1. Patchew
  2. linux
  3. View series

[PATCH] maple_tree: fix tracepoint string pointers

Martin Kaiser posted 1 patch 3 months, 1 week ago 
lib/maple_tree.c | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
[PATCH] maple_tree: fix tracepoint string pointers
Posted by Martin Kaiser 3 months, 1 week ago 
maple_tree tracepoints contain pointers to function names. Such a pointer
is saved when a tracepoint logs an event. There's no guarantee that it's
still valid when the event is parsed later and the pointer is dereferenced.

The kernel warns about these unsafe pointers.

	event 'ma_read' has unsafe pointer field 'fn'
	WARNING: kernel/trace/trace.c:3779 at ignore_event+0x1da/0x1e4

Mark the function names as tracepoint_string() to fix the events.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
---
 lib/maple_tree.c | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/lib/maple_tree.c b/lib/maple_tree.c
index 39bb779cb311..5aa4c9500018 100644
--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -64,6 +64,8 @@
 #define CREATE_TRACE_POINTS
 #include <trace/events/maple_tree.h>
 
+#define TP_FCT tracepoint_string(__func__)
+
 /*
  * Kernel pointer hashing renders much of the maple tree dump useless as tagged
  * pointers get hashed to arbitrary values.
@@ -2756,7 +2758,7 @@ static inline void mas_rebalance(struct ma_state *mas,
 	MA_STATE(l_mas, mas->tree, mas->index, mas->last);
 	MA_STATE(r_mas, mas->tree, mas->index, mas->last);
 
-	trace_ma_op(__func__, mas);
+	trace_ma_op(TP_FCT, mas);
 
 	/*
 	 * Rebalancing occurs if a node is insufficient.  Data is rebalanced
@@ -2997,7 +2999,7 @@ static void mas_split(struct ma_state *mas, struct maple_big_node *b_node)
 	MA_STATE(prev_l_mas, mas->tree, mas->index, mas->last);
 	MA_STATE(prev_r_mas, mas->tree, mas->index, mas->last);
 
-	trace_ma_op(__func__, mas);
+	trace_ma_op(TP_FCT, mas);
 
 	mast.l = &l_mas;
 	mast.r = &r_mas;
@@ -3172,7 +3174,7 @@ static bool mas_is_span_wr(struct ma_wr_state *wr_mas)
 			return false;
 	}
 
-	trace_ma_write(__func__, wr_mas->mas, wr_mas->r_max, entry);
+	trace_ma_write(TP_FCT, wr_mas->mas, wr_mas->r_max, entry);
 	return true;
 }
 
@@ -3416,7 +3418,7 @@ static noinline void mas_wr_spanning_store(struct ma_wr_state *wr_mas)
 	 * of data may happen.
 	 */
 	mas = wr_mas->mas;
-	trace_ma_op(__func__, mas);
+	trace_ma_op(TP_FCT, mas);
 
 	if (unlikely(!mas->index && mas->last == ULONG_MAX))
 		return mas_new_root(mas, wr_mas->entry);
@@ -3552,7 +3554,7 @@ static inline void mas_wr_node_store(struct ma_wr_state *wr_mas,
 	} else {
 		memcpy(wr_mas->node, newnode, sizeof(struct maple_node));
 	}
-	trace_ma_write(__func__, mas, 0, wr_mas->entry);
+	trace_ma_write(TP_FCT, mas, 0, wr_mas->entry);
 	mas_update_gap(mas);
 	mas->end = new_end;
 	return;
@@ -3596,7 +3598,7 @@ static inline void mas_wr_slot_store(struct ma_wr_state *wr_mas)
 		mas->offset++; /* Keep mas accurate. */
 	}
 
-	trace_ma_write(__func__, mas, 0, wr_mas->entry);
+	trace_ma_write(TP_FCT, mas, 0, wr_mas->entry);
 	/*
 	 * Only update gap when the new entry is empty or there is an empty
 	 * entry in the original two ranges.
@@ -3717,7 +3719,7 @@ static inline void mas_wr_append(struct ma_wr_state *wr_mas,
 		mas_update_gap(mas);
 
 	mas->end = new_end;
-	trace_ma_write(__func__, mas, new_end, wr_mas->entry);
+	trace_ma_write(TP_FCT, mas, new_end, wr_mas->entry);
 	return;
 }
 
@@ -3731,7 +3733,7 @@ static void mas_wr_bnode(struct ma_wr_state *wr_mas)
 {
 	struct maple_big_node b_node;
 
-	trace_ma_write(__func__, wr_mas->mas, 0, wr_mas->entry);
+	trace_ma_write(TP_FCT, wr_mas->mas, 0, wr_mas->entry);
 	memset(&b_node, 0, sizeof(struct maple_big_node));
 	mas_store_b_node(wr_mas, &b_node, wr_mas->offset_end);
 	mas_commit_b_node(wr_mas, &b_node);
@@ -5062,7 +5064,7 @@ void *mas_store(struct ma_state *mas, void *entry)
 {
 	MA_WR_STATE(wr_mas, mas, entry);
 
