Increase the lifetime of parsed BTF in resolve_btfids by factoring
load_btf() routine out of symbols_resolve() and storing the base_btf
and btf pointers in the struct object.
Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev>
---
tools/bpf/resolve_btfids/main.c | 47 ++++++++++++++++++++++++---------
1 file changed, 34 insertions(+), 13 deletions(-)
diff --git a/tools/bpf/resolve_btfids/main.c b/tools/bpf/resolve_btfids/main.c
index 164f0c941f04..b4caae1170dd 100644
--- a/tools/bpf/resolve_btfids/main.c
+++ b/tools/bpf/resolve_btfids/main.c
@@ -116,6 +116,9 @@ struct object {
const char *btf_path;
const char *base_btf_path;
+ struct btf *btf;
+ struct btf *base_btf;
+
struct {
int fd;
Elf *elf;
@@ -529,16 +532,10 @@ static int symbols_collect(struct object *obj)
return 0;
}
-static int symbols_resolve(struct object *obj)
+static int load_btf(struct object *obj)
{
- int nr_typedefs = obj->nr_typedefs;
- int nr_structs = obj->nr_structs;
- int nr_unions = obj->nr_unions;
- int nr_funcs = obj->nr_funcs;
- struct btf *base_btf = NULL;
- int err, type_id;
- struct btf *btf;
- __u32 nr_types;
+ struct btf *base_btf = NULL, *btf = NULL;
+ int err;
if (obj->base_btf_path) {
base_btf = btf__parse(obj->base_btf_path, NULL);
@@ -546,7 +543,7 @@ static int symbols_resolve(struct object *obj)
if (err) {
pr_err("FAILED: load base BTF from %s: %s\n",
obj->base_btf_path, strerror(-err));
- return -1;
+ goto out_err;
}
}
@@ -555,9 +552,30 @@ static int symbols_resolve(struct object *obj)
if (err) {
pr_err("FAILED: load BTF from %s: %s\n",
obj->btf_path ?: obj->path, strerror(-err));
- goto out;
+ goto out_err;
}
+ obj->base_btf = base_btf;
+ obj->btf = btf;
+
+ return 0;
+
+out_err:
+ btf__free(base_btf);
+ btf__free(btf);
+ return err;
+}
+
+static int symbols_resolve(struct object *obj)
+{
+ int nr_typedefs = obj->nr_typedefs;
+ int nr_structs = obj->nr_structs;
+ int nr_unions = obj->nr_unions;
+ int nr_funcs = obj->nr_funcs;
+ struct btf *btf = obj->btf;
+ int err, type_id;
+ __u32 nr_types;
+
err = -1;
nr_types = btf__type_cnt(btf);
@@ -615,8 +633,6 @@ static int symbols_resolve(struct object *obj)
err = 0;
out:
- btf__free(base_btf);
- btf__free(btf);
return err;
}
@@ -824,6 +840,9 @@ int main(int argc, const char **argv)
if (symbols_collect(&obj))
goto out;
+ if (load_btf(&obj))
+ goto out;
+
if (symbols_resolve(&obj))
goto out;
@@ -833,6 +852,8 @@ int main(int argc, const char **argv)
if (!(fatal_warnings && warnings))
err = 0;
out:
+ btf__free(obj.base_btf);
+ btf__free(obj.btf);
if (obj.efile.elf) {
elf_end(obj.efile.elf);
close(obj.efile.fd);
--
2.52.0On Fri, 2025-12-05 at 14:30 -0800, Ihor Solodrai wrote: > Increase the lifetime of parsed BTF in resolve_btfids by factoring > load_btf() routine out of symbols_resolve() and storing the base_btf > and btf pointers in the struct object. > > Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev> > --- Acked-by: Eduard Zingerman <eddyz87@gmail.com>
> diff --git a/tools/bpf/resolve_btfids/main.c b/tools/bpf/resolve_btfids/main.c
> index 164f0c941f04..b4caae1170dd 100644
> --- a/tools/bpf/resolve_btfids/main.c
> +++ b/tools/bpf/resolve_btfids/main.c
[ ... ]
> @@ -529,16 +532,10 @@ static int symbols_collect(struct object *obj)
> return 0;
> }
>
> -static int symbols_resolve(struct object *obj)
> +static int load_btf(struct object *obj)
> {
> - int nr_typedefs = obj->nr_typedefs;
> - int nr_structs = obj->nr_structs;
> - int nr_unions = obj->nr_unions;
> - int nr_funcs = obj->nr_funcs;
> - struct btf *base_btf = NULL;
> - int err, type_id;
> - struct btf *btf;
> - __u32 nr_types;
> + struct btf *base_btf = NULL, *btf = NULL;
> + int err;
>
> if (obj->base_btf_path) {
> base_btf = btf__parse(obj->base_btf_path, NULL);
> err = libbpf_get_error(base_btf);
> if (err) {
> pr_err("FAILED: load base BTF from %s: %s\n",
> obj->base_btf_path, strerror(-err));
> - return -1;
> + goto out_err;
> }
> }
>
> btf = btf__parse_split(obj->btf_path ?: obj->path, base_btf);
> err = libbpf_get_error(btf);
> if (err) {
> pr_err("FAILED: load BTF from %s: %s\n",
> obj->btf_path ?: obj->path, strerror(-err));
> - goto out;
> + goto out_err;
> }
>
> + obj->base_btf = base_btf;
> + obj->btf = btf;
> +
> + return 0;
> +
> +out_err:
> + btf__free(base_btf);
> + btf__free(btf);
> + return err;
Can btf__free() safely handle ERR_PTR values here?
