diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-04-07 11:56:33 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-04-07 11:56:33 -0700 |
commit | 299f89d53e61c0b17479cc7d6f3b5382d5e83f28 (patch) | |
tree | 05ee7ec5e5fb6cc61144a7f6ac3123c3e341f607 /MAINTAINERS | |
parent | fc22e19a114f000da4db2ed0ed82023c44d38a8c (diff) | |
parent | e875d33d7f06d1107c057d12bb5aaba84738e418 (diff) | |
download | op-kernel-dev-299f89d53e61c0b17479cc7d6f3b5382d5e83f28.zip op-kernel-dev-299f89d53e61c0b17479cc7d6f3b5382d5e83f28.tar.gz |
Merge tag 'leaks-4.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks
Pull leaking-addresses updates from Tobin Harding:
"This set represents improvements to the scripts/leaking_addresses.pl
script.
The major improvement is that with this set applied the script
actually runs in a reasonable amount of time (less than a minute on a
standard stock Ubuntu user desktop). Also, we have a second maintainer
now and a tree hosted on kernel.org
We do a few code clean ups. We fix the command help output. Handling
of the vsyscall address range is fixed to check the whole range
instead of just the start/end addresses. We add support for 5 page
table levels (suggested on LKML). We use a system command to get the
machine architecture instead of using Perl. Calling this command for
every regex comparison is what previously choked the script, caching
the result of this call gave the major speed improvement. We add
support for scanning 32-bit kernels using the user/kernel memory
split. Path skipping code refactored and simplified (meaning easier
script configuration). We remove version numbering. We add a variable
name to improve readability of a regex and finally we check filenames
for leaking addresses.
Currently script scans /proc/PID for all PID. With this set applied we
only scan for PID==1. It was observed that on an idle system files
under /proc/PID are predominantly the same for all processes. Also it
was noted that the script does not scan _all_ the kernel since it only
scans active processes. Scanning only for PID==1 makes explicit the
inherent flaw in the script that the scan is only partial and also
speeds things up"
* tag 'leaks-4.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks:
MAINTAINERS: Update LEAKING_ADDRESSES
leaking_addresses: check if file name contains address
leaking_addresses: explicitly name variable used in regex
leaking_addresses: remove version number
leaking_addresses: skip '/proc/1/syscall'
leaking_addresses: skip all /proc/PID except /proc/1
leaking_addresses: cache architecture name
leaking_addresses: simplify path skipping
leaking_addresses: do not parse binary files
leaking_addresses: add 32-bit support
leaking_addresses: add is_arch() wrapper subroutine
leaking_addresses: use system command to get arch
leaking_addresses: add support for 5 page table levels
leaking_addresses: add support for kernel config file
leaking_addresses: add range check for vsyscall memory
leaking_addresses: indent dependant options
leaking_addresses: remove command examples
leaking_addresses: remove mention of kptr_restrict
leaking_addresses: fix typo function not called
Diffstat (limited to 'MAINTAINERS')
-rw-r--r-- | MAINTAINERS | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/MAINTAINERS b/MAINTAINERS index 7e48624..957c485 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -7919,7 +7919,10 @@ F: drivers/scsi/53c700* LEAKING_ADDRESSES M: Tobin C. Harding <me@tobin.cc> +M: Tycho Andersen <tycho@tycho.ws> +L: kernel-hardening@lists.openwall.com S: Maintained +T: git git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks.git F: scripts/leaking_addresses.pl LED SUBSYSTEM |