-	trace_ma_write(__func__, mas, 0, entry);
+	trace_ma_write(TP_FCT, mas, 0, entry);
 #ifdef CONFIG_DEBUG_MAPLE_TREE
 	if (MAS_WARN_ON(mas, mas->index > mas->last))
 		pr_err("Error %lX > %lX " PTR_FMT "\n", mas->index, mas->last,
@@ -5163,7 +5165,7 @@ void mas_store_prealloc(struct ma_state *mas, void *entry)
 	}
 
 store:
-	trace_ma_write(__func__, mas, 0, entry);
+	trace_ma_write(TP_FCT, mas, 0, entry);
 	mas_wr_store_entry(&wr_mas);
 	MAS_WR_BUG_ON(&wr_mas, mas_is_err(mas));
 	mas_destroy(mas);
@@ -5882,7 +5884,7 @@ void *mtree_load(struct maple_tree *mt, unsigned long index)
 	MA_STATE(mas, mt, index, index);
 	void *entry;
 
-	trace_ma_read(__func__, &mas);
+	trace_ma_read(TP_FCT, &mas);
 	rcu_read_lock();
 retry:
 	entry = mas_start(&mas);
@@ -5925,7 +5927,7 @@ int mtree_store_range(struct maple_tree *mt, unsigned long index,
 	MA_STATE(mas, mt, index, last);
 	int ret = 0;
 
-	trace_ma_write(__func__, &mas, 0, entry);
+	trace_ma_write(TP_FCT, &mas, 0, entry);
 	if (WARN_ON_ONCE(xa_is_advanced(entry)))
 		return -EINVAL;
 
@@ -6148,7 +6150,7 @@ void *mtree_erase(struct maple_tree *mt, unsigned long index)
 	void *entry = NULL;
 
 	MA_STATE(mas, mt, index, index);
-	trace_ma_op(__func__, &mas);
+	trace_ma_op(TP_FCT, &mas);
 
 	mtree_lock(mt);
 	entry = mas_erase(&mas);
@@ -6485,7 +6487,7 @@ void *mt_find(struct maple_tree *mt, unsigned long *index, unsigned long max)
 	unsigned long copy = *index;
 #endif
 
-	trace_ma_read(__func__, &mas);
+	trace_ma_read(TP_FCT, &mas);
 
 	if ((*index) > max)
 		return NULL;
-- 
2.43.7
Re: [PATCH] maple_tree: fix tracepoint string pointers
Posted by Andrew Morton 3 months, 1 week ago 
On Thu, 30 Oct 2025 16:55:05 +0100 Martin Kaiser <martin@kaiser.cx> wrote:

> maple_tree tracepoints contain pointers to function names. Such a pointer
> is saved when a tracepoint logs an event. There's no guarantee that it's
> still valid when the event is parsed later and the pointer is dereferenced.

Oh.

> The kernel warns about these unsafe pointers.
> 
> 	event 'ma_read' has unsafe pointer field 'fn'
> 	WARNING: kernel/trace/trace.c:3779 at ignore_event+0x1da/0x1e4
> 
> Mark the function names as tracepoint_string() to fix the events.
> 
> ...
>  
> -	trace_ma_op(__func__, mas);
> +	trace_ma_op(TP_FCT, mas);
>

What could cause the storage for __func__ to disappear as you suggest?
Re: [PATCH] maple_tree: fix tracepoint string pointers
Posted by Martin Kaiser 3 months, 1 week ago 
Thus wrote Andrew Morton (akpm@linux-foundation.org):

> > -	trace_ma_op(__func__, mas);
> > +	trace_ma_op(TP_FCT, mas);


> What could cause the storage for __func__ to disappear as you suggest?

I see your point. For __func__, the compiler generates a local symbol in
.rodata that should always be accessible by its address.

One case that doesn't work without my patch would be trace-cmd record to save
the binary ringbuffer and trace-cmd report to parse it in userspace. The
address of __func__ can't be dereferenced from userspace but tracepoint_string
will add an entry to /sys/kernel/tracing/printk_formats

Best regards,
Martin
Re: [PATCH] maple_tree: fix tracepoint string pointers
Posted by Liam R. Howlett 3 months, 1 week ago 
* Martin Kaiser <martin@kaiser.cx> [251031 06:23]:
> Thus wrote Andrew Morton (akpm@linux-foundation.org):
> 
> > > -	trace_ma_op(__func__, mas);
> > > +	trace_ma_op(TP_FCT, mas);
> 
> 
> > What could cause the storage for __func__ to disappear as you suggest?
> 
> I see your point. For __func__, the compiler generates a local symbol in
> .rodata that should always be accessible by its address.
> 
> One case that doesn't work without my patch would be trace-cmd record to save
> the binary ringbuffer and trace-cmd report to parse it in userspace. The
> address of __func__ can't be dereferenced from userspace but tracepoint_string
> will add an entry to /sys/kernel/tracing/printk_formats
> 


Thanks.

Is there some way to detect such things at compile?

Acked-by: Liam R. Howlett <Liam.Howlett@oracle.com>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.