From f4d8be02194923a15cdf7949d502553613520997 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Thu, 4 Jul 2024 11:22:23 -0400 Subject: [PATCH] kvm instrumentation: Fix kvm_mmio event NULL pointer dereference Upstream Linux commit e39d200fa5bf ("KVM: Fix stack-out-of-bounds read in write_mmio") introduce a NULL pointer check within TP_fast_assign(). lttng-modules commit 33630522da97 ("Update kvm instrumentation for 4.15") introduce use of: ctf_sequence_hex(unsigned char, val, val, u32, len) without the required NULL pointer check, which can trigger NULL pointer dereference in case of unsatisfied MMIO read. Add the missing NULL pointer check. Record a sequence of length 0 in the trace when the val pointer is NULL. Reported-by: Fahad Arslan Signed-off-by: Mathieu Desnoyers Change-Id: I51a171a56af96e2cf68dba73f7eb473dd6c0ba0e --- instrumentation/events/lttng-module/kvm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instrumentation/events/lttng-module/kvm.h b/instrumentation/events/lttng-module/kvm.h index 814fb613..20e07aad 100644 --- a/instrumentation/events/lttng-module/kvm.h +++ b/instrumentation/events/lttng-module/kvm.h @@ -119,7 +119,7 @@ LTTNG_TRACEPOINT_EVENT(kvm_mmio, ctf_integer(u32, type, type) ctf_integer(u32, len, len) ctf_integer(u64, gpa, gpa) - ctf_sequence_hex(unsigned char, val, val, u32, len) + ctf_sequence_hex(unsigned char, val, val, u32, val != NULL ? len : 0) ) ) -- 2.34.1