙ;…ä¡Ÿˆ¦ ° äšiÉg«$üMk5¤L“’çÊvïâï ,=f“"íἊ5ô¬x6{ɏžID0e¸vçmi'︧ºð9$ò¹÷*£’9ÿ ²TÔ…×>JV¥}Œ}$p[bÔ®*[jzS*8 ”·T›Í–ñUîƒwo$áè=LT™ç—~ô·¤ÈÚ$榍q‰„+´kFm)ž‹©i–ËqÞŠ‰à¶ü( ‚•§ •°ò·‡#5ª•µÊ﯅¡X¨šÁ*F#TXJÊ ušJVÍ&=iÄs1‚3•'fý§5Ñ<=[íÞ­ PÚ;ѱÌ_~Ä££8rÞ ²w;’hDT°>ÈG¬8Á²ÚzŽ®ò®qZcqJêäÞ-ö[ܘbň±çb“Š¶31²n×iƒðÕ;1¶þÉ ªX‰,ßqÏ$>•î íZ¥Z 1{ç൵+ƒÕµ¥°T$§K]á»Ûï*·¤tMI’ÂZbŽÕiÒ˜}bÓ0£ª5›¨ [5Ž^ÝœWøÂÝh° ¢OWun£¤5 a2Z.G2³YL]jåtì”ä ÁÓ‘%"©<ÔúÊ°sº UZvä‡ÄiÆÒM .÷V·™ø#kèýiíÌ–ª)µT[)BˆõÑ xB¾B€ÖT¨.¥~ð@VĶr#¸ü*åZNDŽH;âi ],©£öØpù(šºãö¼T.uCê•4@ÿ GÕÛ)Cx›®0ø#:ÏðFÒbR\(€€Ä®fã4Þ‰Fä¯HXƒÅ,†öEÑÔÜ]Öv²?tLÃvBY£ú6Êu5ÅAQ³1‘’¬x–HŒÐ‡ ^ ¸KwJôÖŽ5×CÚ¨vÜ«/B0$×k°=ðbÇ(Ï)w±A†Á† 11Í=èQšµ626ŒÜ/`G«µ<}—-Ö7KEHÈÉðóȤmݱû±·ø«Snmá=“ä«šmݱŸ¡¶~ó·“äUóJæúòB|E LêŽy´jDÔ$G¢þÐñ7óR8ýÒ…Ç› WVe#·Ÿ p·Fx~•ݤF÷0Èÿ K¯æS<6’¡WШ; ´ÿ ¥Êø\Òuî†åÝ–VNœkÒ7oòX¨Á­Ø÷FÎÑä±g÷ÿ M~Çî=p,X´ ÝÌÚÅ‹’ÃjÖ.ØöÏñ qïQ¤ÓZE†° =6·]܈ s¸>v•Ž^Ý\wq9r‰Î\¸¡kURÒ$­*‹Nq?Þª*!sŠÆ:TU_u±T+øX¡ ®¹¡,ÄâÃBTsÜ$Ø›4m椴zÜK]’’›Pƒ @€#â˜`é¹=I‡fiV•Ôî“nRm+µFPOhÍ0B£ €+¬5c v•:P'ÒyÎ ‰V~‚Ó†ÖuókDoh$å\*ö%Ю=£«…aȼ½÷Û.-½VŒŠ¼'lyî±1¬3ó#ÞE¿ÔS¤gV£m›=§\û"—WU¤ÚǼÿ ÂnÁGŒÃ ‚õN D³õNÚíŒÕ;HôyÄÈ©P¹Ä{:?R‘Ô¨âF÷ø£bÅó® JS|‚R÷ivýáâ€Æé¡è³´IئÑT!§˜•Øª‚¬â@q€wnïCWÄ@JU€ê¯m6]Ï:£âx'+ÒðXvÓ¦Úm=–´7œ $ì“B£~p%ÕŸUþ« N@¼üï~w˜ñø5®—'Ôe»¤5ã//€ž~‰Tþ›Å7•#¤× Íö pÄ$ùeåì*«ÓŠEØWEÈsßg ¦ûvžSsLpºÊW–âµEWöˬH; ™!CYõZ ÃÄf æ#1W. \uWâ\,\Çf j’<qTbên›Î[vxx£ë 'ö¨1›˜ÀM¼Pÿ H)ƒêêŒA7s,|F“ 꺸k³9Ìö*ç®;Ö!Ö$Eiž•¹ÒÚ†ýóéÝû¾ÕS®ó$’NÝäŸz¤5r¦ãÄÃD÷Üø!°ø‡Ô&@m™Ì^Ãä­d q5Lnÿ N;.6½·N|#ä"1Nƒx“ã<3('&ñßt  ~ªu”1Tb㫨9ê–›–bìd$ߣ=#ÕãÒmU¯eí$EFù5ýYô櫨æ왍Ǘ±ssM]·á¿0ÕåJRÓªîiƒ+O58ÖñªŠÒx" \µâá¨i’¤i —Ö ” M+M¤ë9‚‰A¦°Qõ¾ßøK~¼Ã‘g…Ö´~÷Ï[3GUœÒ½#…kàÔ®Ò”‰³·dWV‰IP‰Ú8u¹”E ÖqLj¾êÕCBš{A^Âß;–¨`¯¬ìö ˼ ×tìø.tƐm*n¨y4o&Àx¥n¦×î‡aupáÛj8¿m›è¶ã!o½;ß0y^ý×^EÑ¿ÒjzŒ­)vÚÑnÄL …^ªô× ‡—‚3k Îý­hï]içå–îÏ*÷ñþ»Ô CÒjøjÍznˆ´ ¹#b'Fô‹ ‰v¥'’à'T´ƒHýÍ%M‰ ƒ&ÆÇŒï1 ‘ –Þ ‰i¬s žR-Ÿ kŠ¬á¬7:þ 0ŒÅÒÕ/aÙ¬ÃÝ#Úøœ ©aiVc‰. ¹¦ãµ” ›Yg¦›ÆÎýº°f³7ƒhá·¸­}&D9¡ÂsÉÙÞèŠõØàC™¨ñbFC|´Ü(ŸƒÚÒ-%»'a Ì¿)ËÇn¿úÿ ÞŽX…4ÊÅH^ôΑí@ù¹Eh¶“L8Çjù ¼ÎåVªóR©Ï5uà V4lZß®=€xÖŸ–ÑÈ ÷”¨°¾__yM1tÉ?uÆþIkÄgæ@þ[¢†°XÃJ£j·:nkÅ¢u ‘}âGzö­/IµèŠ¬¼48q¦F°ŽR¼=ûì{´¯RýicS ÕÛ íNtÍÙï£,w4rêì®»~x(©Uñ§#Ñ&œÕ¤>ÎåÍÓ9’Ö{9eV­[Öjâ²ãu]˜å2›qÑšÕJç0€sÄ|Êëè0튔bÁ>“{×_F`Ø©ºê:µä,v¤ðfc1±"«ÔÍän1#=· Âøv~H½ÐßA¾¿Ü€Óš]Õ; I¾÷ç‚Qi†î¹9ywÔKG˜áñ zQY—§ÃÕZ07§X‚ Áh;ÁM)iÌCH-¯T‘ë|A0{Ò½LÚ–TâÖkÜ’dÀ“rmm»”جPF³ÖcbE§T€ÒxKºû’Ó®7±²(\4ŽÃ¸Uu@j™yĵ;³µ!Á¢b.W¤=mõ´êµK k ¸K^ÜÛ#p*Ü14qkZç5ïë †°5Ï%ÍÛ<Õ¤×Ô¥ê†C Õ´¼ú$ƒÖ“”]Ù¬qÞÚ[4©ý!ûÏ—Áb쳐XµA¬â~`›Çr¸8ìùÝ䫦<>ä÷«?xs´ÇÑ /á;¹øüÊÈÙà{"@Žïzâ¬[âß‚ U_<ÇŸ½4èN˜ú61®qŠu ¦þF£»äJ_ˆÙÎ~ ÞAã–Ý„Ï—rŠD;xTž‘ô`É«…suãO`?³à™ô Lý#Íc5öoæØ‚y´´÷«ZR§<&JÇ+éâô´€i!