From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF5A63B19BA for ; Mon, 11 May 2026 08:57:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778489849; cv=none; b=Kl7HSEO7L7pmCEjizmH/m2nDqnNAoEPWV4jGSCwJOwLtYYAeOF359g3+dpUmQQXlnqC/vxWKpkOtIrU/5IG/mnTwzgG1WG+xWrcgLoLKTXNLzmHdTwEZ85AXJcuPnpo8cd3QJToVQt9ZKYp5XVCvFItrH5VTm5WxKgCruJ6P4k0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778489849; c=relaxed/simple; bh=YzCSy4pqhp7BRo4Y7kuS9l0vVfqquZL9PXH4Wh+rAi8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=czoYzBQf1lFyPUM5JO+pCdJ4Dy+HsTgo3ihvkHKjkeLC459D/SE5yYsyTULQhF1Un2+5l5/jRRP4PdBq0Lf5OVz7gn2y64Gl7BFbPrGEpnADyn4jIyUGGMvMotGIucZoyqCN79n5pnt0nTbnkZvqcYoRF3lDRK+l03cokf4y0ag= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ZYB004eR; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ZYB004eR" Received: by smtp.kernel.org (Postfix) with ESMTPSA id BCB2CC2BCB0; Mon, 11 May 2026 08:57:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1778489849; bh=YzCSy4pqhp7BRo4Y7kuS9l0vVfqquZL9PXH4Wh+rAi8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZYB004eRL8jPJL2V7SeMKmAJ06gN9fKbnT94AF5AJYzFHzRjMDyuZ0cY5sE8Ce6vT Q8S3wfNrwYCTR8mG6FUbM9YKex5fvO/65AVdCB9jZ0aaInmgTyd/ZB8cnVd3uhJokL v++HrrMjJsVeRI926YcHh7SZh9vL9qtk4Y+w1kClX4HHh69KGWSrunx3AccFVM/zFD 9iAJhQWuwuatbdWvj/rFre4q/WPbQK57HX2dROhpLoG/QdYK/JFVsJDX43DoZli2G5 K9pdz9HDBBD+DBKDYFwPOtHOtV5Y1imRhEpzKpN+mgm2Qd9DiXBLvQzVCodgmXA/W4 KGg9QedaOiAEg== From: Sasha Levin To: stable@vger.kernel.org Cc: David Carlier , Masami Hiramatsu , Mathieu Desnoyers , "Steven Rostedt (Google)" , Sasha Levin Subject: [PATCH 5.15.y] tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() Date: Mon, 11 May 2026 04:57:26 -0400 Message-ID: <20260511085726.1417414-1-sashal@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <2026050737-recoil-baritone-4e0e@gregkh> References: <2026050737-recoil-baritone-4e0e@gregkh> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: David Carlier [ Upstream commit fad217e16fded7f3c09f8637b0f6a224d58b5f2e ] When a tracepoint goes through the 0 -> 1 transition, tracepoint_add_func() invokes the subsystem's ext->regfunc() before attempting to install the new probe via func_add(). If func_add() then fails (for example, when allocate_probes() cannot allocate a new probe array under memory pressure and returns -ENOMEM), the function returns the error without calling the matching ext->unregfunc(), leaving the side effects of regfunc() behind with no installed probe to justify them. For syscall tracepoints this is particularly unpleasant: syscall_regfunc() bumps sys_tracepoint_refcount and sets SYSCALL_TRACEPOINT on every task. After a leaked failure, the refcount is stuck at a non-zero value with no consumer, and every task continues paying the syscall trace entry/exit overhead until reboot. Other subsystems providing regfunc()/unregfunc() pairs exhibit similarly scoped persistent state. Mirror the existing 1 -> 0 cleanup and call ext->unregfunc() in the func_add() error path, gated on the same condition used there so the unwind is symmetric with the registration. Fixes: 8cf868affdc4 ("tracing: Have the reg function allow to fail") Cc: stable@vger.kernel.org Cc: Masami Hiramatsu Cc: Mathieu Desnoyers Link: https://patch.msgid.link/20260413190601.21993-1-devnexen@gmail.com Signed-off-by: David Carlier Signed-off-by: Steven Rostedt (Google) [ changed `tp->ext->unregfunc` to `tp->unregfunc` to match older struct layout ] Signed-off-by: Sasha Levin --- kernel/tracepoint.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/tracepoint.c b/kernel/tracepoint.c index 64ea283f2f86d..38e83507e6fd1 100644 --- a/kernel/tracepoint.c +++ b/kernel/tracepoint.c @@ -337,6 +337,8 @@ static int tracepoint_add_func(struct tracepoint *tp, lockdep_is_held(&tracepoints_mutex)); old = func_add(&tp_funcs, func, prio); if (IS_ERR(old)) { + if (tp->unregfunc && !static_key_enabled(&tp->key)) + tp->unregfunc(); WARN_ON_ONCE(warn && PTR_ERR(old) != -ENOMEM); return PTR_ERR(old); } -- 2.53.0