Commit 2ad74293 authored by Tobin C. Harding's avatar Tobin C. Harding

leaking_addresses: skip '/proc/1/syscall'

The pointers listed in /proc/1/syscall are user pointers, and negative
syscall args will show up like kernel addresses.

For example

/proc/31808/syscall: 0 0x3 0x55b107a38180 0x2000 0xffffffffffffffb0 \
0x55b107a302d0 0x55b107a38180 0x7fffa313b8e8 0x7ff098560d11

Skip parsing /proc/1/syscall
Suggested-by: 's avatarTycho Andersen <tycho@tycho.ws>
Signed-off-by: 's avatarTobin C. Harding <me@tobin.cc>
parent 472c9e10
......@@ -60,6 +60,7 @@ my $page_offset_32bit = 0; # Page offset for 32-bit kernel.
my @skip_abs = (
'/proc/kmsg',
'/proc/device-tree',
'/proc/1/syscall',
'/sys/firmware/devicetree',
'/sys/kernel/debug/tracing/trace_pipe',
'/sys/kernel/security/apparmor/revision');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment