[linux-block.git] / scripts / leaking_addresses.pl

#!/usr/bin/env perl
#
# (c) 2017 Tobin C. Harding <me@tobin.cc>
# Licensed under the terms of the GNU GPL License version 2
#
# leaking_addresses.pl: Scan 64 bit kernel for potential leaking addresses.
#  - Scans dmesg output.
#  - Walks directory tree and parses each file (for each directory in @DIRS).
#
# Use --debug to output path before parsing, this is useful to find files that
# cause the script to choke.

use warnings;
use strict;
use POSIX;
use File::Basename;
use File::Spec;
use Cwd 'abs_path';
use Term::ANSIColor qw(:constants);
use Getopt::Long qw(:config no_auto_abbrev);
use Config;
use bigint qw/hex/;
use feature 'state';

my $P = $0;
my $V = '0.01';

# Directories to scan.
my @DIRS = ('/proc', '/sys');

# Timer for parsing each file, in seconds.
my $TIMEOUT = 10;

# Script can only grep for kernel addresses on the following architectures. If
# your architecture is not listed here and has a grep'able kernel address please
# consider submitting a patch.
my @SUPPORTED_ARCHITECTURES = ('x86_64', 'ppc64');

# Command line options.
my $help = 0;
my $debug = 0;
my $raw = 0;
my $output_raw = "";	# Write raw results to file.
my $input_raw = "";	# Read raw results from file instead of scanning.
my $suppress_dmesg = 0;		# Don't show dmesg in output.
my $squash_by_path = 0;		# Summary report grouped by absolute path.
my $squash_by_filename = 0;	# Summary report grouped by filename.
my $kernel_config_file = "";	# Kernel configuration file.

# Do not parse these files (absolute path).
my @skip_parse_files_abs = ('/proc/kmsg',
			    '/proc/kcore',
			    '/proc/fs/ext4/sdb1/mb_groups',
			    '/proc/1/fd/3',
			    '/sys/firmware/devicetree',
			    '/proc/device-tree',
			    '/sys/kernel/debug/tracing/trace_pipe',
			    '/sys/kernel/security/apparmor/revision');

# Do not parse these files under any subdirectory.
my @skip_parse_files_any = ('0',
			    '1',
			    '2',
			    'pagemap',
			    'events',
			    'access',
			    'registers',
			    'snapshot_raw',
			    'trace_pipe_raw',
			    'ptmx',
			    'trace_pipe');

# Do not walk these directories (absolute path).
my @skip_walk_dirs_abs = ();

# Do not walk these directories under any subdirectory.
my @skip_walk_dirs_any = ('self',
			  'thread-self',
			  'cwd',
			  'fd',
			  'usbmon',
			  'stderr',
			  'stdin',
			  'stdout');

sub help
{
	my ($exitcode) = @_;

	print << "EOM";

Usage: $P [OPTIONS]
Version: $V

Options:

	-o, --output-raw=<file>		Save results for future processing.
	-i, --input-raw=<file>		Read results from file instead of scanning.
	      --raw			Show raw results (default).
	      --suppress-dmesg		Do not show dmesg results.
	      --squash-by-path		Show one result per unique path.
	      --squash-by-filename	Show one result per unique filename.
	--kernel-config-file=<file>     Kernel configuration file (e.g /boot/config)
	-d, --debug			Display debugging output.
	-h, --help, --version		Display this help and exit.

Scans the running (64 bit) kernel for potential leaking addresses.

EOM
	exit($exitcode);
}

GetOptions(
	'd|debug'		=> \$debug,
	'h|help'		=> \$help,
	'version'		=> \$help,
	'o|output-raw=s'        => \$output_raw,
	'i|input-raw=s'         => \$input_raw,
	'suppress-dmesg'        => \$suppress_dmesg,
	'squash-by-path'        => \$squash_by_path,
	'squash-by-filename'    => \$squash_by_filename,
	'raw'                   => \$raw,
	'kernel-config-file=s'	=> \$kernel_config_file,
) or help(1);

help(0) if ($help);