Àˆ0æAoàðLèÖ-2ŸõW.’t^–(KÁmHµV@xÜÇy®Ñø­â^:Ú3w· 7½¹°ñ¸â¹®:',«Mœ—n­Á+Ãbš LÈ‘ÄnRÓÅœ%¦²‰¨ùQ:¤f‚ "PÕtô¸…cæl…&˜Ú˜Ôkv‹ž+vŠ,=¢v­6—Xy*¥t£«<™:“aîϲ=¦6rO]XI¿Œ÷¤zÚ­›¶ 6÷”w\d ü~v®ˆÌk«^m<ÿ ¢‰Õ\)ùºŽ;… lîÙÅEŠ®cѾ@vnMÏ,¼“ñ•ŽBxðÃzãÇç%3ˆ"}Ù•Åî> BÉú;Ò]V+P˜F_´ßé> Øše|ï‡ÄOmFæÇ ãqÞ$/xÐx­z`ï9"œÜij‚!7.\Td…9M‡•iŽ‹¾‘50ÞŽn¥ß4ÉôO ¹*í^QêËÜÇÌ8=Ž§s‰'ÂëÙ«á%Pú[O †ÅP¯VsŽ°.‰,kc¶ ¬A9n˜XÎ-ÞšN["¹QÕ‰ƒMýÁߺXJæÍaLj¾×Ãmã¾ãÚ uñÒþåQô¦¥ /ÄUx:‚ÍÜ’ Đ©ØÝ3V¨‰ÕnÐ6ó*óúK­«…c ¯U òhsý­jóÔj#,ímŒRµ«lbïUTŒÑ8†Ä0œÏr`ð¡¬É Ї ë"À² ™ 6¥ f¶ ¢ÚoܱԷ-<Àî)†a¶ž'Ú»¨TXqØæ¶÷YÄHy˜9ÈIW­YÀuMFë ºÏ’AqÌ4·/Ú †ô'i$øä­=Ä Ý|öK×40è|È6p‘0§)o¥ctî§H+CA-“ xØ|ÐXŠç l8íºð3Ø:³¤¬KX¯UÿÙ #!/usr/bin/env perl # SPDX-License-Identifier: GPL-2.0-only # # (c) 2017 Tobin C. Harding # # leaking_addresses.pl: Scan the kernel for potential leaking addresses. # - Scans dmesg output. # - Walks directory tree and parses each file (for each directory in @DIRS). # # Use --debug to output path before parsing, this is useful to find files that # cause the script to choke. # # When the system is idle it is likely that most files under /proc/PID will be # identical for various processes. Scanning _all_ the PIDs under /proc is # unnecessary and implies that we are thoroughly scanning /proc. This is _not_ # the case because there may be ways userspace can trigger creation of /proc # files that leak addresses but were not present during a scan. For these two # reasons we exclude all PID directories under /proc except '1/' use warnings; use strict; use POSIX; use File::Basename; use File::Spec; use Cwd 'abs_path'; use Term::ANSIColor qw(:constants); use Getopt::Long qw(:config no_auto_abbrev); use Config; use bigint qw/hex/; use feature 'state'; my $P = $0; # Directories to scan. my @DIRS = ('/proc', '/sys'); # Timer for parsing each file, in seconds. my $TIMEOUT = 10; # Kernel addresses vary by architecture. We can only auto-detect the following # architectures (using `uname -m`). (flag --32-bit overrides auto-detection.) my @SUPPORTED_ARCHITECTURES = ('x86_64', 'ppc64', 'x86'); # Command line options. my $help = 0; my $debug = 0; my $raw = 0; my $output_raw = ""; # Write raw results to file. my $input_raw = ""; # Read raw results from file instead of scanning. my $suppress_dmesg = 0; # Don't show dmesg in output. my $squash_by_path = 0; # Summary report grouped by absolute path. my $squash_by_filename = 0; # Summary report grouped by filename. my $kernel_config_file = ""; # Kernel configuration file. my $opt_32bit = 0; # Scan 32-bit kernel. my $page_offset_32bit = 0; # Page offset for 32-bit kernel. # Skip these absolute paths. my @skip_abs = ( '/proc/kmsg', '/proc/device-tree', '/proc/1/syscall', '/sys/firmware/devicetree', '/sys/kernel/debug/tracing/trace_pipe', '/sys/kernel/security/apparmor/revision'); # Skip these under any subdirectory. my @skip_any = ( 'pagemap', 'events', 'access', 'registers', 'snapshot_raw', 'trace_pipe_raw', 'ptmx', 'trace_pipe', 'fd', 'usbmon'); sub help { my ($exitcode) = @_; print << "EOM"; Usage: $P [OPTIONS] Options: -o, --output-raw= Save results for future processing. -i, --input-raw= Read results from file instead of scanning. --raw Show raw results (default). --suppress-dmesg Do not show dmesg results. --squash-by-path Show one result per unique path. --squash-by-filename Show one result per unique filename. --kernel-config-file= Kernel configuration file (e.g /boot/config) --32-bit Scan 32-bit kernel. --page-offset-32-bit=o Page offset (for 32-bit kernel 0xABCD1234). -d, --debug Display debugging output. -h, --help Display this help and exit. Scans the running kernel for potential leaking addresses. EOM exit($exitcode); } GetOptions( 'd|debug' => \$debug, 'h|help' => \$help, 'o|output-raw=s' => \$output_raw, 'i|input-raw=s' => \$input_raw, 'suppress-dmesg' => \$suppress_dmesg, 'squash-by-path' => \$squash_by_path, 'squash-by-filename' => \$squash_by_filename, 'raw' => \$raw, 'kernel-config-file=s' => \$kernel_config_file, '32-bit' => \$opt_32bit, 'page-offset-32-bit=o' => \$page_offset_32bit, ) or help(1); help(0) if ($help); if ($input_raw) { format_output($input_raw); exit(0); } if (!$input_raw and ($squash_by_path or $squash_by_filename)) { printf "\nSummary reporting only available with --input-raw=\n"; printf "(First run scan with --output-raw=.)\n"; exit(128); } if (!(is_supported_architecture() or $opt_32bit or $page_offset_32bit)) { printf "\nScript does not support your architecture, sorry.\n"; printf "\nCurrently we support: \n\n"; foreach(@SUPPORTED_ARCHITECTURES) { printf "\t%s\n", $_; } printf("\n"); printf("If you are running a 32-bit architecture you may use:\n"); printf("\n\t--32-bit or --page-offset-32-bit=\n\n"); my $archname = `uname -m`; printf("Machine hardware name (`uname -m`): %s\n", $archname); exit(129); } if ($output_raw) { open my $fh, '>', $output_raw or die "$0: $output_raw: $!