leaking_addresses: add range check for vsyscall memory (87e37588) · Commits · 戴 / test

Currently script checks only first and last address in the vsyscall memory range. We can do better than this. When checking for false positives against $match, we can convert $match to a hexadecimal value then check if it lies within the range of vsyscall addresses. Check whole range of vsyscall addresses when checking for false positive. Signed-off-by:

Tobin C. Harding <me@tobin.cc>

scripts/leaking_addresses.pl

+14 −6

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@ use Cwd 'abs_path';
		use Term::ANSIColor qw(:constants);
		use Getopt::Long qw(:config no_auto_abbrev);
		use Config;
		use bigint qw/hex/;

		my $P = $0;
		my $V = '0.01';
		@@ -195,17 +196,24 @@ sub is_false_positive
		return 1;
		}

		if (is_x86_64()) {
		# vsyscall memory region, we should probably check against a range here.
		if ($match =~ '\bf{10}600000\b' or
		$match =~ '\bf{10}601000\b') {
		if (is_x86_64() and is_in_vsyscall_memory_region($match)) {
		return 1;
		}
		}

		return 0;
		}

		sub is_in_vsyscall_memory_region
		{
		my ($match) = @_;

		my $hex = hex($match);
		my $region_min = hex("0xffffffffff600000");
		my $region_max = hex("0xffffffffff601000");

		return ($hex >= $region_min and $hex <= $region_max);
		}

		# True if argument potentially contains a kernel address.
		sub may_leak_address
		{

Admin message