From 06a1fc639b10b40c0ffc412f3fb663632e42dae6 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Thu, 4 Jul 2024 11:22:23 -0400 Subject: [PATCH] kvm instrumentation: Fix kvm_mmio event NULL pointer dereference Upstream Linux commit e39d200fa5bf ("KVM: Fix stack-out-of-bounds read in write_mmio") introduce a NULL pointer check within TP_fast_assign(). lttng-modules commit 33630522da97 ("Update kvm instrumentation for 4.15") introduce use of: ctf_sequence_hex(unsigned char, val, val, u32, len) without the required NULL pointer check, which can trigger NULL pointer dereference in case of unsatisfied MMIO read. Add the missing NULL pointer check. Record a sequence of length 0 in the trace when the val pointer is NULL. Reported-by: Fahad Arslan Signed-off-by: Mathieu Desnoyers Change-Id: I51a171a56af96e2cf68dba73f7eb473dd6c0ba0e --- include/instrumentation/events/kvm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/instrumentation/events/kvm.h b/include/instrumentation/events/kvm.h index a0d33889..29f85fe3 100644 --- a/include/instrumentation/events/kvm.h +++ b/include/instrumentation/events/kvm.h @@ -91,7 +91,7 @@ LTTNG_TRACEPOINT_EVENT(kvm_mmio, ctf_integer(u32, type, type) ctf_integer(u32, len, len) ctf_integer(u64, gpa, gpa) - ctf_sequence_hex(unsigned char, val, val, u32, len) + ctf_sequence_hex(unsigned char, val, val, u32, val != NULL ? len : 0) ) ) -- 2.34.1