From nobody Mon Jun 8 09:48:04 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8BAA433BBD0 for ; Sat, 30 May 2026 00:00:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780099205; cv=none; b=hmYmMHhxO1m/T2FI+jabJLBWzMKDLVRXyM8egeObAIF+tS8Ali7IocXkH9UehMa1Qi9msFmgEVcOQTMBdXL+iD0t1wYUJkloKLXWRIowYEH5jl0QKcfNL7Q+UpvB7+wW5fbRh22WIWIg4BjMdBnGjf2bHY7eeSlajd+z05KyuEE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780099205; c=relaxed/simple; bh=sLemg9UAdcWZK2lA9bWEvdkKOxnaos4X56QD8DbKB0E=; h=Message-ID:Date:From:To:Cc:Subject:References:MIME-Version: Content-Type; b=KkubYOkhYEF1nlJdG4NI0JzOXqZAhws1f1TN36HD3mqmuqNsOUC/nkIiiFwX3Z5aIarTIbFF4FovG1WDbRDQB36tQ89bc+OOS+sU7Knxn7MjVmZJUnSmQ9iR8zXD6QxITBNVgpi6c8+yqiHefNdpPP5ZOL7gCll8rfdAFIbiELY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=J+sBvwKW; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="J+sBvwKW" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2075D1F00898; Sat, 30 May 2026 00:00:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780099204; bh=jPrHhKdNAETVQNB/XRk5rg+j22AGXowR7boMo1/GFGY=; h=Date:From:To:Cc:Subject:References; b=J+sBvwKWgNrilflR20RC5Pu/usRXb/MYQSYseF3RC4ZmrHAt90ArqHV5jiutoQkqC GJDaxhzPQ32f9xwzQQbKagDn5x4Z09oYlPv+ZGHnJ5LeU/6xCG/cMqhQEql6iJVbTV 842xdtlVHrlg3foI+cBD58kT3Zy6huY6BIxQt2pqgdtJROvUVF2LuqzqofmhA6ZKPr cL0RReNTMF+aEfP6L09R539LkzfD8wRvqnMKDId6dqKiCRt+3abr9GQz+OABMf82o1 uGSqLsSX7GeMP8VcUc9khC6V6OMwAGuLztxNedKVgrazx5QnqmrYxv/UyVDnBoT2Y7 sQZpTqmeHmn+Q== Received: from rostedt by gandalf with local (Exim 4.99.2) (envelope-from ) id 1wT788-0000000AgCe-14tB; Fri, 29 May 2026 20:00:44 -0400 Message-ID: <20260530000044.115133217@kernel.org> User-Agent: quilt/0.69 Date: Fri, 29 May 2026 20:00:30 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Mathieu Desnoyers , Andrew Morton , Rosen Penev Subject: [for-next][PATCH 1/3] tracing: Turn hist_elt_data field_var_str into a flexible array References: <20260530000029.648858285@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Rosen Penev The field_var_str array was allocated separately via kcalloc() with its length already known at elt_data allocation time. Convert it to a flexible array member and fold the two allocations into a single kzalloc_flex(), reordering hist_trigger_elt_data_alloc() so n_str is computed and bounds-checked before the struct allocation. hist_elt_data is only reached through tracing_map_elt::private_data (a void *), never embedded, so adding a FAM imposes no tail-position constraint on any enclosing struct. Added __counted_by for extra runtime analysis. Link: https://patch.msgid.link/20260522214407.18120-1-rosenp@gmail.com Assisted-by: Claude:Opus-4.7 Signed-off-by: Rosen Penev Signed-off-by: Steven Rostedt --- kernel/trace/trace_events_hist.c | 31 +++++++++++-------------------- 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_h= ist.c index 9701650c89b2..82ce492ab268 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -683,8 +683,8 @@ struct track_data { struct hist_elt_data { char *comm; u64 *var_ref_vals; - char **field_var_str; int n_field_var_str; + char *field_var_str[] __counted_by(n_field_var_str); }; =20 struct snapshot_context { @@ -1629,8 +1629,6 @@ static void hist_elt_data_free(struct hist_elt_data *= elt_data) for (i =3D 0; i < elt_data->n_field_var_str; i++) kfree(elt_data->field_var_str[i]); =20 - kfree(elt_data->field_var_str); - kfree(elt_data->comm); kfree(elt_data); } @@ -1650,10 +1648,19 @@ static int hist_trigger_elt_data_alloc(struct traci= ng_map_elt *elt) struct hist_field *hist_field; unsigned int i, n_str; =20 - elt_data =3D kzalloc_obj(*elt_data); + BUILD_BUG_ON(STR_VAR_LEN_MAX & (sizeof(u64) - 1)); + + n_str =3D hist_data->n_field_var_str + hist_data->n_save_var_str + + hist_data->n_var_str; + if (n_str > SYNTH_FIELDS_MAX) + return -EINVAL; + + elt_data =3D kzalloc_flex(*elt_data, field_var_str, n_str); if (!elt_data) return -ENOMEM; =20 + elt_data->n_field_var_str =3D n_str; + for_each_hist_field(i, hist_data) { hist_field =3D hist_data->fields[i]; =20 @@ -1667,24 +1674,8 @@ static int hist_trigger_elt_data_alloc(struct tracin= g_map_elt *elt) } } =20 - n_str =3D hist_data->n_field_var_str + hist_data->n_save_var_str + - hist_data->n_var_str; - if (n_str > SYNTH_FIELDS_MAX) { - hist_elt_data_free(elt_data); - return -EINVAL; - } - - BUILD_BUG_ON(STR_VAR_LEN_MAX & (sizeof(u64) - 1)); - size =3D STR_VAR_LEN_MAX; =20 - elt_data->field_var_str =3D kcalloc(n_str, sizeof(char *), GFP_KERNEL); - if (!elt_data->field_var_str) { - hist_elt_data_free(elt_data); - return -EINVAL; - } - elt_data->n_field_var_str =3D n_str; - for (i =3D 0; i < n_str; i++) { elt_data->field_var_str[i] =3D kzalloc(size, GFP_KERNEL); if (!elt_data->field_var_str[i]) { --=20 2.53.0 From nobody Mon Jun 8 09:48:04 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 61AE53563D4 for ; Sat, 30 May 2026 00:00:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780099205; cv=none; b=LUDUL3wA3qmAbODxa17jgChYI5BNZhhNWFrnzOmEgSkwjrlEytphnmx4IM1oWQRkp7hu18UQ769cCbTuM3lscdVM4BCC+jv19jdvj7KKfrgCqBhgUpo6yZmD1lOAkXdbneISsOej/Ke0ZwAh6O/9Ft3ZH5LRW7cMYhLmR5JAweM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780099205; c=relaxed/simple; bh=fOoFN8gdIBsh8ofglyDO9cIc5uaCrsMStvBK2E0maME=; h=Message-ID:Date:From:To:Cc:Subject:References:MIME-Version: Content-Type; b=Tm+qBINBy6AhejQ1w/sSRruXxXNd+EUrFLjkwz/ZMmmCzokRQqLkUFAqvA5br0kBLz93CDcJH9/HSZRBPCPdOAXh18TmD5cakjBo1Et5k37EFLTQZZSnWG6qcitaSXmgaNPGm6fWjb1ZtWRrvzfUpzDuOC686LjZBe5om7If7oY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=nE0pJYXJ; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="nE0pJYXJ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4799E1F0089B; Sat, 30 May 2026 00:00:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780099204; bh=xnhUgr8tKSSDRUYSxI6lXMXurP+1cYyfy+Ax/U/a99M=; h=Date:From:To:Cc:Subject:References; b=nE0pJYXJUVKfZokdVOCrMRQoVu4MgCwTAqWaFJYN38mr7odATKcXItDdb4pr+Fc+R 466XaV6t8sFvbW8G17H+2ttgXF5zNsfptUFRZXtvZKi3CX54Vn6t9MhcrtBdDzh4as gJ9s1pnOU0QDA0Q5eiYK+VcrNj+zRcpOKRhNnDMLCI2/0p6JUbA/RLmua5vx0LvKgH 6AXED2/1zkYbspD0+gWYb3eUthdEr4yY81QXORMMjRg+K6sW6o3tTbgXOEJCBHhZk6 Zh/H0gY9UcFX97Bod/F/mAuJktf5t27I6LKh1KNc4I3Lc5swLB9RLSW+cAK4w0xowt 3AJuwKGuP8LOQ== Received: from rostedt by gandalf with local (Exim 4.99.2) (envelope-from ) id 1wT788-0000000AgD8-1jVq; Fri, 29 May 2026 20:00:44 -0400 Message-ID: <20260530000044.276359018@kernel.org> User-Agent: quilt/0.69 Date: Fri, 29 May 2026 20:00:31 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Mathieu Desnoyers , Andrew Morton , Karl