if ($input_raw) {
	format_output($input_raw);
	exit(0);
}

if (!$input_raw and ($squash_by_path or $squash_by_filename)) {
	printf "\nSummary reporting only available with --input-raw=<file>\n";
	printf "(First run scan with --output-raw=<file>.)\n";
	exit(128);
}

if (!is_supported_architecture()) {
	printf "\nScript does not support your architecture, sorry.\n";
	printf "\nCurrently we support: \n\n";
	foreach(@SUPPORTED_ARCHITECTURES) {
		printf "\t%s\n", $_;
	}
	printf("\n");

	my $archname = `uname -m`;
	printf("Machine hardware name (`uname -m`): %s\n", $archname);

	exit(129);
}

if ($output_raw) {
	open my $fh, '>', $output_raw or die "$0: $output_raw: $!\n";
	select $fh;
}

parse_dmesg();
walk(@DIRS);

exit 0;

sub dprint
{
	printf(STDERR @_) if $debug;
}

sub is_supported_architecture
{
	return (is_x86_64() or is_ppc64());
}

sub is_arch
{
       my ($desc) = @_;
       my $arch = `uname -m`;

       chomp $arch;
       if ($arch eq $desc) {
               return 1;
       }
       return 0;
}

sub is_x86_64
{
	return is_arch('x86_64');
}

sub is_ppc64
{
	return is_arch('ppc64');
}

# Gets config option value from kernel config file.
# Returns "" on error or if config option not found.
sub get_kernel_config_option
{
	my ($option) = @_;
	my $value = "";
	my $tmp_file = "";
	my @config_files;

	# Allow --kernel-config-file to override.
	if ($kernel_config_file ne "") {
		@config_files = ($kernel_config_file);
	} elsif (-R "/proc/config.gz") {
		my $tmp_file = "/tmp/tmpkconf";

		if (system("gunzip < /proc/config.gz > $tmp_file")) {
			dprint "$0: system(gunzip < /proc/config.gz) failed\n";
			return "";
		} else {
			@config_files = ($tmp_file);
		}
	} else {
		my $file = '/boot/config-' . `uname -r`;
		chomp $file;
		@config_files = ($file, '/boot/config');
	}

	foreach my $file (@config_files) {
		dprint("parsing config file: %s\n", $file);
		$value = option_from_file($option, $file);
		if ($value ne "") {
			last;
		}
	}

	if ($tmp_file ne "") {
		system("rm -f $tmp_file");
	}

	return $value;
}

# Parses $file and returns kernel configuration option value.
sub option_from_file
{
	my ($option, $file) = @_;
	my $str = "";
	my $val = "";

	open(my $fh, "<", $file) or return "";
	while (my $line = <$fh> ) {
		if ($line =~ /^$option/) {
			($str, $val) = split /=/, $line;
			chomp $val;
			last;
		}
	}

	close $fh;
	return $val;
}

sub is_false_positive
{
	my ($match) = @_;

	if ($match =~ '\b(0x)?(f|F){16}\b' or
	    $match =~ '\b(0x)?0{16}\b') {
		return 1;
	}

	if (is_x86_64() and is_in_vsyscall_memory_region($match)) {
		return 1;
	}

	return 0;
}

sub is_in_vsyscall_memory_region
{
	my ($match) = @_;

	my $hex = hex($match);
	my $region_min = hex("0xffffffffff600000");
	my $region_max = hex("0xffffffffff601000");

	return ($hex >= $region_min and $hex <= $region_max);
}

# True if argument potentially contains a kernel address.
sub may_leak_address
{
	my ($line) = @_;
	my $address_re;

	# Signal masks.
	if ($line =~ '^SigBlk:' or
	    $line =~ '^SigIgn:' or
	    $line =~ '^SigCgt:') {
		return 0;
	}

	if ($line =~ '\bKEY=[[:xdigit:]]{14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b' or
	    $line =~ '\b[[:xdigit:]]{14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b') {
		return 0;
	}

