The Linux Kernel Mailing List
 help / color / mirror / Atom feed
* [PATCH v2 1/2] tools/bpf/bpftool: Reset vmlinux BTF after map commands
       [not found] <20260622031255.1160657-1-chenyichong@uniontech.com>
@ 2026-06-22  3:12 ` Yichong Chen
  2026-06-22  3:48   ` bot+bpf-ci
  2026-06-22 12:20   ` Jiayuan Chen
  2026-06-22  3:12 ` [PATCH v2 2/2] tools/bpf/bpftool: Reset vmlinux BTF after struct_ops commands Yichong Chen
  1 sibling, 2 replies; 5+ messages in thread
From: Yichong Chen @ 2026-06-22  3:12 UTC (permalink / raw)
  To: qmo, ast, daniel, andrii, eddyz87, memxor
  Cc: martin.lau, song, yonghong.song, jolsa, bpf, linux-kernel,
	chenyichong

get_map_kv_btf() caches the vmlinux BTF object when a map uses
btf_vmlinux_value_type_id. map dump released that object when the
command completed, but left the global pointer stale.

The same cached object can also be returned to print_key_value(), which
freed it directly. That leaves btf_vmlinux dangling before the command
cleanup path runs.

Use free_map_kv_btf() for per-entry cleanup, and reset the cached
btf_vmlinux pointer when the map command releases the object. This keeps
batch mode from reusing a freed BTF object.

Signed-off-by: Yichong Chen <chenyichong@uniontech.com>
---
 tools/bpf/bpftool/map.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/tools/bpf/bpftool/map.c b/tools/bpf/bpftool/map.c
index 7ebf7dbcfba4..a265ad3afbb0 100644
--- a/tools/bpf/bpftool/map.c
+++ b/tools/bpf/bpftool/map.c
@@ -790,6 +790,12 @@ static int maps_have_btf(int *fds, int nb_fds)
 
 static struct btf *btf_vmlinux;
 
+static void free_btf_vmlinux(void)
+{
+	btf__free(btf_vmlinux);
+	btf_vmlinux = NULL;
+}
+
 static int get_map_kv_btf(const struct bpf_map_info *info, struct btf **btf)
 {
 	int err = 0;
@@ -958,7 +964,7 @@ static int do_dump(int argc, char **argv)
 		close(fds[i]);
 exit_free:
 	free(fds);
-	btf__free(btf_vmlinux);
+	free_btf_vmlinux();
 	return err;
 }
 
@@ -1049,7 +1055,7 @@ static void print_key_value(struct bpf_map_info *info, void *key,
 		btf_wtr = get_btf_writer();
 		if (!btf_wtr) {
 			p_info("failed to create json writer for btf. falling back to plain output");
-			btf__free(btf);
+			free_map_kv_btf(btf);
 			btf = NULL;
 			print_entry_plain(info, key, value);
 		} else {
@@ -1065,7 +1071,7 @@ static void print_key_value(struct bpf_map_info *info, void *key,
 	} else {
 		print_entry_plain(info, key, value);
 	}
-	btf__free(btf);
+	free_map_kv_btf(btf);
 }
 
 static int do_lookup(int argc, char **argv)
-- 
2.51.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PATCH v2 2/2] tools/bpf/bpftool: Reset vmlinux BTF after struct_ops commands
       [not found] <20260622031255.1160657-1-chenyichong@uniontech.com>
  2026-06-22  3:12 ` [PATCH v2 1/2] tools/bpf/bpftool: Reset vmlinux BTF after map commands Yichong Chen
@ 2026-06-22  3:12 ` Yichong Chen
  2026-06-22  3:48   ` bot+bpf-ci
  1 sibling, 1 reply; 5+ messages in thread
From: Yichong Chen @ 2026-06-22  3:12 UTC (permalink / raw)
  To: qmo, ast, daniel, andrii, eddyz87, memxor
  Cc: martin.lau, song, yonghong.song, jolsa, bpf, linux-kernel,
	chenyichong

struct_ops frees the global btf_vmlinux object.

In batch mode, a later struct_ops command can reuse stale state.

Reset the BTF pointer and cached map info state.

Signed-off-by: Yichong Chen <chenyichong@uniontech.com>
---
 tools/bpf/bpftool/struct_ops.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tools/bpf/bpftool/struct_ops.c b/tools/bpf/bpftool/struct_ops.c
index aa43dead249c..4dba7c96e5f6 100644
--- a/tools/bpf/bpftool/struct_ops.c
+++ b/tools/bpf/bpftool/struct_ops.c
@@ -21,6 +21,15 @@ static __u32 map_info_alloc_len;
 static struct btf *btf_vmlinux;
 static __s32 map_info_type_id;
 
+static void free_btf_vmlinux(void)
+{
+	btf__free(btf_vmlinux);
+	btf_vmlinux = NULL;
+	map_info_type = NULL;
+	map_info_alloc_len = 0;
+	map_info_type_id = 0;
+}
+
 struct res {
 	unsigned int nr_maps;
 	unsigned int nr_errs;
@@ -642,7 +651,7 @@ int do_struct_ops(int argc, char **argv)
 
 	err = cmd_select(cmds, argc, argv, do_help);
 