\n"; select $fh; } parse_dmesg(); walk(@DIRS); exit 0; sub dprint { printf(STDERR @_) if $debug; } sub is_supported_architecture { return (is_x86_64() or is_ppc64() or is_ix86_32()); } sub is_32bit { # Allow --32-bit or --page-offset-32-bit to override if ($opt_32bit or $page_offset_32bit) { return 1; } return is_ix86_32(); } sub is_ix86_32 { state $arch = `uname -m`; chomp $arch; if ($arch =~ m/i[3456]86/) { return 1; } return 0; } sub is_arch { my ($desc) = @_; my $arch = `uname -m`; chomp $arch; if ($arch eq $desc) { return 1; } return 0; } sub is_x86_64 { state $is = is_arch('x86_64'); return $is; } sub is_ppc64 { state $is = is_arch('ppc64'); return $is; } # Gets config option value from kernel config file. # Returns "" on error or if config option not found. sub get_kernel_config_option { my ($option) = @_; my $value = ""; my $tmp_file = ""; my @config_files; # Allow --kernel-config-file to override. if ($kernel_config_file ne "") { @config_files = ($kernel_config_file); } elsif (-R "/proc/config.gz") { my $tmp_file = "/tmp/tmpkconf"; if (system("gunzip < /proc/config.gz > $tmp_file")) { dprint("system(gunzip < /proc/config.gz) failed\n"); return ""; } else { @config_files = ($tmp_file); } } else { my $file = '/boot/config-' . `uname -r`; chomp $file; @config_files = ($file, '/boot/config'); } foreach my $file (@config_files) { dprint("parsing config file: $file\n"); $value = option_from_file($option, $file); if ($value ne "") { last; } } if ($tmp_file ne "") { system("rm -f $tmp_file"); } return $value; } # Parses $file and returns kernel configuration option value. sub option_from_file { my ($option, $file) = @_; my $str = ""; my $val = ""; open(my $fh, "<", $file) or return ""; while (my $line = <$fh> ) { if ($line =~ /^$option/) { ($str, $val) = split /=/, $line; chomp $val; last; } } close $fh; return $val; } sub is_false_positive { my ($match) = @_; if (is_32bit()) { return is_false_positive_32bit($match); } # 64 bit false positives. if ($match =~ '\b(0x)?(f|F){16}\b' or $match =~ '\b(0x)?0{16}\b') { return 1; } if (is_x86_64() and is_in_vsyscall_memory_region($match)) { return 1; } return 0; } sub is_false_positive_32bit { my ($match) = @_; state $page_offset = get_page_offset(); if ($match =~ '\b(0x)?(f|F){8}\b') { return 1; } if (hex($match) < $page_offset) { return 1; } return 0; } # returns integer value sub get_page_offset { my $page_offset; my $default_offset = 0xc0000000; # Allow --page-offset-32bit to override. if ($page_offset_32bit != 0) { return $page_offset_32bit; } $page_offset = get_kernel_config_option('CONFIG_PAGE_OFFSET'); if (!