	$address_re = get_address_re();
	while (/($address_re)/g) {
		if (!is_false_positive($1)) {
			return 1;
		}
	}

	return 0;
}

sub get_address_re
{
	if (is_x86_64()) {
		return get_x86_64_re();
	} elsif (is_ppc64()) {
		return '\b(0x)?[89abcdef]00[[:xdigit:]]{13}\b';
	}
}

sub get_x86_64_re
{
	# We handle page table levels but only if explicitly configured using
	# CONFIG_PGTABLE_LEVELS.  If config file parsing fails or config option
	# is not found we default to using address regular expression suitable
	# for 4 page table levels.
	state $ptl = get_kernel_config_option('CONFIG_PGTABLE_LEVELS');

	if ($ptl == 5) {
		return '\b(0x)?ff[[:xdigit:]]{14}\b';
	}
	return '\b(0x)?ffff[[:xdigit:]]{12}\b';
}

sub parse_dmesg
{
	open my $cmd, '-|', 'dmesg';
	while (<$cmd>) {
		if (may_leak_address($_)) {
			print 'dmesg: ' . $_;
		}
	}
	close $cmd;
}

# True if we should skip this path.
sub skip
{
	my ($path, $paths_abs, $paths_any) = @_;

	foreach (@$paths_abs) {
		return 1 if (/^$path$/);
	}

	my($filename, $dirs, $suffix) = fileparse($path);
	foreach (@$paths_any) {
		return 1 if (/^$filename$/);
	}

	return 0;
}

sub skip_parse
{
	my ($path) = @_;
	return skip($path, \@skip_parse_files_abs, \@skip_parse_files_any);
}

sub timed_parse_file
{
	my ($file) = @_;

	eval {
		local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required.
		alarm $TIMEOUT;
		parse_file($file);
		alarm 0;
	};

	if ($@) {
		die unless $@ eq "alarm\n";	# Propagate unexpected errors.
		printf STDERR "timed out parsing: %s\n", $file;
	}
}

sub parse_file
{
	my ($file) = @_;

	if (! -R $file) {
		return;
	}

	if (skip_parse($file)) {
		dprint "skipping file: $file\n";
		return;
	}
	dprint "parsing: $file\n";

	open my $fh, "<", $file or return;
	while ( <$fh> ) {
		if (may_leak_address($_)) {
			print $file . ': ' . $_;
		}
	}
	close $fh;
}


# True if we should skip walking this directory.
sub skip_walk
{
	my ($path) = @_;
	return skip($path, \@skip_walk_dirs_abs, \@skip_walk_dirs_any)
}

# Recursively walk directory tree.
sub walk
{
	my @dirs = @_;

	while (my $pwd = shift @dirs) {
		next if (skip_walk($pwd));
		next if (!opendir(DIR, $pwd));
		my @files = readdir(DIR);
		closedir(DIR);

		foreach my $file (@files) {
			next if ($file eq '.' or $file eq '..');

			my $path = "$pwd/$file";
			next if (-l $path);

			if (-d $path) {
				push @dirs, $path;
			} else {
				timed_parse_file($path);
			}
		}
	}
}

sub format_output
{
	my ($file) = @_;

	# Default is to show raw results.
	if ($raw or (!$squash_by_path and !$squash_by_filename)) {
		dump_raw_output($file);
		return;
	}

	my ($total, $dmesg, $paths, $files) = parse_raw_file($file);

	printf "\nTotal number of results from scan (incl dmesg): %d\n", $total;

	if (!$suppress_dmesg) {
		print_dmesg($dmesg);
	}

	if ($squash_by_filename) {
		squash_by($files, 'filename');
	}

	if ($squash_by_path) {
		squash_by($paths, 'path');
	}
}

sub dump_raw_output
{
	my ($file) = @_;

	open (my $fh, '<', $file) or die "$0: $file: $!\n";
	while (<$fh>) {
		if ($suppress_dmesg) {
			if ("dmesg:" eq substr($_, 0, 6)) {
				next;
			}
		}
		print $_;
	}
	close $fh;
}

sub parse_raw_file
{
	my ($file) = @_;

	my $total = 0;          # Total number of lines parsed.
	my @dmesg;              # dmesg output.
	my %files;              # Unique filenames containing leaks.
	my %paths;              # Unique paths containing leaks.

