leaking_addresses: Ignore input device status lines

kees · kees · commit 3e389d457bad · 2024-02-29T13:38:03.000-08:00
These are false positives from the input subsystem: /proc/bus/input/devices: B: KEY=402000000 3803078f800d001 feffffdfffefffff fffffffffffffffe /sys/devices/platform/i8042/serio0/input/input1/uevent: KEY=402000000 3803078f800d001 feffffdfffefffff fffffffffffffffe /sys/devices/platform/i8042/serio0/input/input1/capabilities/key: 402000000 3803078f800d001 feffffdf Pass in the filename for more context and expand the "ignored pattern" matcher to notice these. Reviewed-by: Tycho Andersen <tandersen@netflix.com> Link: https://lore.kernel.org/r/20240222220053.1475824-3-keescook@chromium.org Signed-off-by: Kees Cook <keescook@chromium.org>
diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl
@@ -284,9 +284,10 @@ sub is_false_positive
 		return is_false_positive_32bit($match);
 	}
 
-	# 64 bit false positives.
-
-	if ($match =~ '\b(0x)?(f|F){16}\b' or
+	# Ignore 64 bit false positives:
+	# 0xfffffffffffffff[0-f]
+	# 0x0000000000000000
+	if ($match =~ '\b(0x)?(f|F){15}[0-9a-f]\b' or
 	    $match =~ '\b(0x)?0{16}\b') {
 		return 1;
 	}
@@ -303,7 +304,7 @@ sub is_false_positive_32bit
        my ($match) = @_;
        state $page_offset = get_page_offset();
 
-       if ($match =~ '\b(0x)?(f|F){8}\b') {
+       if ($match =~ '\b(0x)?(f|F){7}[0-9a-f]\b') {
                return 1;
        }
 
@@ -346,18 +347,23 @@ sub is_in_vsyscall_memory_region
 # True if argument potentially contains a kernel address.
 sub may_leak_address
 {
-	my ($line) = @_;
+	my ($path, $line) = @_;
 	my $address_re;
 
-	# Signal masks.
+	# Ignore Signal masks.
 	if ($line =~ '^SigBlk:' or
 	    $line =~ '^SigIgn:' or
 	    $line =~ '^SigCgt:') {
 		return 0;
 	}
 
-	if ($line =~ '\bKEY=[[:xdigit:]]{14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b' or
-	    $line =~ '\b[[:xdigit:]]{14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b') {
+	# Ignore input device reporting.
+	# /proc/bus/input/devices: B: KEY=402000000 3803078f800d001 feffffdfffefffff fffffffffffffffe
+	# /sys/devices/platform/i8042/serio0/input/input1/uevent: KEY=402000000 3803078f800d001 feffffdfffefffff fffffffffffffffe
+	# /sys/devices/platform/i8042/serio0/input/input1/capabilities/key: 402000000 3803078f800d001 feffffdfffefffff fffffffffffffffe
+	if ($line =~ '\bKEY=[[:xdigit:]]{9,14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b' or
+            ($path =~ '\bkey$' and
+             $line =~ '\b[[:xdigit:]]{9,14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b')) {
 		return 0;
 	}
 
@@ -400,7 +406,7 @@ sub parse_dmesg
 {
 	open my $cmd, '-|', 'dmesg';
 	while (<$cmd>) {
-		if (may_leak_address($_)) {
+		if (may_leak_address("dmesg", $_)) {
 			print 'dmesg: ' . $_;
 		}
 	}
@@ -456,7 +462,7 @@ sub parse_file
 	open my $fh, "<", $file or return;
 	while ( <$fh> ) {
 		chomp;
-		if (may_leak_address($_)) {
+		if (may_leak_address($file, $_)) {
 			printf("$file: $_\n");
 		}
 	}
@@ -468,7 +474,7 @@ sub check_path_for_leaks
 {
 	my ($path) = @_;
 
-	if (may_leak_address($path)) {
+	if (may_leak_address($path, $path)) {
 		printf("Path name may contain address: $path\n");
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -284,9 +284,10 @@ sub is_false_positive`
`284`	`284`	`return is_false_positive_32bit($match);`
`285`	`285`	`}`
`286`	`286`
`287`		`- # 64 bit false positives.`
`288`		`-`
`289`		`- if ($match =~ '\b(0x)?(f\|F){16}\b' or`
	`287`	`+ # Ignore 64 bit false positives:`
	`288`	`+ # 0xfffffffffffffff[0-f]`
	`289`	`+ # 0x0000000000000000`
	`290`	`+ if ($match =~ '\b(0x)?(f\|F){15}[0-9a-f]\b' or`
`290`	`291`	`$match =~ '\b(0x)?0{16}\b') {`
`291`	`292`	`return 1;`
`292`	`293`	`}`
`@@ -303,7 +304,7 @@ sub is_false_positive_32bit`
`303`	`304`	`my ($match) = @_;`
`304`	`305`	`state $page_offset = get_page_offset();`
`305`	`306`
`306`		`- if ($match =~ '\b(0x)?(f\|F){8}\b') {`
	`307`	`+ if ($match =~ '\b(0x)?(f\|F){7}[0-9a-f]\b') {`
`307`	`308`	`return 1;`
`308`	`309`	`}`
`309`	`310`
`@@ -346,18 +347,23 @@ sub is_in_vsyscall_memory_region`
`346`	`347`	`# True if argument potentially contains a kernel address.`
`347`	`348`	`sub may_leak_address`
`348`	`349`	`{`
`349`		`- my ($line) = @_;`
	`350`	`+ my ($path, $line) = @_;`
`350`	`351`	`my $address_re;`
`351`	`352`
`352`		`- # Signal masks.`
	`353`	`+ # Ignore Signal masks.`
`353`	`354`	`if ($line =~ '^SigBlk:' or`
`354`	`355`	`$line =~ '^SigIgn:' or`
`355`	`356`	`$line =~ '^SigCgt:') {`
`356`	`357`	`return 0;`
`357`	`358`	`}`
`358`	`359`
`359`		`- if ($line =~ '\bKEY=[[:xdigit:]]{14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b' or`
`360`		`- $line =~ '\b[[:xdigit:]]{14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b') {`
	`360`	`+ # Ignore input device reporting.`
	`361`	`+ # /proc/bus/input/devices: B: KEY=402000000 3803078f800d001 feffffdfffefffff fffffffffffffffe`
	`362`	`+ # /sys/devices/platform/i8042/serio0/input/input1/uevent: KEY=402000000 3803078f800d001 feffffdfffefffff fffffffffffffffe`
	`363`	`+ # /sys/devices/platform/i8042/serio0/input/input1/capabilities/key: 402000000 3803078f800d001 feffffdfffefffff fffffffffffffffe`
	`364`	`+ if ($line =~ '\bKEY=[[:xdigit:]]{9,14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b' or`
	`365`	`+ ($path =~ '\bkey$' and`
	`366`	`+ $line =~ '\b[[:xdigit:]]{9,14} [[:xdigit:]]{16} [[:xdigit:]]{16}\b')) {`
`361`	`367`	`return 0;`
`362`	`368`	`}`
`363`	`369`
`@@ -400,7 +406,7 @@ sub parse_dmesg`
`400`	`406`	`{`
`401`	`407`	`open my $cmd, '-\|', 'dmesg';`
`402`	`408`	`while (<$cmd>) {`
`403`		`- if (may_leak_address($_)) {`
	`409`	`+ if (may_leak_address("dmesg", $_)) {`
`404`	`410`	`print 'dmesg: ' . $_;`
`405`	`411`	`}`
`406`	`412`	`}`
`@@ -456,7 +462,7 @@ sub parse_file`
`456`	`462`	`open my $fh, "<", $file or return;`
`457`	`463`	`while ( <$fh> ) {`
`458`	`464`	`chomp;`
`459`		`- if (may_leak_address($_)) {`
	`465`	`+ if (may_leak_address($file, $_)) {`
`460`	`466`	`printf("$file: $_\n");`
`461`	`467`	`}`
`462`	`468`	`}`
`@@ -468,7 +474,7 @@ sub check_path_for_leaks`
`468`	`474`	`{`
`469`	`475`	`my ($path) = @_;`
`470`	`476`
`471`		`- if (may_leak_address($path)) {`
	`477`	`+ if (may_leak_address($path, $path)) {`
`472`	`478`	`printf("Path name may contain address: $path\n");`
`473`	`479`	`}`
`474`	`480`	`}`