$page_offset) { return $default_offset; } return $page_offset; } sub is_in_vsyscall_memory_region { my ($match) = @_; my $hex = hex($match); my $region_min = hex("0xffffffffff600000"); my $region_max = hex("0xffffffffff601000"); return ($hex >= $region_min and $hex <= $region_max); } # True if argument potentially contains a kernel address. sub may_leak_address { my ($line) = @_; my $address_re; # Signal masks. if ($line =~ '^SigBlk:' or $line =~ '^SigIgn:' or $line =~ '^SigCgt:') { return 0; } if ($line =~ '\bKEY=[[:xdigit:]]{14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b' or $line =~ '\b[[:xdigit:]]{14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b') { return 0; } $address_re = get_address_re(); while ($line =~ /($address_re)/g) { if (!is_false_positive($1)) { return 1; } } return 0; } sub get_address_re { if (is_ppc64()) { return '\b(0x)?[89abcdef]00[[:xdigit:]]{13}\b'; } elsif (is_32bit()) { return '\b(0x)?[[:xdigit:]]{8}\b'; } return get_x86_64_re(); } sub get_x86_64_re { # We handle page table levels but only if explicitly configured using # CONFIG_PGTABLE_LEVELS. If config file parsing fails or config option # is not found we default to using address regular expression suitable # for 4 page table levels. state $ptl = get_kernel_config_option('CONFIG_PGTABLE_LEVELS'); if ($ptl == 5) { return '\b(0x)?ff[[:xdigit:]]{14}\b'; } return '\b(0x)?ffff[[:xdigit:]]{12}\b'; } sub parse_dmesg { open my $cmd, '-|', 'dmesg'; while (<$cmd>) { if (may_leak_address($_)) { print 'dmesg: ' . $_; } } close $cmd; } # True if we should skip this path. sub skip { my ($path) = @_; foreach (@skip_abs) { return 1 if (/^$path$/); } my($filename, $dirs, $suffix) = fileparse($path); foreach (@skip_any) { return 1 if (/^$filename$/); } return 0; } sub timed_parse_file { my ($file) = @_; eval { local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required. alarm $TIMEOUT; parse_file($file); alarm 0; }; if ($@) { die unless $@ eq "alarm\n"; # Propagate unexpected errors. printf STDERR "timed out parsing: %s\n", $file; } } sub parse_file { my ($file) = @_; if (! -R $file) { return; } if (! -T $file) { return; } open my $fh, "<", $file or return; while ( <$fh> ) { if (may_leak_address($_)) { print $file . ': ' . $_; } } close $fh; } # Checks if the actual path name is leaking a kernel address. sub check_path_for_leaks { my ($path) = @_; if (may_leak_address($path)) { printf("Path name may contain address: $path\n"); } } # Recursively walk directory tree. sub walk { my @dirs = @_; while (my $pwd = shift @dirs) { next if (!opendir(DIR, $pwd)); my @files = readdir(DIR); closedir(DIR); foreach my $file (@files) { next if ($file eq '.' or $file eq '..'); my $path = "$pwd/$file"; next if (-l $path); # skip /proc/PID except /proc/1 next if (($path =~ /^\/proc\/[0-9]+$/) && ($path !