Mehltretter Subject: [for-next][PATCH 2/3] tracing: Disable KCOV instrumentation for trace_irqsoff.o References: <20260530000029.648858285@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Karl Mehltretter When KCOV runs its boot selftest with whole-kernel instrumentation enabled, it sets current->kcov_mode to KCOV_MODE_TRACE_PC without installing a coverage area. Any instrumented code accepted as task-context coverage in that window dereferences current->kcov_area and crashes. On ARMv5 Versatile PB with CONFIG_KCOV_SELFTEST=3Dy, CONFIG_KCOV_INSTRUMENT_ALL=3Dy and CONFIG_IRQSOFF_TRACER=3Dy, boot hits a NULL pointer fault during the selftest: kcov: running self test Internal error: Oops: 5 [#1] ARM PC is at __sanitizer_cov_trace_pc+0x4c/0x90 Kernel panic - not syncing: Fatal exception A diagnostic run showed the unwanted coverage comes from the IRQs-off tracer callbacks reached from ARM IRQ entry before hardirq context is visible to KCOV: __sanitizer_cov_trace_pc from tracer_hardirqs_off+0x18/0x1cc tracer_hardirqs_off from trace_hardirqs_off+0x34/0x54 trace_hardirqs_off from __irq_svc+0x58/0xb0 __irq_svc from kcov_init+0x7c/0xdc and similarly through tracer_hardirqs_on(). trace_preemptirq.o is already excluded because this tracing path can run from early interrupt code and produce coverage unrelated to syscall inputs. Exclude trace_irqsoff.o as well, instead of requiring users to turn off CONFIG_KCOV_INSTRUMENT_ALL=3Dy, which is the default whole-kernel KCOV mode. With the exclusion in place, the same ARMv5 Versatile PB QEMU test boots through the KCOV selftest and reaches userspace. Tested on ARMv5 Versatile PB QEMU with CONFIG_KCOV_SELFTEST=3Dy, CONFIG_KCOV_INSTRUMENT_ALL=3Dy and CONFIG_IRQSOFF_TRACER=3Dy. Link: https://patch.msgid.link/20260525170428.67211-1-kmehltretter@gmail.com Assisted-by: Codex:gpt-5 Signed-off-by: Karl Mehltretter Signed-off-by: Steven Rostedt --- kernel/trace/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kernel/trace/Makefile b/kernel/trace/Makefile index 9b0834134cae..660675e1d426 100644 --- a/kernel/trace/Makefile +++ b/kernel/trace/Makefile @@ -48,9 +48,10 @@ ifdef CONFIG_GCOV_PROFILE_FTRACE GCOV_PROFILE :=3D y endif =20 -# Functions in this file could be invoked from early interrupt -# code and produce random code coverage. +# Functions in these files can run from IRQ entry before hardirq context +# is visible to KCOV, and produce coverage unrelated to syscall inputs. KCOV_INSTRUMENT_trace_preemptirq.o :=3D n +KCOV_INSTRUMENT_trace_irqsoff.o :=3D n =20 CFLAGS_bpf_trace.o :=3D -I$(src) =20 --=20 2.53.0 From nobody Mon Jun 8 09:48:04 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 81B2A330D4C for ; Sat, 30 May 2026 00:00:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780099205; cv=none; b=E9GHofg9y/dICFa+9lSaFF+ZMlOCV0QB7PHcteZpaXgPA7XOKfdCCQNNplMlfNh1jyFLLRri67K7+wrgpLhsGA5J4qYuOGEWHGNaizPNyJcKfvO9cGvhy3xVN1IwfBgMVntu89T+k6FgFmNHzGjpoiVEhoG51A8hgftYeFrvf3U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780099205; c=relaxed/simple; bh=1rPIFPNC1B/eNQ0FrJ53quiwOvorrOn2OagZSjjE+jM=; h=Message-ID:Date:From:To:Cc:Subject:References:MIME-Version: