Fix PR19057 by making _is_reset() more robust.

* tapset/linux/tcpmib.stp (_is_reset): Make more robust by using
  kderef_buffer() on the tcp header we're reading.

diff --git a/tapset/linux/tcpmib.stp b/tapset/linux/tcpmib.stp
index e531de8d071d645d2cd31ea6def37aa024de2c1d..10c8ad1b8ee961018ab3ea52241aefdda067a1a0 100644 (file)
--- a/tapset/linux/tcpmib.stp
+++ b/tapset/linux/tcpmib.stp
@@ -243,6 +243,7 @@ function _is_reset:long (skb:long)
 %{ /* pure */
         struct tcphdr *th;
         struct sk_buff *skb = (struct sk_buff *)(long)STAP_ARG_skb;
+       struct tcphdr th_copy;
 
        #if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,21)
                th = (struct tcphdr *)kread(&(skb->h.th));
@@ -254,7 +255,14 @@ function _is_reset:long (skb:long)
                th = (struct tcphdr *)kread(&(skb->network_header));
        #endif
        #endif
-        STAP_RETVALUE = th->rst;
+
+       // We'd like to kread the 'rst' field here. But, it is a
+       // bitfield (and you can't take the address of a
+       // bitfield). So, let's kread the entire tcphdr, then grab the
+       // 'rst' field out of the copy. Luckily, the tcphdr is only 20
+       // bytes long.
+       kderef_buffer(((void *)&th_copy), th, sizeof(struct tcphdr));
+       STAP_RETVALUE = th_copy.rst;
         CATCH_DEREF_FAULT();
 %}