summaryrefslogtreecommitdiff
path: root/kernel
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2026-06-30 17:50:44 -1000
committerLinus Torvalds <torvalds@linux-foundation.org>2026-06-30 17:50:44 -1000
commit665159e246749578d4e4bfe106ee3b74edcdab18 (patch)
tree42f7d7c0f347b318766f665a22327a671f94a4a0 /kernel
parentdc59e4fea9d83f03bad6bddf3fa2e52491777482 (diff)
parenta369299c3f785cf556bbef2de2db0aa2d294c4c9 (diff)
Merge tag 'probes-fixes-v7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-traceHEADmaster
Pull probes fixes from Masami Hiramatsu: "fprobe fixes and spelling typos: - Fix NULL pointer dereference in fprobe_fgraph_entry(). Prevent general protection faults by checking shadow-stack reservation bounds. Skip mid-flight registered fprobes that were not counted during sizing. eprobe: fix string pointer extraction - Correct the casting of string pointers read from the ringbuffer to prevent truncation of base event pointer variables when dereferencing FILTER_PTR_STRING fields. tracing/probes: clean up argument parsing and BTF helper logic - Make the $ prefix mandatory for comm access: Require the $ prefix for special fetcharg variables like $comm and $COMM, preventing naming conflicts with regular BTF-based event fields. - Fix double addition of offset for @+FOFFSET: Clear the temporary offset variable after setting the FETCH_OP_FOFFS instruction to avoid applying the offset multiple times. - Remove WARN_ON_ONCE from parse_btf_arg: Prevent triggering a kernel warning via user-space input when creating a kprobe event on a raw address. - Fix typo in a log message: Correct a spelling error ("$-valiable") in trace probe log messages. samples/trace_events: improve error checking - Validate the thread pointer returned from kthread_run() in the trace events sample code to properly handle thread creation failures" * tag 'probes-fixes-v7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: tracing/probes: Make the $ prefix mandatory for comm access tracing/fprobe: Fix NULL pointer dereference in fprobe_fgraph_entry() tracing/probes: Fix double addition of offset for @+FOFFSET tracing: eprobe: read the complete FILTER_PTR_STRING pointer tracing/events: Fix to check the simple_tsk_fn creation tracing/probes: Remove WARN_ON_ONCE from parse_btf_arg tracing: probes: fix typo in a log message
Diffstat (limited to 'kernel')
-rw-r--r--kernel/trace/fprobe.c10
-rw-r--r--kernel/trace/trace_eprobe.c2
-rw-r--r--kernel/trace/trace_probe.c15
-rw-r--r--kernel/trace/trace_probe.h2
4 files changed, 21 insertions, 8 deletions
diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c
index f378613ad120..f215990b9061 100644
--- a/kernel/trace/fprobe.c
+++ b/kernel/trace/fprobe.c
@@ -613,6 +613,16 @@ static int fprobe_fgraph_entry(struct ftrace_graph_ent *trace, struct fgraph_ops
continue;
data_size = fp->entry_data_size;
+ /*
+ * The list may have grown since it was sized, so this node
+ * may not fit. Skip it as missed rather than overrun the
+ * reservation.
+ */
+ if (fp->exit_handler &&
+ used + FPROBE_HEADER_SIZE_IN_LONG + SIZE_IN_LONG(data_size) > reserved_words) {
+ fp->nmissed++;
+ continue;
+ }
if (data_size && fp->exit_handler)
data = fgraph_data + used + FPROBE_HEADER_SIZE_IN_LONG;
else
diff --git a/kernel/trace/trace_eprobe.c b/kernel/trace/trace_eprobe.c
index b66d6196338d..50518b071414 100644
--- a/kernel/trace/trace_eprobe.c
+++ b/kernel/trace/trace_eprobe.c
@@ -315,7 +315,7 @@ get_event_field(struct fetch_insn *code, void *rec)
val = (unsigned long)addr;
break;
case FILTER_PTR_STRING:
- val = (unsigned long)(*(char *)addr);
+ val = *(unsigned long *)addr;
break;
default:
WARN_ON_ONCE(1);
diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c
index fd1caa1f9723..d17cfee77d9c 100644
--- a/kernel/trace/trace_probe.c
+++ b/kernel/trace/trace_probe.c
@@ -342,10 +342,6 @@ static int parse_trace_event(char *arg, struct fetch_insn *code,
ret = parse_trace_event_arg(arg, code, ctx);
if (!ret)
return 0;
- if (strcmp(arg, "comm") == 0 || strcmp(arg, "COMM") == 0) {
- code->op = FETCH_OP_COMM;
- return 0;
- }
return -EINVAL;
}
@@ -678,7 +674,7 @@ static int parse_btf_arg(char *varname,
int i, is_ptr, ret;
u32 tid;
- if (WARN_ON_ONCE(!ctx->funcname && !(ctx->flags & TPARG_FL_TEVENT)))
+ if (!ctx->funcname && !(ctx->flags & TPARG_FL_TEVENT))
return -EINVAL;
is_ptr = split_next_field(varname, &field, ctx);
@@ -1068,8 +1064,14 @@ static int parse_probe_vars(char *orig_arg, const struct fetch_type *t,
int len;
if (ctx->flags & TPARG_FL_TEVENT) {
- if (parse_trace_event(arg, code, ctx) < 0)
+ if (parse_trace_event(arg, code, ctx) < 0) {
+ /* 'comm' should be checked after field parsing. */
+ if (strcmp(arg, "comm") == 0 || strcmp(arg, "COMM") == 0) {
+ code->op = FETCH_OP_COMM;
+ return 0;
+ }
goto inval;
+ }
return 0;
}
@@ -1241,6 +1243,7 @@ parse_probe_arg(char *arg, const struct fetch_type *type,
code->op = FETCH_OP_FOFFS;
code->immediate = (unsigned long)offset; // imm64?
+ offset = 0;
} else {
/* uprobes don't support symbols */
if (!(ctx->flags & TPARG_FL_KERNEL)) {
diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h
index 15758cc11fc6..0f09f7aaf93f 100644
--- a/kernel/trace/trace_probe.h
+++ b/kernel/trace/trace_probe.h
@@ -511,7 +511,7 @@ extern int traceprobe_define_arg_fields(struct trace_event_call *event_call,
C(NO_RETVAL, "This function returns 'void' type"), \
C(BAD_STACK_NUM, "Invalid stack number"), \
C(BAD_ARG_NUM, "Invalid argument number"), \
- C(BAD_VAR, "Invalid $-valiable specified"), \
+ C(BAD_VAR, "Invalid $-variable specified"), \
C(BAD_REG_NAME, "Invalid register name"), \
C(BAD_MEM_ADDR, "Invalid memory address"), \
C(BAD_IMM, "Invalid immediate value"), \