From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Thu, 4 Jul 2024 15:22:23 +0000 (-0400)
Subject: kvm instrumentation: Fix kvm_mmio event NULL pointer dereference
X-Git-Url: http://git.lttng.org./?a=commitdiff_plain;h=06a1fc639b10b40c0ffc412f3fb663632e42dae6;p=lttng-modules.git

kvm instrumentation: Fix kvm_mmio event NULL pointer dereference

Upstream Linux commit e39d200fa5bf ("KVM: Fix stack-out-of-bounds read
in write_mmio") introduce a NULL pointer check within TP_fast_assign().

lttng-modules commit 33630522da97 ("Update kvm instrumentation for 4.15")
introduce use of:

  ctf_sequence_hex(unsigned char, val, val, u32, len)

without the required NULL pointer check, which can trigger NULL pointer
dereference in case of unsatisfied MMIO read.

Add the missing NULL pointer check. Record a sequence of length 0 in the
trace when the val pointer is NULL.

Reported-by: Fahad Arslan <fahad.arslan@siemens.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: I51a171a56af96e2cf68dba73f7eb473dd6c0ba0e
---

diff --git a/include/instrumentation/events/kvm.h b/include/instrumentation/events/kvm.h
index a0d33889..29f85fe3 100644
--- a/include/instrumentation/events/kvm.h
+++ b/include/instrumentation/events/kvm.h
@@ -91,7 +91,7 @@ LTTNG_TRACEPOINT_EVENT(kvm_mmio,
 		ctf_integer(u32, type, type)
 		ctf_integer(u32, len, len)
 		ctf_integer(u64, gpa, gpa)
-		ctf_sequence_hex(unsigned char, val, val, u32, len)
+		ctf_sequence_hex(unsigned char, val, val, u32, val != NULL ? len : 0)
 	)
 )