Re: [PATCH] leaking_addresses: Provide mechanism to scan binary files

From: Kees Cook
Date: Thu Feb 22 2024 - 16:00:51 EST

Next message: Richard Gobert: "[PATCH net-next 0/3] net: gro: encapsulation bug fix and flush checks improvements"
Previous message: Dmitry Baryshkov: "Re: [PATCH 1/6] drm/bridge: aux-hpd: fix OF node leaks"
In reply to: Tycho Andersen: "Re: [PATCH] leaking_addresses: Provide mechanism to scan binary files"
Next in thread: Kees Cook: "Re: [PATCH] leaking_addresses: Provide mechanism to scan binary files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 22, 2024 at 08:24:02AM -0700, Tycho Andersen wrote:
> Hi Kees,
>
> On Sun, Feb 18, 2024 at 09:38:12AM -0800, Kees Cook wrote:
> > Introduce --kallsyms argument for scanning binary files for known symbol
> > addresses. This would have found the exposure in /sys/kernel/notes:
> >
> > $ scripts/leaking_addresses.pl --kallsyms=<(sudo cat /proc/kallsyms)
> > /sys/kernel/notes: hypercall_page @ 156
> > /sys/kernel/notes: xen_hypercall_set_trap_table @ 156
> > /sys/kernel/notes: startup_xen @ 132
> >
> > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
>
> Patch itself is
>
> Reviewed-by: Tycho Andersen <tandersen@xxxxxxxxxxx>
>
> And if you can carry it, that would be great (see below :).

Sure!

> This does bring up some interesting questions. From off-list
> discussions with Tobin, I believe he is not particularly interested in
> maintaining this script any more. I was never set up to do the PRs
> myself, I agreed to be a reviewer to help Tobin out. I'm happy to
> adopt it if that makes sense, but I'm curious about the future of the
> script:
>
> 1. is it useful? (seems like yes if you're adding features)

Yes, LKP runs it as part of 0-day, and it's found leaks in the past[1].
(Though its usage could be improved.)

> 2. does it make sense to live here as a separate thing? should we
> perhaps run it as part of kselftests or similar? I think that e.g.
> 681ff0181bbf ("x86/mm/init/32: Stop printing the virtual memory
> layout") was not discovered with this script, but maybe if we put it
> inline with some other stuff people regularly run more of these would
> fall out? Maybe it makes sense to live somewhere else entirely
> (syzkaller)? I can probably set up some x86/arm64 infra to run it
> regularly, but that won't catch other less popular arches.

We could certainly do that. It would need some work to clean it up,
though -- it seems like it wasn't designed to run as root (which is how
LKP runs it, and likely how at least some CIs would run it).

> 3. perl. I'm mostly not a perl programmer, but would be happy to
> rewrite it in python pending the outcome of discussion above.

I am not a Perl fan either. It does work as-is, though. Address leaks,
while worth fixing, are relatively low priority over all, so I wouldn't
prioritize a rewrite very highly.

-Kees

[1] https://lore.kernel.org/all/20210103142726.GC30643@xsang-OptiPlex-9020/

--
Kees Cook

Next message: Richard Gobert: "[PATCH net-next 0/3] net: gro: encapsulation bug fix and flush checks improvements"
Previous message: Dmitry Baryshkov: "Re: [PATCH 1/6] drm/bridge: aux-hpd: fix OF node leaks"
In reply to: Tycho Andersen: "Re: [PATCH] leaking_addresses: Provide mechanism to scan binary files"
Next in thread: Kees Cook: "Re: [PATCH] leaking_addresses: Provide mechanism to scan binary files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]