-	btf__free(btf_vmlinux);
+	free_btf_vmlinux();
 
 	return err;
 }
-- 
2.51.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH v2 2/2] tools/bpf/bpftool: Reset vmlinux BTF after struct_ops commands
  2026-06-22  3:12 ` [PATCH v2 2/2] tools/bpf/bpftool: Reset vmlinux BTF after struct_ops commands Yichong Chen
@ 2026-06-22  3:48   ` bot+bpf-ci
  0 siblings, 0 replies; 5+ messages in thread
From: bot+bpf-ci @ 2026-06-22  3:48 UTC (permalink / raw)
  To: chenyichong, qmo, ast, daniel, andrii, eddyz87, memxor
  Cc: martin.lau, song, yonghong.song, jolsa, bpf, linux-kernel,
	chenyichong, ast, andrii, daniel, martin.lau, eddyz87,
	yonghong.song, clm, ihor.solodrai

[-- Attachment #1: Type: text/plain, Size: 964 bytes --]

>     tools/bpf/bpftool: Reset vmlinux BTF after struct_ops commands
>
>     struct_ops frees the global btf_vmlinux object.
>
>     In batch mode, a later struct_ops command can reuse stale state.
>
>     Reset the BTF pointer and cached map info state.
>
>     Signed-off-by: Yichong Chen <chenyichong@uniontech.com>

This looks like a fix for a stale-state reuse problem in do_struct_ops(),
where btf__free() left btf_vmlinux and the cached map_info_type/
map_info_type_id dangling for a later struct_ops command in batch mode.

The cached state and the do_struct_ops() free path date back to when
struct_ops.c was first added.  Should this carry a Fixes: tag?

  Fixes: 65c93628999c ("bpftool: Add struct_ops support")


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/27927483612

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH v2 1/2] tools/bpf/bpftool: Reset vmlinux BTF after map commands
  2026-06-22  3:12 ` [PATCH v2 1/2] tools/bpf/bpftool: Reset vmlinux BTF after map commands Yichong Chen
@ 2026-06-22  3:48   ` bot+bpf-ci
  2026-06-22 12:20   ` Jiayuan Chen
  1 sibling, 0 replies; 5+ messages in thread
From: bot+bpf-ci @ 2026-06-22  3:48 UTC (permalink / raw)
  To: chenyichong, qmo, ast, daniel, andrii, eddyz87, memxor
  Cc: martin.lau, song, yonghong.song, jolsa, bpf, linux-kernel,
	chenyichong, ast, andrii, daniel, martin.lau, eddyz87,
	yonghong.song, clm, ihor.solodrai

[-- Attachment #1: Type: text/plain, Size: 1141 bytes --]

> get_map_kv_btf() caches the vmlinux BTF object when a map uses
> btf_vmlinux_value_type_id. map dump released that object when the
> command completed, but left the global pointer stale.
>
> The same cached object can also be returned to print_key_value(), which
> freed it directly. That leaves btf_vmlinux dangling before the command
> cleanup path runs.
>
> Use free_map_kv_btf() for per-entry cleanup, and reset the cached
> btf_vmlinux pointer when the map command releases the object. This keeps
> batch mode from reusing a freed BTF object.
>
> Signed-off-by: Yichong Chen <chenyichong@uniontech.com>

This looks like a bug fix for the cached vmlinux BTF handling that was
introduced when map dumping started caching btf_vmlinux via
get_map_kv_btf()/free_map_kv_btf().  Should this carry a Fixes: tag?

  Fixes: 935d8fbd135d ("bpftool: Support dumping a map with btf_vmlinux_value_type_id")


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/27927483612

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH v2 1/2] tools/bpf/bpftool: Reset vmlinux BTF after map commands
  2026-06-22  3:12 ` [PATCH v2 1/2] tools/bpf/bpftool: Reset vmlinux BTF after map commands Yichong Chen
  2026-06-22  3:48   ` bot+bpf-ci
@ 2026-06-22 12:20   ` Jiayuan Chen
  1 sibling, 0 replies; 5+ messages in thread
From: Jiayuan Chen @ 2026-06-22 12:20 UTC (permalink / raw)
  To: Yichong Chen, qmo, ast, daniel, andrii, eddyz87, memxor
  Cc: martin.lau, song, yonghong.song, jolsa, bpf, linux-kernel


On 6/22/26 11:12 AM, Yichong Chen wrote:
> get_map_kv_btf() caches the vmlinux BTF object when a map uses
> btf_vmlinux_value_type_id. map dump released that object when the
> command completed, but left the global pointer stale.
>
> The same cached object can also be returned to print_key_value(), which
> freed it directly. That leaves btf_vmlinux dangling before the command
> cleanup path runs.
>
> Use free_map_kv_btf() for per-entry cleanup, and reset the cached
> btf_vmlinux pointer when the map command releases the object. This keeps
> batch mode from reusing a freed BTF object.
>
> Signed-off-by: Yichong Chen <chenyichong@uniontech.com>

You added a Fixes tag to another patch. Should we add one here as well?



^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-06-22 12:20 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20260622031255.1160657-1-chenyichong@uniontech.com>
2026-06-22  3:12 ` [PATCH v2 1/2] tools/bpf/bpftool: Reset vmlinux BTF after map commands Yichong Chen
2026-06-22  3:48   ` bot+bpf-ci
2026-06-22 12:20   ` Jiayuan Chen
2026-06-22  3:12 ` [PATCH v2 2/2] tools/bpf/bpftool: Reset vmlinux BTF after struct_ops commands Yichong Chen
2026-06-22  3:48   ` bot+bpf-ci

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox