From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Thu, 29 Sep 2022 19:54:41 +0000 (-0400)
Subject: Fix: bytecode interpreter: LOAD_FIELD: handle user fields
X-Git-Tag: v2.12.11~3
X-Git-Url: http://git.liburcu.org/?a=commitdiff_plain;h=c89271d467715e782b76a87c8e26859ec04d9aff;hp=c89271d467715e782b76a87c8e26859ec04d9aff;p=lttng-modules.git

Fix: bytecode interpreter: LOAD_FIELD: handle user fields

The instructions for recursive traversal through composed types
are used by the filter expressions which access fields nested within
composed types.

Instructions BYTECODE_OP_LOAD_FIELD_STRING and
BYTECODE_OP_LOAD_FIELD_SEQUENCE were leaving the "user" attribute
uninitialized. Initialize those to 0.

The handling of userspace strings and integers is missing in LOAD_FIELD
instructions. Therefore, ensure that the specialization leaves the
generic LOAD_FIELD instruction in place for userspace input.

Add a "user" attribute to:
- struct bytecode_get_index_data elem field (produced by the
  specialization),
- struct vstack_load used by the specialization,
- struct load_ptr used by the interpreter.

Use this "user" attribute in dynamic_load_field() for integer, string
and string_sequence object types to ensure that the proper
userspace-aware accesses are performed when loading those fields.

This prevents events with userspace input arguments (e.g. pipe2 system
call fildes field) from oopsing the kernel or reading arbitrary kernel
memory when used by the filter bytecode.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: Id9c373ff1a70e162ba913e5592437249a4947c96
---