Re: [PATCH v3 6/7] perf trace: Add beautifier script for fsmount flags

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] NULL pointer dereference when parsing string filters for the `fsmount` syscall flags in `perf trace`.
--

commit f130ece1ce49e8a473ebf43d62d18d2a42d44946
Author: Namhyung Kim <namhyung@kernel.org>

perf trace: Add beautifier script for fsmount flags

This commit introduces a beautifier script to generate fsmount_flags[] from
mount.h, moving the existing array to fsmount_attr.sh.

> diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c
> --- a/tools/perf/builtin-trace.c
> +++ b/tools/perf/builtin-trace.c
[ ... ]
> @@ -1202,7 +1197,9 @@ static const struct syscall_fmt syscall_fmts[] = {
>  	{ .name     = "fsconfig",
>  	  .arg = { [1] = STRARRAY(cmd, fsconfig_cmds), }, },
>  	{ .name     = "fsmount",
> -	  .arg = { [1] = STRARRAY_FLAGS(flags, fsmount_flags),
> +	  .arg = { [1] = { .scnprintf = SCA_FSMOUNT_FLAGS, /* fsmount_flags */
> +			   .strtoul   = STUL_STRARRAYS,
> +			   .show_zero = true, },

Could this cause a NULL pointer dereference when parsing string filters?

Because .parm is omitted here, it defaults to NULL. If a user runs a trace
command with a string filter like perf trace -e 'fsmount(flags==CLOEXEC)',
the STUL_STRARRAYS parser will pass this NULL .parm to strarrays__strtoul(),
which will unconditionally dereference sas->nr_entries.

Also, does STUL_STRARRAYS expect a struct strarrays rather than a struct
strarray? Since fsmount flags are bitmasks, should this use
STUL_STRARRAY_FLAGS along with an exported strarray instead?

>  		   [2] = { .scnprintf = SCA_FSMOUNT_ATTR_FLAGS, /* attr_flags */ }, }, },
>  	{ .name     = "fspick",
>  	  .arg = { [0] = { .scnprintf = SCA_FDAT,	  /* dfd */ },

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260510202346.49853-1-namhyung@kernel.org?part=6