projects / deliverable / lttng-modules.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dd1ee95)
Fix: bytecode linker: iteration on wrong list head
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fri, 12 Mar 2021 14:36:46 +0000 (09:36 -0500)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fri, 12 Mar 2021 14:37:48 +0000 (09:37 -0500)
lttng_enabler_link_bytecode() calls link_bytecode() passing an insertion
location (insert_loc) within the list. This insert location is meant to
be used as cursor position where to add the new element.

However, bytecode_is_linked() uses it as iteration list head, and this
is where things fall apart: it will thus consider the real list head as
being a list node, and will erroneously think that it is contained
within a struct lttng_bytecode_runtime, and thus try to perform possibly
out-of-bound read or read garbage data for the comparison.

It worked fine most of the time because in usual scenarios the insert
location is the list head. It falls apart when many bytecodes are linked
to a given event.

Fixes: 2dfda770cc6 ("Decouple `struct lttng_event` from filter code")
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: I7463c7a9399b8f7f7d0e3d74e6427aae46cf56ff

src/lttng-bytecode.c patch | blob | blame | history

diff --git a/src/lttng-bytecode.c b/src/lttng-bytecode.c
index 86ffe94985147aec879dc9e9151d95ade9af83b7..343e53801b09674d4814c1b926095d9e953c02d3 100644 (file)
--- a/src/lttng-bytecode.c
+++ b/src/lttng-bytecode.c
@@ -398,6 +398,7 @@ static
 int link_bytecode(const struct lttng_event_desc *event_desc,
                struct lttng_ctx *ctx,
                struct lttng_bytecode_node *bytecode,
+               struct list_head *bytecode_runtime_head,
                struct list_head *insert_loc)
 {
        int ret, offset, next_offset;
@@ -407,7 +408,7 @@ int link_bytecode(const struct lttng_event_desc *event_desc,
        if (!bytecode)
                return 0;
        /* Bytecode already linked */
-       if (bytecode_is_linked(bytecode, insert_loc))
+       if (bytecode_is_linked(bytecode, bytecode_runtime_head))
                return 0;
 
        dbg_printk("Linking...\n");
@@ -566,7 +567,7 @@ void lttng_enabler_link_bytecode(const struct lttng_event_desc *event_desc,
                insert_loc = instance_bytecode_head;
        add_within:
                dbg_printk("linking bytecode\n");
-               ret = link_bytecode(event_desc, ctx, enabler_bc, insert_loc);
+               ret = link_bytecode(event_desc, ctx, enabler_bc, instance_bytecode_head, insert_loc);
                if (ret) {
                        dbg_printk("[lttng filter] warning: cannot link event bytecode\n");
                }
LTTng modules - Deliverables
This page took 0.025406 seconds and 5 git commands to generate.