	open (my $fh, '<', $file) or die "$0: $file: $!\n";
	while (my $line = <$fh>) {
		$total++;

		if ("dmesg:" eq substr($line, 0, 6)) {
			push @dmesg, $line;
			next;
		}

		cache_path(\%paths, $line);
		cache_filename(\%files, $line);
	}

	return $total, \@dmesg, \%paths, \%files;
}

sub print_dmesg
{
	my ($dmesg) = @_;

	print "\ndmesg output:\n";

	if (@$dmesg == 0) {
		print "<no results>\n";
		return;
	}

	foreach(@$dmesg) {
		my $index = index($_, ': ');
		$index += 2;    # skid ': '
		print substr($_, $index);
	}
}

sub squash_by
{
	my ($ref, $desc) = @_;

	print "\nResults squashed by $desc (excl dmesg). ";
	print "Displaying [<number of results> <$desc>], <example result>\n";

	if (keys %$ref == 0) {
		print "<no results>\n";
		return;
	}

	foreach(keys %$ref) {
		my $lines = $ref->{$_};
		my $length = @$lines;
		printf "[%d %s] %s", $length, $_, @$lines[0];
	}
}

sub cache_path
{
	my ($paths, $line) = @_;

	my $index = index($line, ': ');
	my $path = substr($line, 0, $index);

	$index += 2;            # skip ': '
	add_to_cache($paths, $path, substr($line, $index));
}

sub cache_filename
{
	my ($files, $line) = @_;

	my $index = index($line, ': ');
	my $path = substr($line, 0, $index);
	my $filename = basename($path);

	$index += 2;            # skip ': '
	add_to_cache($files, $filename, substr($line, $index));
}

sub add_to_cache
{
	my ($cache, $key, $value) = @_;

