On Sat, 30 May 2026 23:14:27 +0900 Masami Hiramatsu (Google) <[email protected]> wrote:
> Thanks, and Sashiko reviewed this. > > https://sashiko.dev/#/patchset/20260529110442.0967a64c%40fedora > > I think both comments are valid, especially, second one is important. Hmm, comment below. > > BTW, I updated probes/fixes. Could you also update this and rebase > on probes/fixes branch? > > I'm working on the nesting and container_of support patches which > are on top of this. OK, I'll make sure to use your probes branch. Which one should I use? your probes/for-next or probes/urgent? As for sashiko's comments: > commit c8393ea9936934c16ba2881d9e7b3cce86c678ff > Author: Steven Rostedt <[email protected]> > [PATCH v7] tracing/eprobes: Allow use of BTF names to dereference pointers > This commit introduces syntax to allow event probes to typecast pointer > fields to a structure using BTF. This enables dereferencing structures > using BTF names rather than having to manually calculate offsets. > > diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c > > index 39f040c863e85..0e87409a44033 100644 > > --- a/kernel/trace/trace_probe.c > > +++ b/kernel/trace/trace_probe.c > [ ... ] > > @@ -640,7 +673,7 @@ static int parse_btf_arg(char *varname, > > int i, is_ptr, ret; > > u32 tid; > > > > - if (WARN_ON_ONCE(!ctx->funcname)) > > + if (WARN_ON_ONCE(!ctx->funcname && !(ctx->flags & TPARG_FL_TEVENT))) > > return -EINVAL; > > > > is_ptr = split_next_field(varname, &field, ctx); > > @@ -653,6 +686,16 @@ static int parse_btf_arg(char *varname, > > return -EOPNOTSUPP; > > } > > > > + if (ctx->flags & TPARG_FL_TEVENT) { > > + ret = parse_trace_event(varname, code, ctx); > > + if (ret < 0) > > + return ret; > Does this silently drop the error on parsing failure? > If parse_trace_event() fails and returns -EINVAL, it appears this path > returns the error without logging it. > Unlike parse_probe_vars(), which explicitly logs the failure when > parse_trace_event() fails, this path bypasses the log. Could this make > it difficult to debug invalid typecast expressions since nothing is written > to tracing/error_log? Hmm, I guess I can put an error log here, as this is a unique path. > > + if (WARN_ON_ONCE(!(ctx->flags & TPARG_FL_TYPECAST))) > > + return -EINVAL; > > + type = ctx->last_struct; > > + goto found_type; > > + } > > + > > if (ctx->flags & TPARG_FL_RETURN && !strcmp(varname, "$retval")) { > > code->op = FETCH_OP_RETVAL; > [ ... ] > > @@ -758,7 +802,71 @@ static int parse_btf_bitfield(struct fetch_insn > > **pcode, > > return 0; > > } > > > > -#else > > +static int query_btf_struct(const char *sname, struct > > traceprobe_parse_context *ctx) > [ ... ] > > +static int handle_typecast(char *arg, struct fetch_insn **pcode, > > + struct fetch_insn *end, > > + struct traceprobe_parse_context *ctx) > > +{ > > + char *tmp; > > + int ret; > > + > > + /* Currently this only works for eprobes */ > > + if (!(ctx->flags & TPARG_FL_TEVENT)) { > > + trace_probe_log_err(ctx->offset, TYPECAST_NOT_EVENT); > > + return -EINVAL; > > + } > > + > > + tmp = strchr(arg, ')'); > > + if (!tmp) { > > + trace_probe_log_err(ctx->offset + strlen(arg), > > + DEREF_OPEN_BRACE); > > + return -EINVAL; > > + } > > + *tmp = '\0'; > > + ret = query_btf_struct(arg + 1, ctx); > > + *tmp = ')'; > > + > > + if (ret < 0) { > > + trace_probe_log_err(ctx->offset + 1, NO_PTR_STRCT); > > + ret = -EINVAL; > > + goto out_put; > > + } > > + > > + ctx->flags |= TPARG_FL_TYPECAST; > > + tmp++; > > + > > + ctx->offset += tmp - arg; > > + ret = parse_btf_arg(tmp, pcode, end, ctx); > > + ctx->flags &= ~TPARG_FL_TYPECAST; > > + ctx->last_struct = NULL; > > +out_put: > > + btf_put(ctx->struct_btf); > Does this prematurely release the BTF struct reference? > If TPARG_FL_TYPECAST is unset here and ctx->struct_btf is put, won't > later steps in traceprobe_parse_probe_arg_body() (like > find_fetch_type_from_btf_type()) fail to properly infer struct field sizes? > When ctx_btf(ctx) is called later without TPARG_FL_TYPECAST set, it > will evaluate to ctx->btf (which is NULL for eprobes). > Could this potentially lead to silent defaults, such as 64-bit reads for > smaller fields, or fail to inject pointer dereferences for string fields, > while also leaving ctx->last_type pointing to a prematurely released BTF > object? Does this mean we need to set ctx->last_type to NULL here too? Because everything above is pretty much the expected behavior. The put is *not* premature. The last_struct and struct_btf are both set to NULL. I guess the only thing missing is to reset last_type as well. -- Steve > > + ctx->struct_btf = NULL; > > + return ret; > > +} > > + > > +#else /* !CONFIG_PROBE_EVENTS_BTF_ARGS */