When btf__parse() fails on line 541, it returns ERR_PTR(-err), and
libbpf_get_error() extracts the error code, but base_btf still holds
the ERR_PTR value. The error path then calls btf__free(base_btf)
where base_btf is ERR_PTR rather than NULL or a valid pointer.
The same issue occurs if btf__parse_split() fails on line 550, where
btf contains ERR_PTR when btf__free(btf) is called.
In the old code at symbols_resolve(), if base_btf was ERR_PTR, the
function would return -1 immediately without calling btf__free(),
avoiding this issue. The new error handling with goto out_err changes
this behavior.
> +}
> +
> +static int symbols_resolve(struct object *obj)
> +{
> + int nr_typedefs = obj->nr_typedefs;
> + int nr_structs = obj->nr_structs;
> + int nr_unions = obj->nr_unions;
> + int nr_funcs = obj->nr_funcs;
> + struct btf *btf = obj->btf;
> + int err, type_id;
> + __u32 nr_types;
> +
> err = -1;
> nr_types = btf__type_cnt(btf);
[ ... ]
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/19978081551
On 12/5/25 2:57 PM, bot+bpf-ci@kernel.org wrote:
>> diff --git a/tools/bpf/resolve_btfids/main.c b/tools/bpf/resolve_btfids/main.c
>> index 164f0c941f04..b4caae1170dd 100644
>> --- a/tools/bpf/resolve_btfids/main.c
>> +++ b/tools/bpf/resolve_btfids/main.c
>
> [ ... ]
>
>> @@ -529,16 +532,10 @@ static int symbols_collect(struct object *obj)
>> return 0;
>> }
>>
>> -static int symbols_resolve(struct object *obj)
>> +static int load_btf(struct object *obj)
>> {
>> - int nr_typedefs = obj->nr_typedefs;
>> - int nr_structs = obj->nr_structs;
>> - int nr_unions = obj->nr_unions;
>> - int nr_funcs = obj->nr_funcs;
>> - struct btf *base_btf = NULL;
>> - int err, type_id;
>> - struct btf *btf;
>> - __u32 nr_types;
>> + struct btf *base_btf = NULL, *btf = NULL;
>> + int err;
>>
>> if (obj->base_btf_path) {
>> base_btf = btf__parse(obj->base_btf_path, NULL);
>> err = libbpf_get_error(base_btf);
>> if (err) {
>> pr_err("FAILED: load base BTF from %s: %s\n",
>> obj->base_btf_path, strerror(-err));
>> - return -1;
>> + goto out_err;
>> }
>> }
>>
>> btf = btf__parse_split(obj->btf_path ?: obj->path, base_btf);
>> err = libbpf_get_error(btf);
>> if (err) {
>> pr_err("FAILED: load BTF from %s: %s\n",
>> obj->btf_path ?: obj->path, strerror(-err));
>> - goto out;
>> + goto out_err;
>> }
>>
>> + obj->base_btf = base_btf;
>> + obj->btf = btf;
>> +
>> + return 0;
>> +
>> +out_err:
>> + btf__free(base_btf);
>> + btf__free(btf);
>> + return err;
>
> Can btf__free() safely handle ERR_PTR values here?
>
> When btf__parse() fails on line 541, it returns ERR_PTR(-err), and
> libbpf_get_error() extracts the error code, but base_btf still holds
> the ERR_PTR value. The error path then calls btf__free(base_btf)
> where base_btf is ERR_PTR rather than NULL or a valid pointer.
