* [GIT PULL] probes: Fixes for v7.2-rc1
@ 2026-07-01 0:58 Masami Hiramatsu
2026-07-01 4:41 ` pr-tracker-bot
0 siblings, 1 reply; 2+ messages in thread
From: Masami Hiramatsu @ 2026-07-01 0:58 UTC (permalink / raw)
To: Linus Torvalds
Cc: Martin Kaiser, Masami Hiramatsu, Sechang Lim, Steven Rostedt,
Masami Hiramatsu, linux-kernel
Hi Linus,
Probes fixes for v7.2-rc1:
- fprobe: Fix stability and spelling typos
. Fix NULL pointer dereference in fprobe_fgraph_entry(): Prevent general
protection faults by checking shadow-stack reservation bounds. Skip
mid-flight registered fprobes that were not counted during sizing.
- eprobe: Fix string pointer extraction
. Correct the casting of string pointers read from the ringbuffer to
prevent truncation of base event pointer variables when dereferencing
FILTER_PTR_STRING fields.
- tracing/probes: Clean up argument parsing and BTF helper logic
. Make the $ prefix mandatory for comm access: Require the $ prefix for
special fetcharg variables like $comm and $COMM, preventing naming
conflicts with regular BTF-based event fields.
. Fix double addition of offset for @+FOFFSET: Clear the temporary offset
variable after setting the FETCH_OP_FOFFS instruction to avoid applying
the offset multiple times.
. Remove WARN_ON_ONCE from parse_btf_arg: Prevent triggering a kernel warning
via user-space input when creating a kprobe event on a raw address.
. Fix typo in a log message: Correct a spelling error ("$-valiable") in
trace probe log messages.
- samples/trace_events: Improve error checking
. Validate the thread pointer returned from kthread_run() in the trace
events sample code to properly handle thread creation failures.
Please pull the latest probes-fixes-v7.2-rc1 tree, which can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace.git
probes-fixes-v7.2-rc1
Tag SHA1: 20975baf0ddc95a34a397c7404e70eaa5dc1bca7
Head SHA1: a369299c3f785cf556bbef2de2db0aa2d294c4c9
Martin Kaiser (2):
tracing: probes: fix typo in a log message
tracing: eprobe: read the complete FILTER_PTR_STRING pointer
Masami Hiramatsu (Google) (4):
tracing/probes: Remove WARN_ON_ONCE from parse_btf_arg
tracing/events: Fix to check the simple_tsk_fn creation
tracing/probes: Fix double addition of offset for @+FOFFSET
tracing/probes: Make the $ prefix mandatory for comm access
Sechang Lim (1):
tracing/fprobe: Fix NULL pointer dereference in fprobe_fgraph_entry()
----
kernel/trace/fprobe.c | 10 ++++++++++
kernel/trace/trace_eprobe.c | 2 +-
kernel/trace/trace_probe.c | 15 +++++++++------
kernel/trace/trace_probe.h | 2 +-
samples/trace_events/trace-events-sample.c | 4 ++++
5 files changed, 25 insertions(+), 8 deletions(-)
---------------------------
diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c
index f378613ad120..f215990b9061 100644
--- a/kernel/trace/fprobe.c
+++ b/kernel/trace/fprobe.c
@@ -613,6 +613,16 @@ static int fprobe_fgraph_entry(struct ftrace_graph_ent *trace, struct fgraph_ops
continue;
data_size = fp->entry_data_size;
+ /*
+ * The list may have grown since it was sized, so this node
+ * may not fit. Skip it as missed rather than overrun the
+ * reservation.
