]> git.lttng.org Git - lttng-modules.git/commitdiff
kvm instrumentation: Fix kvm_mmio event NULL pointer dereference
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Thu, 4 Jul 2024 15:22:23 +0000 (11:22 -0400)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Thu, 4 Jul 2024 15:31:04 +0000 (11:31 -0400)
Upstream Linux commit e39d200fa5bf ("KVM: Fix stack-out-of-bounds read
in write_mmio") introduce a NULL pointer check within TP_fast_assign().

lttng-modules commit 33630522da97 ("Update kvm instrumentation for 4.15")
introduce use of:

  ctf_sequence_hex(unsigned char, val, val, u32, len)

without the required NULL pointer check, which can trigger NULL pointer
dereference in case of unsatisfied MMIO read.

Add the missing NULL pointer check. Record a sequence of length 0 in the
trace when the val pointer is NULL.

Reported-by: Fahad Arslan <fahad.arslan@siemens.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: I51a171a56af96e2cf68dba73f7eb473dd6c0ba0e

include/instrumentation/events/kvm.h

index 3df389674cec86e5f67c02a0bddaf37c62b23ddd..ec93a6357b9fa5a15a0542276e7f48b8a1994526 100644 (file)
@@ -119,7 +119,7 @@ LTTNG_TRACEPOINT_EVENT(kvm_mmio,
                ctf_integer(u32, type, type)
                ctf_integer(u32, len, len)
                ctf_integer(u64, gpa, gpa)
-               ctf_sequence_hex(unsigned char, val, val, u32, len)
+               ctf_sequence_hex(unsigned char, val, val, u32, val != NULL ? len : 0)
        )
 )
 
This page took 0.031999 seconds and 4 git commands to generate.