>
> The same issue occurs if btf__parse_split() fails on line 550, where
> btf contains ERR_PTR when btf__free(btf) is called.
>
> In the old code at symbols_resolve(), if base_btf was ERR_PTR, the
> function would return -1 immediately without calling btf__free(),
> avoiding this issue. The new error handling with goto out_err changes
> this behavior.
That's a good observation. Interesting that AI noticed this only on
third try, probably due to changes in prompts.
btf__free() checks for error values [1], so this is not an issue.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/lib/bpf/btf.c?h=v6.18#n968
>
>> +}
>> +
>> +static int symbols_resolve(struct object *obj)
>> +{
>> + int nr_typedefs = obj->nr_typedefs;
>> + int nr_structs = obj->nr_structs;
>> + int nr_unions = obj->nr_unions;
>> + int nr_funcs = obj->nr_funcs;
>> + struct btf *btf = obj->btf;
>> + int err, type_id;
>> + __u32 nr_types;
>> +
>> err = -1;
>> nr_types = btf__type_cnt(btf);
>
> [ ... ]
>
>
> ---
> AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
> See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
>
> CI run summary: https://github.com/kernel-patches/bpf/actions/runs/19978081551
On 12/5/25 6:12 PM, Ihor Solodrai wrote:
> On 12/5/25 2:57 PM, bot+bpf-ci@kernel.org wrote:
>>> diff --git a/tools/bpf/resolve_btfids/main.c b/tools/bpf/resolve_btfids/main.c
>>> index 164f0c941f04..b4caae1170dd 100644
>>> --- a/tools/bpf/resolve_btfids/main.c
>>> +++ b/tools/bpf/resolve_btfids/main.c
>>
>> [ ... ]
>>
>>> @@ -529,16 +532,10 @@ static int symbols_collect(struct object *obj)
>>> return 0;
>>> }
>>>
>>> -static int symbols_resolve(struct object *obj)
>>> +static int load_btf(struct object *obj)
>>> {
>>> - int nr_typedefs = obj->nr_typedefs;
>>> - int nr_structs = obj->nr_structs;
>>> - int nr_unions = obj->nr_unions;
>>> - int nr_funcs = obj->nr_funcs;
>>> - struct btf *base_btf = NULL;
>>> - int err, type_id;
>>> - struct btf *btf;
>>> - __u32 nr_types;
>>> + struct btf *base_btf = NULL, *btf = NULL;
>>> + int err;
>>>
>>> if (obj->base_btf_path) {
>>> base_btf = btf__parse(obj->base_btf_path, NULL);
>>> err = libbpf_get_error(base_btf);
>>> if (err) {
>>> pr_err("FAILED: load base BTF from %s: %s\n",
>>> obj->base_btf_path, strerror(-err));
>>> - return -1;
>>> + goto out_err;
>>> }
>>> }
>>>
>>> btf = btf__parse_split(obj->btf_path ?: obj->path, base_btf);
>>> err = libbpf_get_error(btf);
>>> if (err) {
>>> pr_err("FAILED: load BTF from %s: %s\n",
>>> obj->btf_path ?: obj->path, strerror(-err));
>>> - goto out;
>>> + goto out_err;
>>> }
>>>
>>> + obj->base_btf = base_btf;
>>> + obj->btf = btf;
>>> +
>>> + return 0;
>>> +
>>> +out_err:
>>> + btf__free(base_btf);
>>> + btf__free(btf);
>>> + return err;
>>
>> Can btf__free() safely handle ERR_PTR values here?
>>
>> When btf__parse() fails on line 541, it returns ERR_PTR(-err), and
>> libbpf_get_error() extracts the error code, but base_btf still holds
>> the ERR_PTR value. The error path then calls btf__free(base_btf)
>> where base_btf is ERR_PTR rather than NULL or a valid pointer.
>>
>> The same issue occurs if btf__parse_split() fails on line 550, where
>> btf contains ERR_PTR when btf__free(btf) is called.
>>
>> In the old code at symbols_resolve(), if base_btf was ERR_PTR, the
>> function would return -1 immediately without calling btf__free(),
>> avoiding this issue. The new error handling with goto out_err changes
>> this behavior.
>
> That's a good observation. Interesting that AI noticed this only on
> third try, probably due to changes in prompts.
>
> btf__free() checks for error values [1], so this is not an issue.
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/lib/bpf/btf.c?h=v6.18#n968
>
Hmm, it should have read btf__free() to answer this question on its own.
I'll check a look.
-chris
© 2016 - 2025 Red Hat, Inc.