	if (!$cache->{$key}) {
		$cache->{$key} = ();
	}
	push @{$cache->{$key}}, $value;
}
Commit	Line	Data
136fc5c4 TH	1	#!/usr/bin/env perl
	2	#
	3	# (c) 2017 Tobin C. Harding <me@tobin.cc>
	4	# Licensed under the terms of the GNU GPL License version 2
	5	#
	6	# leaking_addresses.pl: Scan 64 bit kernel for potential leaking addresses.
	7	# - Scans dmesg output.
	8	# - Walks directory tree and parses each file (for each directory in @DIRS).
	9	#
136fc5c4 TH	10	# Use --debug to output path before parsing, this is useful to find files that
136fc5c4 TH	11	# cause the script to choke.
136fc5c4 TH	12
	13	use warnings;
	14	use strict;
	15	use POSIX;
	16	use File::Basename;
	17	use File::Spec;
	18	use Cwd 'abs_path';
	19	use Term::ANSIColor qw(:constants);
	20	use Getopt::Long qw(:config no_auto_abbrev);
62139c12	21	use Config;
87e37588	22	use bigint qw/hex/;
2f042c93	23	use feature 'state';
136fc5c4 TH	24
	25	my $P = $0;
	26	my $V = '0.01';
	27
	28	# Directories to scan.
	29	my @DIRS = ('/proc', '/sys');
	30
dd98c252 TH	31	# Timer for parsing each file, in seconds.
	32	my $TIMEOUT = 10;
	33
62139c12 TH	34	# Script can only grep for kernel addresses on the following architectures. If
	35	# your architecture is not listed here and has a grep'able kernel address please
	36	# consider submitting a patch.
	37	my @SUPPORTED_ARCHITECTURES = ('x86_64', 'ppc64');
	38
136fc5c4 TH	39	# Command line options.
	40	my $help = 0;
	41	my $debug = 0;
d09bd8da TH	42	my $raw = 0;
	43	my $output_raw = ""; # Write raw results to file.
	44	my $input_raw = ""; # Read raw results from file instead of scanning.
d09bd8da TH	45	my $suppress_dmesg = 0; # Don't show dmesg in output.
	46	my $squash_by_path = 0; # Summary report grouped by absolute path.
	47	my $squash_by_filename = 0; # Summary report grouped by filename.
f9d2a42d	48	my $kernel_config_file = ""; # Kernel configuration file.
136fc5c4 TH	49
	50	# Do not parse these files (absolute path).
	51	my @skip_parse_files_abs = ('/proc/kmsg',
	52	'/proc/kcore',
	53	'/proc/fs/ext4/sdb1/mb_groups',
	54	'/proc/1/fd/3',
1c1e3be0 TH	55	'/sys/firmware/devicetree',
1c1e3be0 TH	56	'/proc/device-tree',
136fc5c4 TH	57	'/sys/kernel/debug/tracing/trace_pipe',
	58	'/sys/kernel/security/apparmor/revision');
	59
a284733e	60	# Do not parse these files under any subdirectory.
136fc5c4 TH	61	my @skip_parse_files_any = ('0',
	62	'1',
	63	'2',
	64	'pagemap',
	65	'events',
	66	'access',
	67	'registers',
	68	'snapshot_raw',
	69	'trace_pipe_raw',
	70	'ptmx',
	71	'trace_pipe');
	72
	73	# Do not walk these directories (absolute path).
	74	my @skip_walk_dirs_abs = ();
	75
	76	# Do not walk these directories under any subdirectory.
	77	my @skip_walk_dirs_any = ('self',
	78	'thread-self',
	79	'cwd',
	80	'fd',
1c1e3be0	81	'usbmon',
136fc5c4 TH	82	'stderr',
	83	'stdin',
	84	'stdout');
	85
	86	sub help
	87	{
	88	my ($exitcode) = @_;
	89
	90	print << "EOM";
d09bd8da	91
136fc5c4 TH	92	Usage: $P [OPTIONS]
	93	Version: $V
	94
	95	Options:
	96
15d60a35 TH	97	-o, --output-raw=<file> Save results for future processing.
	98	-i, --input-raw=<file> Read results from file instead of scanning.
	99	--raw Show raw results (default).
	100	--suppress-dmesg Do not show dmesg results.
	101	--squash-by-path Show one result per unique path.
	102	--squash-by-filename Show one result per unique filename.
f9d2a42d	103	--kernel-config-file=<file> Kernel configuration file (e.g /boot/config)
15d60a35 TH	104	-d, --debug Display debugging output.
15d60a35 TH	105	-h, --help, --version Display this help and exit.
d09bd8da	106
136fc5c4 TH	107	Scans the running (64 bit) kernel for potential leaking addresses.
