1. Patchew
  2. linux
  3. [PATCH 0/2] tracing: Fixes for filter
  4. View patch

[PATCH 1/2] tracing: Handle "(const) char __attribute() *" as string ptr type

Masami Hiramatsu (Google) posted 2 patches 7 months, 1 week ago
[PATCH 1/2] tracing: Handle "(const) char __attribute() *" as string ptr type
Posted by Masami Hiramatsu (Google) 7 months, 1 week ago 
From: Masami Hiramatsu (Google) <mhiramat@kernel.org>

With CONFIG_DEBUG_INFO_BTF=y and PAHOLE_HAS_BTF_TAG=y, `__user` is
converted to `__attribute((btf_type_tag("user")))`. In this case,
some syscall events have `const char __attribute(...) *` for __user
string, like below;

/sys/kernel/tracing # cat events/syscalls/sys_enter_openat/format
name: sys_enter_openat
ID: 720
format:
	field:unsigned short common_type;	offset:0;	size:2;	signed:0;
	field:unsigned char common_flags;	offset:2;	size:1;	signed:0;
	field:unsigned char common_preempt_count;	offset:3;	size:1;	signed:0;
	field:int common_pid;	offset:4;	size:4;	signed:1;

	field:int __syscall_nr;	offset:8;	size:4;	signed:1;
	field:int dfd;	offset:16;	size:8;	signed:0;
	field:const char __attribute__((btf_type_tag("user"))) * filename;	offset:24;	size:8;	signed:0;
	field:int flags;	offset:32;	size:8;	signed:0;
	field:umode_t mode;	offset:40;	size:8;	signed:0;


Then the trace event filter failes to set string acceptable flag
(FILTER_PTR_STRING) and rejects setting string filter;

# echo 'filename.ustring ~ "*ftracetest-dir.wbx24v*"' >> events/syscalls/sys_enter_openat/filter
sh: write error: Invalid argument
 # cat error_log
[  723.743637] event filter parse error: error: Expecting numeric field
  Command: filename.ustring ~ "*ftracetest-dir.wbx24v*"

Handle "(const) char __attribute() *" also as string ptr type.

Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
---
 kernel/trace/trace_events_filter.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
index 3885aadc434d..5e27190a0377 100644
--- a/kernel/trace/trace_events_filter.c
+++ b/kernel/trace/trace_events_filter.c
@@ -1488,6 +1488,11 @@ int filter_assign_type(const char *type)
 	if (strcmp(type, "char *") == 0 || strcmp(type, "const char *") == 0)
 		return FILTER_PTR_STRING;
 
+	/* Ignore attributes */
+	if (glob_match("char __attribute(*) \\*", type) ||
+	    glob_match("const char __attribute(*) \\*", type))
+		return FILTER_PTR_STRING;
+
 	return FILTER_OTHER;
 }
Re: [PATCH 1/2] tracing: Handle "(const) char __attribute() *" as string ptr type
Posted by Masami Hiramatsu (Google) 7 months, 1 week ago 
On Thu,  3 Jul 2025 13:26:35 +0900
"Masami Hiramatsu (Google)" <mhiramat@kernel.org> wrote:

> From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
> 
> With CONFIG_DEBUG_INFO_BTF=y and PAHOLE_HAS_BTF_TAG=y, `__user` is
> converted to `__attribute((btf_type_tag("user")))`. In this case,
> some syscall events have `const char __attribute(...) *` for __user
> string, like below;
> 
> /sys/kernel/tracing # cat events/syscalls/sys_enter_openat/format
> name: sys_enter_openat
> ID: 720
> format:
> 	field:unsigned short common_type;	offset:0;	size:2;	signed:0;
> 	field:unsigned char common_flags;	offset:2;	size:1;	signed:0;
> 	field:unsigned char common_preempt_count;	offset:3;	size:1;	signed:0;
> 	field:int common_pid;	offset:4;	size:4;	signed:1;
> 
> 	field:int __syscall_nr;	offset:8;	size:4;	signed:1;
> 	field:int dfd;	offset:16;	size:8;	signed:0;
> 	field:const char __attribute__((btf_type_tag("user"))) * filename;	offset:24;

Ahh, sorry, it was "__attribute__()" not "__attribute()".

Anyway, I think we should sanitize the __attribute__ from
format.

Thank you,


	size:8;	signed:0;
> 	field:int flags;	offset:32;	size:8;	signed:0;
> 	field:umode_t mode;	offset:40;	size:8;	signed:0;
> 
> 
> Then the trace event filter failes to set string acceptable flag
> (FILTER_PTR_STRING) and rejects setting string filter;
> 
> # echo 'filename.ustring ~ "*ftracetest-dir.wbx24v*"' >> events/syscalls/sys_enter_openat/filter
> sh: write error: Invalid argument
>  # cat error_log
> [  723.743637] event filter parse error: error: Expecting numeric field
>   Command: filename.ustring ~ "*ftracetest-dir.wbx24v*"
> 
> Handle "(const) char __attribute() *" also as string ptr type.
> 
> Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
> ---
>  kernel/trace/trace_events_filter.c |    5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
> index 3885aadc434d..5e27190a0377 100644
> --- a/kernel/trace/trace_events_filter.c
> +++ b/kernel/trace/trace_events_filter.c
> @@ -1488,6 +1488,11 @@ int filter_assign_type(const char *type)
>  	if (strcmp(type, "char *") == 0 || strcmp(type, "const char *") == 0)
>  		return FILTER_PTR_STRING;
>  
> +	/* Ignore attributes */
> +	if (glob_match("char __attribute(*) \\*", type) ||
> +	    glob_match("const char __attribute(*) \\*", type))
> +		return FILTER_PTR_STRING;
> +
>  	return FILTER_OTHER;
>  }
>  
> 


-- 
Masami Hiramatsu (Google) <mhiramat@kernel.org>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.