Content-Type; b=ej7k6ZSYKmRhLryvIToiZOCBkhlbBtorvQjz7LzyGgD6bwLL987MYjWjff6v3TodfKF/QI/zYvPMjHQJdu6QRzKsHcyU0LSaS9KJwwKAHu2rOcy2qUThnTHCdClH9jdirU1kHaxUZiuNl5tbab7gL7UgpddGe4y2a7/La+qOGrk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=AjAyokTe; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="AjAyokTe" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 63B491F0089D; Sat, 30 May 2026 00:00:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780099204; bh=mLzlMTZL1EhYOfs566k/d5qHrckzkqW2i4ea3o5O3qc=; h=Date:From:To:Cc:Subject:References; b=AjAyokTeXKV9PlOud3rJohTAb5EBsqwEydk1HLaIaJOMV8l49T2bmmQztz6g5i8Fy cRDJR1xdyZtgwk24ximI5jz0hQQtPGbirCWyFnDIvytX0UB8gDyKKM2gl6Z/A9Pq1g gQM7K8S76aOjkIabLPi/F5svn6lqFQQfuCDeovE3FvO7FAnNtoLOuD7xxnMCjflC1o dsSrcnHAXQl1Q5MqS2UCjantTgfM6iSeJn3OEkc0LP7oV3rpWzu00odX+ahI+Eh7mY PVtCb5UNJy0KfxuvIgewF4TVGuO+CL2cmSwL2mPMQ4PTayd1dJR4KqXtSZpG2dB/LU CHMkQK1izcCAg== Received: from rostedt by gandalf with local (Exim 4.99.2) (envelope-from ) id 1wT788-0000000AgDc-2PhG; Fri, 29 May 2026 20:00:44 -0400 Message-ID: <20260530000044.431608744@kernel.org> User-Agent: quilt/0.69 Date: Fri, 29 May 2026 20:00:32 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Mathieu Desnoyers , Andrew Morton , Rik van Riel Subject: [for-next][PATCH 3/3] perf/ftrace: Fix WARNING in __unregister_ftrace_function References: <20260530000029.648858285@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Rik van Riel perf_ftrace_function_unregister() unconditionally calls unregister_ftrace_function() without checking whether the ftrace_ops was ever successfully registered. This triggers a WARN_ON in __unregister_ftrace_function() when the ops doesn't have FTRACE_OPS_FL_ENABLED set. This can happen during perf_event_alloc() error cleanup when perf_trace_destroy() is called via __free_event() on an event whose ftrace_ops registration failed or was already torn down by perf_try_init_event()'s err_destroy path. The call path is: perf_event_alloc() error cleanup -> __free_event() -> event->destroy() [tp_perf_event_destroy] -> perf_trace_destroy() -> perf_trace_event_close() -> TRACE_REG_PERF_CLOSE -> perf_ftrace_function_unregister() -> unregister_ftrace_function() -> __unregister_ftrace_function() -> WARN_ON(!(ops->flags & FTRACE_OPS_FL_ENABLED)) Fix this by checking FTRACE_OPS_FL_ENABLED before attempting to unregister. If the ops is not enabled, just free the filter and return success. Link: https://patch.msgid.link/20260527111301.2d0d8256@fangorn Signed-off-by: Rik van Riel Signed-off-by: Steven Rostedt --- kernel/trace/trace_event_perf.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_per= f.c index a6bb7577e8c5..5b272856e5ab 100644 --- a/kernel/trace/trace_event_perf.c +++ b/kernel/trace/trace_event_perf.c @@ -497,7 +497,17 @@ static int perf_ftrace_function_register(struct perf_e= vent *event) static int perf_ftrace_function_unregister(struct perf_event *event) { struct ftrace_ops *ops =3D &event->ftrace_ops; - int ret =3D unregister_ftrace_function(ops); + int ret =3D 0; + + /* + * Perf will call this unconditionally even if the ops is not + * enabled. The unregister_ftrace_function() will warn if called + * when not enabled. Just bypass the unregistering if ops isn't + * enabled here. + */ + if (ops->flags & FTRACE_OPS_FL_ENABLED) + ret =3D unregister_ftrace_function(ops); + ftrace_free_filter(ops); return ret; } --=20 2.53.0