	108
	109	EOM
	110	exit($exitcode);
	111	}
	112
	113	GetOptions(
136fc5c4 TH	114	'd\|debug' => \$debug,
136fc5c4 TH	115	'h\|help' => \$help,
d09bd8da TH	116	'version' => \$help,
	117	'o\|output-raw=s' => \$output_raw,
	118	'i\|input-raw=s' => \$input_raw,
	119	'suppress-dmesg' => \$suppress_dmesg,
	120	'squash-by-path' => \$squash_by_path,
	121	'squash-by-filename' => \$squash_by_filename,
	122	'raw' => \$raw,
f9d2a42d	123	'kernel-config-file=s' => \$kernel_config_file,
136fc5c4 TH	124	) or help(1);
	125
	126	help(0) if ($help);
	127
d09bd8da TH	128	if ($input_raw) {
	129	format_output($input_raw);
	130	exit(0);
	131	}
	132
	133	if (!$input_raw and ($squash_by_path or $squash_by_filename)) {
	134	printf "\nSummary reporting only available with --input-raw=<file>\n";
	135	printf "(First run scan with --output-raw=<file>.)\n";
	136	exit(128);
	137	}
	138
62139c12 TH	139	if (!is_supported_architecture()) {
	140	printf "\nScript does not support your architecture, sorry.\n";
	141	printf "\nCurrently we support: \n\n";
	142	foreach(@SUPPORTED_ARCHITECTURES) {
	143	printf "\t%s\n", $_;
	144	}
6efb7458	145	printf("\n");
62139c12	146
6efb7458 TH	147	my $archname = `uname -m`;
6efb7458 TH	148	printf("Machine hardware name (`uname -m`): %s\n", $archname);
62139c12 TH	149
	150	exit(129);
	151	}
	152
d09bd8da TH	153	if ($output_raw) {
	154	open my $fh, '>', $output_raw or die "$0: $output_raw: $!\n";
	155	select $fh;
	156	}
	157
136fc5c4 TH	158	parse_dmesg();
	159	walk(@DIRS);
	160
	161	exit 0;
	162
136fc5c4 TH	163	sub dprint
	164	{
	165	printf(STDERR @_) if $debug;
	166	}
	167
62139c12 TH	168	sub is_supported_architecture
	169	{
	170	return (is_x86_64() or is_ppc64());
	171	}
	172
5eb0da05	173	sub is_arch
62139c12	174	{
5eb0da05 TH	175	my ($desc) = @_;
	176	my $arch = `uname -m`;
	177
	178	chomp $arch;
	179	if ($arch eq $desc) {
	180	return 1;
	181	}
	182	return 0;
	183	}
62139c12	184
5eb0da05 TH	185	sub is_x86_64
	186	{
	187	return is_arch('x86_64');
62139c12 TH	188	}
	189
	190	sub is_ppc64
	191	{
5eb0da05	192	return is_arch('ppc64');
62139c12 TH	193	}
62139c12 TH	194
f9d2a42d TH	195	# Gets config option value from kernel config file.
	196	# Returns "" on error or if config option not found.
	197	sub get_kernel_config_option
	198	{
	199	my ($option) = @_;
	200	my $value = "";
	201	my $tmp_file = "";
	202	my @config_files;
	203
	204	# Allow --kernel-config-file to override.
	205	if ($kernel_config_file ne "") {
	206	@config_files = ($kernel_config_file);
	207	} elsif (-R "/proc/config.gz") {
	208	my $tmp_file = "/tmp/tmpkconf";
	209
	210	if (system("gunzip < /proc/config.gz > $tmp_file")) {
	211	dprint "$0: system(gunzip < /proc/config.gz) failed\n";
	212	return "";
	213	} else {
	214	@config_files = ($tmp_file);
	215	}
	216	} else {
	217	my $file = '/boot/config-' . `uname -r`;
	218	chomp $file;
	219	@config_files = ($file, '/boot/config');
	220	}
	221
	222	foreach my $file (@config_files) {
	223	dprint("parsing config file: %s\n", $file);
	224	$value = option_from_file($option, $file);
	225	if ($value ne "") {
	226	last;
	227	}
	228	}
	229
	230	if ($tmp_file ne "") {
	231	system("rm -f $tmp_file");
	232	}
	233
	234	return $value;
	235	}
	236
	237	# Parses $file and returns kernel configuration option value.
	238	sub option_from_file
	239	{
	240	my ($option, $file) = @_;
	241	my $str = "";
	242	my $val = "";
	243
	244	open(my $fh, "<", $file) or return "";
	245	while (my $line = <$fh> ) {
	246	if ($line =~ /^$option/) {
	247	($str, $val) = split /=/, $line;
	248	chomp $val;
	249	last;
	250	}
	251	}
	252
	253	close $fh;
	254	return $val;
	255	}
	256
