From a4e692df24f680ace02d8d7a0e98f5b8efcbbced Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Thu, 4 Jul 2024 11:22:23 -0400 Subject: [PATCH] kvm instrumentation: Fix kvm_mmio event NULL pointer dereference Upstream Linux commit e39d200fa5bf ("KVM: Fix stack-out-of-bounds read in write_mmio") introduce a NULL pointer check within TP_fast_assign(). lttng-modules commit 33630522da97 ("Update kvm instrumentation for 4.15") introduce use of: ctf_sequence_hex(unsigned char, val, val, u32, len) without the required NULL pointer check, which can trigger NULL pointer dereference in case of unsatisfied MMIO read. Add the missing NULL pointer check. Record a sequence of length 0 in the trace when the val pointer is NULL. Reported-by: Fahad Arslan Signed-off-by: Mathieu Desnoyers Change-Id: I51a171a56af96e2cf68dba73f7eb473dd6c0ba0e --- include/instrumentation/events/kvm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/instrumentation/events/kvm.h b/include/instrumentation/events/kvm.h index 3df38967..ec93a635 100644 --- a/include/instrumentation/events/kvm.h +++ b/include/instrumentation/events/kvm.h @@ -119,7 +119,7 @@ LTTNG_TRACEPOINT_EVENT(kvm_mmio, ctf_integer(u32, type, type) ctf_integer(u32, len, len) ctf_integer(u64, gpa, gpa) - ctf_sequence_hex(unsigned char, val, val, u32, len) + ctf_sequence_hex(unsigned char, val, val, u32, val != NULL ? len : 0) ) ) -- 2.34.1