From: Menglong Dong <menglong.dong@linux.dev>
To: Steven Rostedt <rostedt@goodmis.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
"Masami Hiramatsu (Google)" <mhiramat@kernel.org>
Cc: Menglong Dong <menglong8.dong@gmail.com>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
jiang.biao@linux.dev, linux-kernel@vger.kernel.org,
linux-trace-kernel@vger.kernel.org
Subject: Re: [PATCH v6 2/5] tracing/fprobe: Remove fprobe from hash in failure path
Date: Wed, 15 Apr 2026 17:47:11 +0800 [thread overview]
Message-ID: <2405872.ElGaqSPkdT@7940hx> (raw)
In-Reply-To: <177615809677.1165997.619922394559783590.stgit@mhiramat.tok.corp.google.com>
On 2026/4/14 17:14 Masami Hiramatsu (Google) <mhiramat@kernel.org> write:
> From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
>
> When register_fprobe_ips() fails, it tries to remove a list of
> fprobe_hash_node from fprobe_ip_table, but it missed to remove
> fprobe itself from fprobe_table. Moreover, when removing
> the fprobe_hash_node which is added to rhltable once, it must
> use kfree_rcu() after removing from rhltable.
>
> To fix these issues, this reuses unregister_fprobe() internal
> code to rollback the half-way registered fprobe.
>
> Fixes: 4346ba160409 ("fprobe: Rewrite fprobe on function-graph tracer")
> Cc: stable@vger.kernel.org
> Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
> ---
[...]
>
> +static int unregister_fprobe_nolock(struct fprobe *fp, bool force);
> +
> /**
> * register_fprobe_ips() - Register fprobe to ftrace by address.
> * @fp: A fprobe data structure to be registered.
> @@ -847,29 +855,26 @@ int register_fprobe_ips(struct fprobe *fp, unsigned long *addrs, int num)
> if (ret)
> return ret;
Hi, Masami. The logic of unregister_fprobe_nolock() looks a little
messy. How about we make the logic here like this:
for (i = 0; i < hlist_array->size; i++) {
// The node->fp is NULL, so it's safe to add the node before
// fprobe_ftrace_add_ips(), right?
ret = insert_fprobe_node(&hlist_array->array[i], fp);
if (ret)
goto fallback_err;
}
if (fprobe_is_ftrace(fp))
ret = fprobe_ftrace_add_ips(addrs, num);
else
ret = fprobe_graph_add_ips(addrs, num);
if (ret)
goto fallback_err;
add_fprobe_hash(fp);
for (i = 0; i < hlist_array->size; i++)
WRITE_ONCE(hlist_array->array[i].fp, fp);
return 0;
fallback_err:
for (i--; i >= 0; i--)
delete_fprobe_node(&hlist_array->array[i]);
fprobe_fail_cleanup(fp);
return ret;
Then, we don't need to change unregister_fprobe_nolock and
insert_fprobe_node.
Thanks!
Menglong Dong
>
> - hlist_array = fp->hlist_array;
> if (fprobe_is_ftrace(fp))
> ret = fprobe_ftrace_add_ips(addrs, num);
> else
> ret = fprobe_graph_add_ips(addrs, num);
> + if (ret) {
> + fprobe_fail_cleanup(fp);
> + return ret;
> + }
>
> - if (!ret) {
> - add_fprobe_hash(fp);
> - for (i = 0; i < hlist_array->size; i++) {
> - ret = insert_fprobe_node(&hlist_array->array[i]);
> - if (ret)
> - break;
> - }
> - /* fallback on insert error */
> + hlist_array = fp->hlist_array;
> + add_fprobe_hash(fp);
> + for (i = 0; i < hlist_array->size; i++) {
> + ret = insert_fprobe_node(&hlist_array->array[i], fp);
> if (ret) {
> - for (i--; i >= 0; i--)
> - delete_fprobe_node(&hlist_array->array[i]);
> + if (unregister_fprobe_nolock(fp, true))
> + pr_warn("Failed to cleanup fprobe after insertion failure.\n");
> + break;
> }
> }
>
> - if (ret)
> - fprobe_fail_cleanup(fp);
> -
> return ret;
> }
> EXPORT_SYMBOL_GPL(register_fprobe_ips);
> @@ -912,37 +917,29 @@ bool fprobe_is_registered(struct fprobe *fp)
> return true;
> }
>
> -/**
> - * unregister_fprobe() - Unregister fprobe.
> - * @fp: A fprobe data structure to be unregistered.