136fc5c4 TH	257	sub is_false_positive
136fc5c4 TH	258	{
7e5758f7 TH	259	my ($match) = @_;
	260
	261	if ($match =~ '\b(0x)?(f\|F){16}\b' or
	262	$match =~ '\b(0x)?0{16}\b') {
	263	return 1;
	264	}
136fc5c4	265
87e37588 TH	266	if (is_x86_64() and is_in_vsyscall_memory_region($match)) {
87e37588 TH	267	return 1;
7e5758f7	268	}
136fc5c4	269
7e5758f7	270	return 0;
136fc5c4 TH	271	}
136fc5c4 TH	272
87e37588 TH	273	sub is_in_vsyscall_memory_region
	274	{
	275	my ($match) = @_;
	276
	277	my $hex = hex($match);
	278	my $region_min = hex("0xffffffffff600000");
	279	my $region_max = hex("0xffffffffff601000");
	280
	281	return ($hex >= $region_min and $hex <= $region_max);
	282	}
	283
136fc5c4 TH	284	# True if argument potentially contains a kernel address.
	285	sub may_leak_address
	286	{
7e5758f7	287	my ($line) = @_;
62139c12	288	my $address_re;
136fc5c4	289
7e5758f7 TH	290	# Signal masks.
7e5758f7 TH	291	if ($line =~ '^SigBlk:' or
a11949ec	292	$line =~ '^SigIgn:' or
7e5758f7 TH	293	$line =~ '^SigCgt:') {
	294	return 0;
	295	}
136fc5c4	296
7e5758f7 TH	297	if ($line =~ '\bKEY=[[:xdigit:]]{14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b' or
7e5758f7 TH	298	$line =~ '\b[[:xdigit:]]{14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b') {
136fc5c4	299	return 0;
7e5758f7	300	}
136fc5c4	301
2f042c93	302	$address_re = get_address_re();
62139c12	303	while (/($address_re)/g) {
7e5758f7 TH	304	if (!is_false_positive($1)) {
	305	return 1;
	306	}
	307	}
136fc5c4	308
7e5758f7	309	return 0;
136fc5c4 TH	310	}
136fc5c4 TH	311
2f042c93 TH	312	sub get_address_re
	313	{
	314	if (is_x86_64()) {
	315	return get_x86_64_re();
	316	} elsif (is_ppc64()) {
	317	return '\b(0x)?[89abcdef]00[[:xdigit:]]{13}\b';
	318	}
	319	}
	320
	321	sub get_x86_64_re
	322	{
	323	# We handle page table levels but only if explicitly configured using
	324	# CONFIG_PGTABLE_LEVELS. If config file parsing fails or config option
	325	# is not found we default to using address regular expression suitable
	326	# for 4 page table levels.
	327	state $ptl = get_kernel_config_option('CONFIG_PGTABLE_LEVELS');
	328
	329	if ($ptl == 5) {
	330	return '\b(0x)?ff[[:xdigit:]]{14}\b';
	331	}
	332	return '\b(0x)?ffff[[:xdigit:]]{12}\b';
	333	}
	334
136fc5c4 TH	335	sub parse_dmesg
	336	{
	337	open my $cmd, '-\|', 'dmesg';
	338	while (<$cmd>) {
	339	if (may_leak_address($_)) {
	340	print 'dmesg: ' . $_;
	341	}
	342	}
	343	close $cmd;
	344	}
	345
	346	# True if we should skip this path.
	347	sub skip
	348	{
	349	my ($path, $paths_abs, $paths_any) = @_;
	350
	351	foreach (@$paths_abs) {
	352	return 1 if (/^$path$/);
	353	}
	354
	355	my($filename, $dirs, $suffix) = fileparse($path);
	356	foreach (@$paths_any) {
	357	return 1 if (/^$filename$/);
	358	}
	359
	360	return 0;
	361	}
	362
	363	sub skip_parse
	364	{
	365	my ($path) = @_;
	366	return skip($path, \@skip_parse_files_abs, \@skip_parse_files_any);
	367	}
	368
dd98c252 TH	369	sub timed_parse_file
	370	{
	371	my ($file) = @_;
	372
	373	eval {
	374	local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required.
	375	alarm $TIMEOUT;
	376	parse_file($file);
	377	alarm 0;
	378	};
	379
	380	if ($@) {
	381	die unless $@ eq "alarm\n"; # Propagate unexpected errors.
	382	printf STDERR "timed out parsing: %s\n", $file;
	383	}
	384	}
	385
136fc5c4 TH	386	sub parse_file
	387	{
	388	my ($file) = @_;
	389
	390	if (! -R $file) {
	391	return;
	392	}
	393
	394	if (skip_parse($file)) {
	395	dprint "skipping file: $file\n";
	396	return;
	397	}
	398	dprint "parsing: $file\n";
	399
	400	open my $fh, "<", $file or return;
	401	while ( <$fh> ) {
	402	if (may_leak_address($_)) {
	403	print $file . ': ' . $_;
