The Linux Kernel Mailing List
 help / color / mirror / Atom feed
* [GIT PULL] probes: Fixes for v7.2-rc1
@ 2026-07-01  0:58 Masami Hiramatsu
  2026-07-01  4:41 ` pr-tracker-bot
  0 siblings, 1 reply; 2+ messages in thread
From: Masami Hiramatsu @ 2026-07-01  0:58 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: Martin Kaiser, Masami Hiramatsu, Sechang Lim, Steven Rostedt,
	Masami Hiramatsu, linux-kernel

Hi Linus,

Probes fixes for v7.2-rc1:

- fprobe: Fix stability and spelling typos
  . Fix NULL pointer dereference in fprobe_fgraph_entry(): Prevent general
    protection faults by checking shadow-stack reservation bounds. Skip
    mid-flight registered fprobes that were not counted during sizing.

- eprobe: Fix string pointer extraction
  . Correct the casting of string pointers read from the ringbuffer to
    prevent truncation of base event pointer variables when dereferencing
    FILTER_PTR_STRING fields.

- tracing/probes: Clean up argument parsing and BTF helper logic
  . Make the $ prefix mandatory for comm access: Require the $ prefix for
    special fetcharg variables like $comm and $COMM, preventing naming
    conflicts with regular BTF-based event fields.
  . Fix double addition of offset for @+FOFFSET: Clear the temporary offset
    variable after setting the FETCH_OP_FOFFS instruction to avoid applying
    the offset multiple times.
  . Remove WARN_ON_ONCE from parse_btf_arg: Prevent triggering a kernel warning
    via user-space input when creating a kprobe event on a raw address.
  . Fix typo in a log message: Correct a spelling error ("$-valiable") in
    trace probe log messages.

- samples/trace_events: Improve error checking
  . Validate the thread pointer returned from kthread_run() in the trace
    events sample code to properly handle thread creation failures.


Please pull the latest probes-fixes-v7.2-rc1 tree, which can be found at:


  git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace.git
probes-fixes-v7.2-rc1

Tag SHA1: 20975baf0ddc95a34a397c7404e70eaa5dc1bca7
Head SHA1: a369299c3f785cf556bbef2de2db0aa2d294c4c9


Martin Kaiser (2):
      tracing: probes: fix typo in a log message
      tracing: eprobe: read the complete FILTER_PTR_STRING pointer

Masami Hiramatsu (Google) (4):
      tracing/probes: Remove WARN_ON_ONCE from parse_btf_arg
      tracing/events: Fix to check the simple_tsk_fn creation
      tracing/probes: Fix double addition of offset for @+FOFFSET
      tracing/probes: Make the $ prefix mandatory for comm access

Sechang Lim (1):
      tracing/fprobe: Fix NULL pointer dereference in fprobe_fgraph_entry()

----
 kernel/trace/fprobe.c                      | 10 ++++++++++
 kernel/trace/trace_eprobe.c                |  2 +-
 kernel/trace/trace_probe.c                 | 15 +++++++++------
 kernel/trace/trace_probe.h                 |  2 +-
 samples/trace_events/trace-events-sample.c |  4 ++++
 5 files changed, 25 insertions(+), 8 deletions(-)
---------------------------
diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c
index f378613ad120..f215990b9061 100644
--- a/kernel/trace/fprobe.c
+++ b/kernel/trace/fprobe.c
@@ -613,6 +613,16 @@ static int fprobe_fgraph_entry(struct ftrace_graph_ent *trace, struct fgraph_ops
 			continue;
 
 		data_size = fp->entry_data_size;
+		/*
+		 * The list may have grown since it was sized, so this node
+		 * may not fit. Skip it as missed rather than overrun the
+		 * reservation.
+		 */
+		if (fp->exit_handler &&
+		    used + FPROBE_HEADER_SIZE_IN_LONG + SIZE_IN_LONG(data_size) > reserved_words) {
+			fp->nmissed++;
+			continue;
+		}
 		if (data_size && fp->exit_handler)
 			data = fgraph_data + used + FPROBE_HEADER_SIZE_IN_LONG;
 		else
diff --git a/kernel/trace/trace_eprobe.c b/kernel/trace/trace_eprobe.c
index b66d6196338d..50518b071414 100644
--- a/kernel/trace/trace_eprobe.c
+++ b/kernel/trace/trace_eprobe.c
@@ -315,7 +315,7 @@ get_event_field(struct fetch_insn *code, void *rec)
 			val = (unsigned long)addr;
 			break;
 		case FILTER_PTR_STRING:
-			val = (unsigned long)(*(char *)addr);
+			val = *(unsigned long *)addr;
 			break;
 		default:
 			WARN_ON_ONCE(1);
diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c
index fd1caa1f9723..d17cfee77d9c 100644
--- a/kernel/trace/trace_probe.c
+++ b/kernel/trace/trace_probe.c
@@ -342,10 +342,6 @@ static int parse_trace_event(char *arg, struct fetch_insn *code,
 	ret = parse_trace_event_arg(arg, code, ctx);
 	if (!ret)
 		return 0;
-	if (strcmp(arg, "comm") == 0 || strcmp(arg, "COMM") == 0) {
-		code->op = FETCH_OP_COMM;
-		return 0;
-	}
 	return -EINVAL;
 }
 