> - *
> - * Unregister fprobe (and remove ftrace hooks from the function entries).
> - *
> - * Return 0 if @fp is unregistered successfully, -errno if not.
> - */
> -int unregister_fprobe(struct fprobe *fp)
> +static int unregister_fprobe_nolock(struct fprobe *fp, bool force)
> {
> - struct fprobe_hlist *hlist_array;
> + struct fprobe_hlist *hlist_array = fp->hlist_array;
> unsigned long *addrs = NULL;
> - int ret = 0, i, count;
> + int i, count;
>
> - mutex_lock(&fprobe_mutex);
> - if (!fp || !fprobe_registered(fp)) {
> - ret = -EINVAL;
> - goto out;
> - }
> -
> - hlist_array = fp->hlist_array;
> addrs = kcalloc(hlist_array->size, sizeof(unsigned long), GFP_KERNEL);
> - if (!addrs) {
> - ret = -ENOMEM; /* TODO: Fallback to one-by-one loop */
> - goto out;
> - }
> + if (!addrs && !force)
> + return -ENOMEM;
> + /*
> + * If @force is set, this function will remove fprobe_hash_node
> + * from the hash table even if memory allocation fails. However,
> + * ftrace_ops will not be updated. Anyway, when the last fprobe
> + * is unregistered, ftrace_ops is also unregistered.
> + */
>
> /* Remove non-synonim ips from table and hash */
> count = 0;
> for (i = 0; i < hlist_array->size; i++) {
> - if (!delete_fprobe_node(&hlist_array->array[i]))
> + if (delete_fprobe_node(&hlist_array->array[i]))
> + continue;
> +
> + if (addrs)
> addrs[count++] = hlist_array->array[i].addr;
> }
> del_fprobe_hash(fp);
> @@ -951,15 +948,35 @@ int unregister_fprobe(struct fprobe *fp)
> fprobe_ftrace_remove_ips(addrs, count);
> else
> fprobe_graph_remove_ips(addrs, count);
> + /*
> + * If count == 0, instead of calling ftrace_set_filter_ips(),
> + * we must wait for RCU grace period to finish del_fprobe_hash().
> + */
> + if (!count)
> + synchronize_rcu();
>
> kfree_rcu(hlist_array, rcu);
> fp->hlist_array = NULL;
> + kfree(addrs);
>
> -out:
> - mutex_unlock(&fprobe_mutex);
> + return !addrs ? -ENOMEM : 0;
> +}
>
> - kfree(addrs);
> - return ret;
> +/**
> + * unregister_fprobe() - Unregister fprobe.
> + * @fp: A fprobe data structure to be unregistered.
> + *
> + * Unregister fprobe (and remove ftrace hooks from the function entries).
> + *
> + * Return 0 if @fp is unregistered successfully, -errno if not.
> + */
> +int unregister_fprobe(struct fprobe *fp)
> +{
> + guard(mutex)(&fprobe_mutex);
> + if (!fp || !fprobe_registered(fp))
> + return -EINVAL;
> +
> + return unregister_fprobe_nolock(fp, false);
> }
> EXPORT_SYMBOL_GPL(unregister_fprobe);
>
>
>
>
next prev parent reply other threads:[~2026-04-15 9:47 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-14 9:14 [PATCH v6 0/5] tracing/fprobe: Fix fprobe_ip_table related bugs Masami Hiramatsu (Google)
2026-04-14 9:14 ` [PATCH v6 1/5] tracing/fprobe: Reject registration of a registered fprobe before init Masami Hiramatsu (Google)
2026-04-14 9:14 ` [PATCH v6 2/5] tracing/fprobe: Remove fprobe from hash in failure path Masami Hiramatsu (Google)
2026-04-15 9:47 ` Menglong Dong [this message]
2026-04-15 10:06 ` Masami Hiramatsu
2026-04-14 9:15 ` [PATCH v6 3/5] tracing/fprobe: Avoid kcalloc() in rcu_read_lock section Masami Hiramatsu (Google)
2026-04-14 9:15 ` [PATCH v6 4/5] tracing/fprobe: Check the same type fprobe on table as the unregistered one Masami Hiramatsu (Google)
2026-04-14 9:15 ` [PATCH v6 5/5] tracing/fprobe: Fix to unregister ftrace_ops if it is empty on module unloading Masami Hiramatsu (Google)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2405872.ElGaqSPkdT@7940hx \
--to=menglong.dong@linux.dev \
--cc=jiang.biao@linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=menglong8.dong@gmail.com \
--cc=mhiramat@kernel.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox