From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 56F951A6817 for ; Wed, 1 Jul 2026 00:58:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782867507; cv=none; b=iPg9RZyPDTxxkM/gFly7zG1YHURJG6BzfzxntEv5QNZOUfqwjbDXQjbBEPLGWeYbnM/EK7LjGRLfaHX1gq1nQlMbrCkGJeF2pL942Q95gx6Os9Fw2lcOjoTUDujNEolmOHgF1SJgIc0Iojvlx7B/dzEvtLExRAumK7k3gDnCKdU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782867507; c=relaxed/simple; bh=TzVwvMS3aB9LHpyCN8h6T12YZBZqDfsC3D3DkIp9rEc=; h=Date:From:To:Cc:Subject:Message-Id:Mime-Version:Content-Type; b=ix0KwWCxyr9r1dWEo8PYDKdqRBbRO8cvo2Suz+DoZmyEUPEFGPLizbWGkcDdw0R+lRltBZqjqNpNyB5x5SK2Iqj0LyQJdL+ps0b1/Qj6h1Aj08LZoq9K32/5nQPQSlpDfE3HLl5V2U2JcV8dt/siWRoJ244WUEC0uqoDab2LcsM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=B+PcywO9; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="B+PcywO9" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 42F8F1F000E9; Wed, 1 Jul 2026 00:58:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782867506; bh=qhNWq25aKXjrH1mds/POIYXYElmMxVoDT1Z0qT+ByT8=; h=Date:From:To:Cc:Subject; b=B+PcywO9ct0njIQqSM5DU283aTkkapnwHMvex0jdvcedUsk1p63TKcIonZLm/tpJ8 P5vlZkoFzKakfSMSiRFnp2sqjXbiySKRo3GMHhY0qRgJiqmziQHc/S6IoGiwZyAxCH grNY1xaTXoKQCE0FYtJuauGOXTgFeis52PWZCpbPzGABFp+IhoFqcCEcIoIie1ln71 l0GsnWcVfN0pudwYmxcnuxA2leljfoghzhpjKpK8mjb9fVSATQ3nKV3M6qgjZgai5B DdzchQShRkU9DE4HAq9DusAoChBXkYYFZmEnTzmXLxsrdzHL7TETKHVHpUE2JNv40l WCzh/+lX94mCQ== Date: Wed, 1 Jul 2026 09:58:22 +0900 From: Masami Hiramatsu (Google) To: Linus Torvalds Cc: Martin Kaiser , Masami Hiramatsu (Google) , Sechang Lim , Steven Rostedt , Masami Hiramatsu , linux-kernel@vger.kernel.org Subject: [GIT PULL] probes: Fixes for v7.2-rc1 Message-Id: <20260701095822.2d45ed5bf9e1280cfbbb1e79@kernel.org> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi Linus, Probes fixes for v7.2-rc1: - fprobe: Fix stability and spelling typos . Fix NULL pointer dereference in fprobe_fgraph_entry(): Prevent general protection faults by checking shadow-stack reservation bounds. Skip mid-flight registered fprobes that were not counted during sizing. - eprobe: Fix string pointer extraction . Correct the casting of string pointers read from the ringbuffer to prevent truncation of base event pointer variables when dereferencing FILTER_PTR_STRING fields. - tracing/probes: Clean up argument parsing and BTF helper logic . Make the $ prefix mandatory for comm access: Require the $ prefix for special fetcharg variables like $comm and $COMM, preventing naming conflicts with regular BTF-based event fields. . Fix double addition of offset for @+FOFFSET: Clear the temporary offset variable after setting the FETCH_OP_FOFFS instruction to avoid applying the offset multiple times. . Remove WARN_ON_ONCE from parse_btf_arg: Prevent triggering a kernel warning via user-space input when creating a kprobe event on a raw address. . Fix typo in a log message: Correct a spelling error ("$-valiable") in trace probe log messages. - samples/trace_events: Improve error checking . Validate the thread pointer returned from kthread_run() in the trace events sample code to properly handle thread creation failures. Please pull the latest probes-fixes-v7.2-rc1 tree, which can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace.git probes-fixes-v7.2-rc1 Tag SHA1: 20975baf0ddc95a34a397c7404e70eaa5dc1bca7 Head SHA1: a369299c3f785cf556bbef2de2db0aa2d294c4c9 Martin Kaiser (2): tracing: probes: fix typo in a log message tracing: eprobe: read the complete FILTER_PTR_STRING pointer Masami Hiramatsu (Google) (4): tracing/probes: Remove WARN_ON_ONCE from parse_btf_arg tracing/events: Fix to check the simple_tsk_fn creation tracing/probes: Fix double addition of offset for @+FOFFSET tracing/probes: Make the $ prefix mandatory for comm access Sechang Lim (1): tracing/fprobe: Fix NULL pointer dereference in fprobe_fgraph_entry() ---- kernel/trace/fprobe.c | 10 ++++++++++ kernel/trace/trace_eprobe.c | 2 +- kernel/trace/trace_probe.c | 15 +++++++++------ kernel/trace/trace_probe.h | 2 +- samples/trace_events/trace-events-sample.c | 4 ++++ 5 files changed, 25 insertions(+), 8 deletions(-) --------------------------- diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c index f378613ad120..f215990b9061 100644 --- a/kernel/trace/fprobe.c +++ b/kernel/trace/fprobe.c @@ -613,6 +613,16 @@ static int fprobe_fgraph_entry(struct ftrace_graph_ent *trace, struct fgraph_ops continue; data_size = fp->entry_data_size; + /* + * The list may have grown since it was sized, so this node + * may not fit. Skip it as missed rather than overrun the + * reservation. + */ + if (fp->exit_handler && + used + FPROBE_HEADER_SIZE_IN_LONG + SIZE_IN_LONG(data_size) > reserved_words) { + fp->nmissed++; + continue; + } if (data_size && fp->exit_handler) data = fgraph_data + used + FPROBE_HEADER_SIZE_IN_LONG; else diff --git a/kernel/trace/trace_eprobe.c b/kernel/trace/trace_eprobe.c index b66d6196338d..50518b071414 100644 --- a/kernel/trace/trace_eprobe.c +++ b/kernel/trace/trace_eprobe.c @@ -315,7 +315,7 @@ get_event_field(struct fetch_insn *code, void *rec) val = (unsigned long)addr; break; case FILTER_PTR_STRING: - val = (unsigned long)(*(char *)addr); + val = *(unsigned long *)addr; break; default: WARN_ON_ONCE(1); diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c index fd1caa1f9723..d17cfee77d9c 100644 --- a/kernel/trace/trace_probe.c +++ b/kernel/trace/trace_probe.c @@ -342,10 +342,6 @@ static int parse_trace_event(char *arg, struct fetch_insn *code, ret = parse_trace_event_arg(arg, code, ctx); if (!ret) return 0; - if (strcmp(arg, "comm") == 0 || strcmp(arg, "COMM") == 0) { - code->op = FETCH_OP_COMM; - return 0; - } return -EINVAL; } @@ -678,7 +674,7 @@ static int parse_btf_arg(char *varname, int i, is_ptr, ret; u32 tid; - if (WARN_ON_ONCE(!ctx->funcname && !(ctx->flags & TPARG_FL_TEVENT))) + if (!ctx->funcname && !(ctx->flags & TPARG_FL_TEVENT)) return -EINVAL; is_ptr = split_next_field(varname, &field, ctx); @@ -1068,8 +1064,14 @@ static int parse_probe_vars(char *orig_arg, const struct fetch_type *t, int len; if (ctx->flags & TPARG_FL_TEVENT) { - if (parse_trace_event(arg, code, ctx) < 0) + if (parse_trace_event(arg, code, ctx) < 0) { + /* 'comm' should be checked after field parsing. */ + if (strcmp(arg, "comm") == 0 || strcmp(arg, "COMM") == 0) { + code->op = FETCH_OP_COMM; + return 0; + } goto inval; + } return 0; } @@ -1241,6 +1243,7 @@ parse_probe_arg(char *arg, const struct fetch_type *type, code->op = FETCH_OP_FOFFS; code->immediate = (unsigned long)offset; // imm64? + offset = 0; } else { /* uprobes don't support symbols */ if (!(ctx->flags & TPARG_FL_KERNEL)) { diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h index 15758cc11fc6..0f09f7aaf93f 100644 --- a/kernel/trace/trace_probe.h +++ b/kernel/trace/trace_probe.h @@ -511,7 +511,7 @@ extern int traceprobe_define_arg_fields(struct trace_event_call *event_call, C(NO_RETVAL, "This function returns 'void' type"), \ C(BAD_STACK_NUM, "Invalid stack number"), \ C(BAD_ARG_NUM, "Invalid argument number"), \ - C(BAD_VAR, "Invalid $-valiable specified"), \ + C(BAD_VAR, "Invalid $-variable specified"), \ C(BAD_REG_NAME, "Invalid register name"), \ C(BAD_MEM_ADDR, "Invalid memory address"), \ C(BAD_IMM, "Invalid immediate value"), \ diff --git a/samples/trace_events/trace-events-sample.c b/samples/trace_events/trace-events-sample.c index ecc7db237f2e..0b7a6efdb247 100644 --- a/samples/trace_events/trace-events-sample.c +++ b/samples/trace_events/trace-events-sample.c @@ -107,6 +107,10 @@ int foo_bar_reg(void) * for consistency sake, we still take the thread_mutex. */ simple_tsk_fn = kthread_run(simple_thread_fn, NULL, "event-sample-fn"); + if (IS_ERR_OR_NULL(simple_tsk_fn)) { + pr_err("Failed to create simple_thread_fn\n"); + simple_tsk_fn = NULL; + } out: mutex_unlock(&thread_mutex); return 0; -- Masami Hiramatsu (Google)