The "user" attribute (copy from userspace) is not applied to
sequence/array of integer field capture within event notifications. This
could eventually lead to unsafe copy of integers from user-space.
Currently, the only array/sequence of integers which are read from
user-space are the arguments to sys_select (e.g. `readfds` field). Those
are expressed as "custom" fields, which are skipped by the filter and
capture bytecode.
This is therefore not an issue with the current instrumentation, but we
should properly handle this nevertheless.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: Icf0c141d333f63402d8a76051bcd53fcdd5ed8c2
#include <lttng/msgpack.h>
#include <lttng/event-notifier-notification.h>
#include <lttng/events-internal.h>
#include <lttng/msgpack.h>
#include <lttng/event-notifier-notification.h>
#include <lttng/events-internal.h>
+#include <lttng/probe-user.h>
#include <wrapper/barrier.h>
/*
#include <wrapper/barrier.h>
/*
{
int64_t value = 0;
unsigned int size = type->size;
{
int64_t value = 0;
unsigned int size = type->size;
+ bool user = type->user;
bool byte_order_reversed = type->reverse_byte_order;
switch (size) {
case 8:
bool byte_order_reversed = type->reverse_byte_order;
switch (size) {
case 8:
+ {
+ int8_t tmp;
+
+ if (user) {
+ if (lttng_copy_from_user_check_nofault(&tmp, ptr, sizeof(int8_t)))
+ tmp = 0;
+ } else {
+ tmp = *ptr;
+ }
+ value = tmp;
- tmp = *(int16_t *) ptr;
+
+ if (user) {
+ if (lttng_copy_from_user_check_nofault(&tmp, ptr, sizeof(int16_t)))
+ tmp = 0;
+ } else {
+ tmp = *(int16_t *) ptr;
+ }
if (byte_order_reversed)
__swab16s(&tmp);
if (byte_order_reversed)
__swab16s(&tmp);
value = tmp;
break;
}
case 32:
{
int32_t tmp;
value = tmp;
break;
}
case 32:
{
int32_t tmp;
- tmp = *(int32_t *) ptr;
+
+ if (user) {
+ if (lttng_copy_from_user_check_nofault(&tmp, ptr, sizeof(int32_t)))
+ tmp = 0;
+ } else {
+ tmp = *(int32_t *) ptr;
+ }
if (byte_order_reversed)
__swab32s(&tmp);
if (byte_order_reversed)
__swab32s(&tmp);
value = tmp;
break;
}
case 64:
{
int64_t tmp;
value = tmp;
break;
}
case 64:
{
int64_t tmp;
- tmp = *(int64_t *) ptr;
+
+ if (user) {
+ if (lttng_copy_from_user_check_nofault(&tmp, ptr, sizeof(int64_t)))
+ tmp = 0;
+ } else {
+ tmp = *(int64_t *) ptr;
+ }
if (byte_order_reversed)
__swab64s(&tmp);
if (byte_order_reversed)
__swab64s(&tmp);
{
uint64_t value = 0;
unsigned int size = type->size;
{
uint64_t value = 0;
unsigned int size = type->size;
+ bool user = type->user;
bool byte_order_reversed = type->reverse_byte_order;
switch (size) {
case 8:
bool byte_order_reversed = type->reverse_byte_order;
switch (size) {
case 8:
+ {
+ uint8_t tmp;
+
+ if (user) {
+ if (lttng_copy_from_user_check_nofault(&tmp, ptr, sizeof(uint8_t)))
+ tmp = 0;
+ } else {
+ tmp = *ptr;
+ }
+ value = tmp;
- tmp = *(uint16_t *) ptr;
+
+ if (user) {
+ if (lttng_copy_from_user_check_nofault(&tmp, ptr, sizeof(uint16_t)))
+ tmp = 0;
+ } else {
+ tmp = *(uint16_t *) ptr;
+ }
if (byte_order_reversed)
__swab16s(&tmp);
if (byte_order_reversed)
__swab16s(&tmp);
value = tmp;
break;
}
case 32:
{
uint32_t tmp;
value = tmp;
break;
}
case 32:
{
uint32_t tmp;
- tmp = *(uint32_t *) ptr;
+
+ if (user) {
+ if (lttng_copy_from_user_check_nofault(&tmp, ptr, sizeof(uint32_t)))
+ tmp = 0;
+ } else {
+ tmp = *(uint32_t *) ptr;
+ }
if (byte_order_reversed)
__swab32s(&tmp);
if (byte_order_reversed)
__swab32s(&tmp);
value = tmp;
break;
}
case 64:
{
uint64_t tmp;
value = tmp;
break;
}
case 64:
{
uint64_t tmp;
- tmp = *(uint64_t *) ptr;
+
+ if (user) {
+ if (lttng_copy_from_user_check_nofault(&tmp, ptr, sizeof(uint64_t)))
+ tmp = 0;
+ } else {
+ tmp = *(uint64_t *) ptr;
+ }
if (byte_order_reversed)
__swab64s(&tmp);
if (byte_order_reversed)
__swab64s(&tmp);