	404	}
	405	}
	406	close $fh;
	407	}
	408
	409
	410	# True if we should skip walking this directory.
	411	sub skip_walk
	412	{
	413	my ($path) = @_;
	414	return skip($path, \@skip_walk_dirs_abs, \@skip_walk_dirs_any)
	415	}
	416
	417	# Recursively walk directory tree.
	418	sub walk
	419	{
	420	my @dirs = @_;
136fc5c4 TH	421
	422	while (my $pwd = shift @dirs) {
	423	next if (skip_walk($pwd));
	424	next if (!opendir(DIR, $pwd));
	425	my @files = readdir(DIR);
	426	closedir(DIR);
	427
	428	foreach my $file (@files) {
	429	next if ($file eq '.' or $file eq '..');
	430
	431	my $path = "$pwd/$file";
	432	next if (-l $path);
	433
	434	if (-d $path) {
	435	push @dirs, $path;
	436	} else {
dd98c252	437	timed_parse_file($path);
136fc5c4 TH	438	}
	439	}
	440	}
	441	}
d09bd8da TH	442
	443	sub format_output
	444	{
	445	my ($file) = @_;
	446
	447	# Default is to show raw results.
	448	if ($raw or (!$squash_by_path and !$squash_by_filename)) {
	449	dump_raw_output($file);
	450	return;
	451	}
	452
	453	my ($total, $dmesg, $paths, $files) = parse_raw_file($file);
	454
	455	printf "\nTotal number of results from scan (incl dmesg): %d\n", $total;
	456
	457	if (!$suppress_dmesg) {
	458	print_dmesg($dmesg);
	459	}
	460
	461	if ($squash_by_filename) {
	462	squash_by($files, 'filename');
	463	}
	464
	465	if ($squash_by_path) {
	466	squash_by($paths, 'path');
	467	}
	468	}
	469
	470	sub dump_raw_output
	471	{
	472	my ($file) = @_;
	473
	474	open (my $fh, '<', $file) or die "$0: $file: $!\n";
	475	while (<$fh>) {
	476	if ($suppress_dmesg) {
	477	if ("dmesg:" eq substr($_, 0, 6)) {
	478	next;
	479	}
	480	}
	481	print $_;
	482	}
	483	close $fh;
	484	}
	485
	486	sub parse_raw_file
	487	{
	488	my ($file) = @_;
	489
	490	my $total = 0; # Total number of lines parsed.
	491	my @dmesg; # dmesg output.
	492	my %files; # Unique filenames containing leaks.
	493	my %paths; # Unique paths containing leaks.
	494
	495	open (my $fh, '<', $file) or die "$0: $file: $!\n";
	496	while (my $line = <$fh>) {
	497	$total++;
	498
	499	if ("dmesg:" eq substr($line, 0, 6)) {
	500	push @dmesg, $line;
	501	next;
	502	}
	503
	504	cache_path(\%paths, $line);
	505	cache_filename(\%files, $line);
506	}
507
508	return $total, \@dmesg, \%paths, \%files;
509	}
510
511	sub print_dmesg
512	{
513	my ($dmesg) = @_;
514
515	print "\ndmesg output:\n";
516
517	if (@$dmesg == 0) {
518	print "<no results>\n";
519	return;
520	}
521
522	foreach(@$dmesg) {
523	my $index = index($_, ': ');
524	$index += 2; # skid ': '
525	print substr($_, $index);
526	}
527	}
528
529	sub squash_by
530	{
531	my ($ref, $desc) = @_;
532
533	print "\nResults squashed by $desc (excl dmesg). ";
534	print "Displaying [<number of results> <$desc>], <example result>\n";
535
536	if (keys %$ref == 0) {
537	print "<no results>\n";
538	return;
539	}
540
541	foreach(keys %$ref) {
542	my $lines = $ref->{$_};
543	my $length = @$lines;
544	printf "[%d %s] %s", $length, $_, @$lines[0];
545	}
546	}
547
548	sub cache_path
549	{
550	my ($paths, $line) = @_;
551
552	my $index = index($line, ': ');
553	my $path = substr($line, 0, $index);
554
555	$index += 2; # skip ': '
556	add_to_cache($paths, $path, substr($line, $index));
557	}
558
559	sub cache_filename
560	{
561	my ($files, $line) = @_;
562
563	my $index = index($line, ': ');
564	my $path = substr($line, 0, $index);
565	my $filename = basename($path);
566
567	$index += 2; # skip ': '
568	add_to_cache($files, $filename, substr($line, $index));
569	}
570
571	sub add_to_cache
572	{
573	my ($cache, $key, $value) = @_;
574
575	if (!$cache->{$key}) {
576	$cache->{$key} = ();
577	}
578	push @{$cache->{$key}}, $value;
579	}