~ /^\/proc\/1$/)); next if (skip($path)); check_path_for_leaks($path); if (-d $path) { push @dirs, $path; next; } dprint("parsing: $path\n"); timed_parse_file($path); } } } sub format_output { my ($file) = @_; # Default is to show raw results. if ($raw or (!$squash_by_path and !$squash_by_filename)) { dump_raw_output($file); return; } my ($total, $dmesg, $paths, $files) = parse_raw_file($file); printf "\nTotal number of results from scan (incl dmesg): %d\n", $total; if (!$suppress_dmesg) { print_dmesg($dmesg); } if ($squash_by_filename) { squash_by($files, 'filename'); } if ($squash_by_path) { squash_by($paths, 'path'); } } sub dump_raw_output { my ($file) = @_; open (my $fh, '<', $file) or die "$0: $file: $!\n"; while (<$fh>) { if ($suppress_dmesg) { if ("dmesg:" eq substr($_, 0, 6)) { next; } } print $_; } close $fh; } sub parse_raw_file { my ($file) = @_; my $total = 0; # Total number of lines parsed. my @dmesg; # dmesg output. my %files; # Unique filenames containing leaks. my %paths; # Unique paths containing leaks. open (my $fh, '<', $file) or die "$0: $file: $!\n"; while (my $line = <$fh>) { $total++; if ("dmesg:" eq substr($line, 0, 6)) { push @dmesg, $line; next; } cache_path(\%paths, $line); cache_filename(\%files, $line); } return $total, \@dmesg, \%paths, \%files; } sub print_dmesg { my ($dmesg) = @_; print "\ndmesg output:\n"; if (@$dmesg == 0) { print "\n"; return; } foreach(@$dmesg) { my $index = index($_, ': '); $index += 2; # skid ': ' print substr($_, $index); } } sub squash_by { my ($ref, $desc) = @_; print "\nResults squashed by $desc (excl dmesg). "; print "Displaying [ <$desc>], \n"; if (keys %$ref == 0) { print "\n"; return; } foreach(keys %$ref) { my $lines = $ref->{$_}; my $length = @$lines; printf "[%d %s] %s", $length, $_, @$lines[0]; } } sub cache_path { my ($paths, $line) = @_; my $index = index($line, ': '); my $path = substr($line, 0, $index); $index += 2; # skip ': ' add_to_cache($paths, $path, substr($line, $index)); } sub cache_filename { my ($files, $line) = @_; my $index = index($line, ': '); my $path = substr($line, 0, $index); my $filename = basename($path); $index += 2; # skip ': ' add_to_cache($files, $filename, substr($line, $index)); } sub add_to_cache { my ($cache, $key, $value) = @_; if (!$cache->{$key}) { $cache->{$key} = (); } push @{$cache->{$key}}, $value; }