@@ -678,7 +674,7 @@ static int parse_btf_arg(char *varname,
 	int i, is_ptr, ret;
 	u32 tid;
 
-	if (WARN_ON_ONCE(!ctx->funcname && !(ctx->flags & TPARG_FL_TEVENT)))
+	if (!ctx->funcname && !(ctx->flags & TPARG_FL_TEVENT))
 		return -EINVAL;
 
 	is_ptr = split_next_field(varname, &field, ctx);
@@ -1068,8 +1064,14 @@ static int parse_probe_vars(char *orig_arg, const struct fetch_type *t,
 	int len;
 
 	if (ctx->flags & TPARG_FL_TEVENT) {
-		if (parse_trace_event(arg, code, ctx) < 0)
+		if (parse_trace_event(arg, code, ctx) < 0) {
+			/* 'comm' should be checked after field parsing. */
+			if (strcmp(arg, "comm") == 0 || strcmp(arg, "COMM") == 0) {
+				code->op = FETCH_OP_COMM;
+				return 0;
+			}
 			goto inval;
+		}
 		return 0;
 	}
 
@@ -1241,6 +1243,7 @@ parse_probe_arg(char *arg, const struct fetch_type *type,
 
 			code->op = FETCH_OP_FOFFS;
 			code->immediate = (unsigned long)offset;  // imm64?
+			offset = 0;
 		} else {
 			/* uprobes don't support symbols */
 			if (!(ctx->flags & TPARG_FL_KERNEL)) {
diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h
index 15758cc11fc6..0f09f7aaf93f 100644
--- a/kernel/trace/trace_probe.h
+++ b/kernel/trace/trace_probe.h
@@ -511,7 +511,7 @@ extern int traceprobe_define_arg_fields(struct trace_event_call *event_call,
 	C(NO_RETVAL,		"This function returns 'void' type"),	\
 	C(BAD_STACK_NUM,	"Invalid stack number"),		\
 	C(BAD_ARG_NUM,		"Invalid argument number"),		\
-	C(BAD_VAR,		"Invalid $-valiable specified"),	\
+	C(BAD_VAR,		"Invalid $-variable specified"),	\
 	C(BAD_REG_NAME,		"Invalid register name"),		\
 	C(BAD_MEM_ADDR,		"Invalid memory address"),		\
 	C(BAD_IMM,		"Invalid immediate value"),		\
diff --git a/samples/trace_events/trace-events-sample.c b/samples/trace_events/trace-events-sample.c
index ecc7db237f2e..0b7a6efdb247 100644
--- a/samples/trace_events/trace-events-sample.c
+++ b/samples/trace_events/trace-events-sample.c
@@ -107,6 +107,10 @@ int foo_bar_reg(void)
 	 * for consistency sake, we still take the thread_mutex.
 	 */
 	simple_tsk_fn = kthread_run(simple_thread_fn, NULL, "event-sample-fn");
+	if (IS_ERR_OR_NULL(simple_tsk_fn)) {
+		pr_err("Failed to create simple_thread_fn\n");
+		simple_tsk_fn = NULL;
+	}
  out:
 	mutex_unlock(&thread_mutex);
 	return 0;
-- 
Masami Hiramatsu (Google) <mhiramat@kernel.org>

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [GIT PULL] probes: Fixes for v7.2-rc1
  2026-07-01  0:58 [GIT PULL] probes: Fixes for v7.2-rc1 Masami Hiramatsu
@ 2026-07-01  4:41 ` pr-tracker-bot
  0 siblings, 0 replies; 2+ messages in thread
From: pr-tracker-bot @ 2026-07-01  4:41 UTC (permalink / raw)
  To: Masami Hiramatsu (Google)
  Cc: Linus Torvalds, Martin Kaiser, Masami Hiramatsu (Google),
	Sechang Lim, Steven Rostedt, Masami Hiramatsu, linux-kernel

The pull request you sent on Wed, 1 Jul 2026 09:58:22 +0900:

> git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace.git probes-fixes-v7.2-rc1

has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/665159e246749578d4e4bfe106ee3b74edcdab18

Thank you!

-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-07-01  4:41 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-01  0:58 [GIT PULL] probes: Fixes for v7.2-rc1 Masami Hiramatsu
2026-07-01  4:41 ` pr-tracker-bot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox