On Tue, Nov 07, 2017 at 09:32:11PM +1100, Tobin C. Harding wrote: > Currently we are leaking addresses from the kernel to user space. This > script is an attempt to find some of those leakages. Script parses > `dmesg` output and /proc and /sys files for hex strings that look like > kernel addresses. > > Only works for 64 bit kernels, the reason being that kernel addresses > on 64 bit kernels have 'ffff' as the leading bit pattern making greping > possible. On 32 kernels we don't have this luxury.
Well, it's not going to work as well as intented on x86 machine with 5-level paging. Kernel address space there starts at 0xff10000000000000. It will still catch pointers to kernel/modules text, but the rest is outside of 0xffff... space. See Documentation/x86/x86_64/mm.txt. Not sure if we care. It won't work too for other 64-bit architectrues that have more than 256TB of virtual address space. Just wanted to point to the limitation. -- Kirill A. Shutemov
