Fix: bytecode interpreter: LOAD_FIELD: handle user fields
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Thu, 29 Sep 2022 19:54:41 +0000 (15:54 -0400)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Thu, 29 Sep 2022 21:01:54 +0000 (17:01 -0400)
commitc89271d467715e782b76a87c8e26859ec04d9aff
tree846e2624ef1a11c83d58d817caa69fa354fdde1e
parent31afaf8b83ef975697fe6370daa4e0262ec0ca24
Fix: bytecode interpreter: LOAD_FIELD: handle user fields

The instructions for recursive traversal through composed types
are used by the filter expressions which access fields nested within
composed types.

Instructions BYTECODE_OP_LOAD_FIELD_STRING and
BYTECODE_OP_LOAD_FIELD_SEQUENCE were leaving the "user" attribute
uninitialized. Initialize those to 0.

The handling of userspace strings and integers is missing in LOAD_FIELD
instructions. Therefore, ensure that the specialization leaves the
generic LOAD_FIELD instruction in place for userspace input.

Add a "user" attribute to:
- struct bytecode_get_index_data elem field (produced by the
  specialization),
- struct vstack_load used by the specialization,
- struct load_ptr used by the interpreter.

Use this "user" attribute in dynamic_load_field() for integer, string
and string_sequence object types to ensure that the proper
userspace-aware accesses are performed when loading those fields.

This prevents events with userspace input arguments (e.g. pipe2 system
call fildes field) from oopsing the kernel or reading arbitrary kernel
memory when used by the filter bytecode.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: Id9c373ff1a70e162ba913e5592437249a4947c96
lttng-filter-interpreter.c
lttng-filter-specialize.c
lttng-filter.h
This page took 0.026611 seconds and 4 git commands to generate.