From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Thu, 29 Sep 2022 18:26:27 +0000 (-0400)
Subject: Fix: honor "user" attribute for array/sequence of user integers
X-Git-Tag: v2.13.6~3
X-Git-Url: http://git.liburcu.org/?a=commitdiff_plain;h=0d8dc790c21cc1e72cbb1b1095035ff64b1cffda;p=lttng-modules.git

Fix: honor "user" attribute for array/sequence of user integers

The macro _lttng_kernel_static_type_integer_from_type() should map to
_lttng_kernel_static_type_integer() to pass the "_user" attribute.
Otherwise, userspace fields such as pipe2's system call fildes field (a
ctf_user_array()) can trigger NULL pointer exceptions and read arbitrary
kernel memory if the pipe2 system call receives a bogus pointer as input
while filtering/capture is accessing this field.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: I44276d751b822f214804184d1ce4d9b10b47d89d
---

diff --git a/include/lttng/events.h b/include/lttng/events.h
index 71ad1274..7a448155 100644
--- a/include/lttng/events.h
+++ b/include/lttng/events.h
@@ -163,11 +163,10 @@ struct lttng_kernel_event_field {
 	_lttng_kernel_static_type_integer(_size, _alignment, _signedness, _byte_order, 1, _base)
 
 #define _lttng_kernel_static_type_integer_from_type(_type, _byte_order, _user, _base)			\
-	lttng_kernel_static_type_integer(sizeof(_type) * CHAR_BIT,					\
+	_lttng_kernel_static_type_integer(sizeof(_type) * CHAR_BIT,					\
 			lttng_alignof(_type) * CHAR_BIT,						\
 			lttng_is_signed_type(_type),							\
-			_byte_order,									\
-			_base)
+			_byte_order, _user, _base)
 
 #define lttng_kernel_static_type_integer_from_type(_type, _byte_order, _base)				\
 	_lttng_kernel_static_type_integer_from_type(_type, _byte_order, 0, _base)