+ */
+ if (fp->exit_handler &&
+ used + FPROBE_HEADER_SIZE_IN_LONG + SIZE_IN_LONG(data_size) > reserved_words) {
+ fp->nmissed++;
+ continue;
+ }
if (data_size && fp->exit_handler)
data = fgraph_data + used + FPROBE_HEADER_SIZE_IN_LONG;
else
diff --git a/kernel/trace/trace_eprobe.c b/kernel/trace/trace_eprobe.c
index b66d6196338d..50518b071414 100644
--- a/kernel/trace/trace_eprobe.c
+++ b/kernel/trace/trace_eprobe.c
@@ -315,7 +315,7 @@ get_event_field(struct fetch_insn *code, void *rec)
val = (unsigned long)addr;
break;
case FILTER_PTR_STRING:
- val = (unsigned long)(*(char *)addr);
+ val = *(unsigned long *)addr;
break;
default:
WARN_ON_ONCE(1);
diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c
index fd1caa1f9723..d17cfee77d9c 100644
--- a/kernel/trace/trace_probe.c
+++ b/kernel/trace/trace_probe.c
@@ -342,10 +342,6 @@ static int parse_trace_event(char *arg, struct fetch_insn *code,
ret = parse_trace_event_arg(arg, code, ctx);
if (!ret)
return 0;
- if (strcmp(arg, "comm") == 0 || strcmp(arg, "COMM") == 0) {
- code->op = FETCH_OP_COMM;
- return 0;
- }
return -EINVAL;
}
@@ -678,7 +674,7 @@ static int parse_btf_arg(char *varname,
int i, is_ptr, ret;
u32 tid;
- if (WARN_ON_ONCE(!ctx->funcname && !(ctx->flags & TPARG_FL_TEVENT)))
+ if (!ctx->funcname && !(ctx->flags & TPARG_FL_TEVENT))
return -EINVAL;
is_ptr = split_next_field(varname, &field, ctx);
@@ -1068,8 +1064,14 @@ static int parse_probe_vars(char *orig_arg, const struct fetch_type *t,
int len;
if (ctx->flags & TPARG_FL_TEVENT) {
- if (parse_trace_event(arg, code, ctx) < 0)
+ if (parse_trace_event(arg, code, ctx) < 0) {
+ /* 'comm' should be checked after field parsing. */
+ if (strcmp(arg, "comm") == 0 || strcmp(arg, "COMM") == 0) {
+ code->op = FETCH_OP_COMM;
+ return 0;
+ }
goto inval;
+ }
return 0;
}
@@ -1241,6 +1243,7 @@ parse_probe_arg(char *arg, const struct fetch_type *type,
code->op = FETCH_OP_FOFFS;
code->immediate = (unsigned long)offset; // imm64?
+ offset = 0;
} else {
/* uprobes don't support symbols */
if (!(ctx->flags & TPARG_FL_KERNEL)) {
diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h
index 15758cc11fc6..0f09f7aaf93f 100644
--- a/kernel/trace/trace_probe.h
+++ b/kernel/trace/trace_probe.h
@@ -511,7 +511,7 @@ extern int traceprobe_define_arg_fields(struct trace_event_call *event_call,
C(NO_RETVAL, "This function returns 'void' type"), \
C(BAD_STACK_NUM, "Invalid stack number"), \
C(BAD_ARG_NUM, "Invalid argument number"), \
- C(BAD_VAR, "Invalid $-valiable specified"), \
+ C(BAD_VAR, "Invalid $-variable specified"), \
C(BAD_REG_NAME, "Invalid register name"), \
C(BAD_MEM_ADDR, "Invalid memory address"), \
C(BAD_IMM, "Invalid immediate value"), \
diff --git a/samples/trace_events/trace-events-sample.c b/samples/trace_events/trace-events-sample.c
index ecc7db237f2e..0b7a6efdb247 100644
--- a/samples/trace_events/trace-events-sample.c
+++ b/samples/trace_events/trace-events-sample.c
@@ -107,6 +107,10 @@ int foo_bar_reg(void)
* for consistency sake, we still take the thread_mutex.
*/
simple_tsk_fn = kthread_run(simple_thread_fn, NULL, "event-sample-fn");
+ if (IS_ERR_OR_NULL(simple_tsk_fn)) {
+ pr_err("Failed to create simple_thread_fn\n");
+ simple_tsk_fn = NULL;
+ }
out:
mutex_unlock(&thread_mutex);
return 0;
--
Masami Hiramatsu (Google) <mhiramat@kernel.org>
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [GIT PULL] probes: Fixes for v7.2-rc1
2026-07-01 0:58 [GIT PULL] probes: Fixes for v7.2-rc1 Masami Hiramatsu
@ 2026-07-01 4:41 ` pr-tracker-bot
0 siblings, 0 replies; 2+ messages in thread
From: pr-tracker-bot @ 2026-07-01 4:41 UTC (permalink / raw)
To: Masami Hiramatsu (Google)
Cc: Linus Torvalds, Martin Kaiser, Masami Hiramatsu (Google),
Sechang Lim, Steven Rostedt, Masami Hiramatsu, linux-kernel
The pull request you sent on Wed, 1 Jul 2026 09:58:22 +0900:
> git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace.git probes-fixes-v7.2-rc1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/665159e246749578d4e4bfe106ee3b74edcdab18
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-07-01 4:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-01 0:58 [GIT PULL] probes: Fixes for v7.2-rc1 Masami Hiramatsu
2026-07-01 4:41 ` pr-tracker-bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox