Re: [PATCH bpf-next v1 04/14] selftests/bpf: Refactor bpf_get_ksyms() trace helper

[Jiri Olsa]

On Tue, Feb 17, 2026 at 12:42:08PM -0800, Ihor Solodrai wrote:
> On 2/12/26 3:29 AM, Jiri Olsa wrote:
> > On Wed, Feb 11, 2026 at 05:13:46PM -0800, Ihor Solodrai wrote:
> >> ASAN reported a memory leak in bpf_get_ksyms(): it allocates a struct
> >> ksyms internally and never frees it.
> >>
> >> Moe struct ksyms to trace_helpers.h and return it from the
> >> bpf_get_ksyms(), giving ownership to the caller. Add filtered_syms and
> >> filtered_cnt fields to the ksyms to hold the filtered array of
> >> symbols, previously returned by bpf_get_ksyms().
> >>
> >> Fixup the call sites: kprobe_multi_test and bench_trigger.
> >>
> >> Signed-off-by: Ihor Solodrai <ihor.solodrai@xxxxxxxxx>
> >> ---
> >>  .../selftests/bpf/benchs/bench_trigger.c      |  9 ++++----
> >>  .../bpf/prog_tests/kprobe_multi_test.c        | 12 ++++------
> >>  tools/testing/selftests/bpf/trace_helpers.c   | 23 ++++++++++---------
> >>  tools/testing/selftests/bpf/trace_helpers.h   | 11 +++++++--
> >>  4 files changed, 30 insertions(+), 25 deletions(-)
> >>
> >> diff --git a/tools/testing/selftests/bpf/benchs/bench_trigger.c b/tools/testing/selftests/bpf/benchs/bench_trigger.c
> >> index aeec9edd3851..7231b88cf21a 100644
> >> --- a/tools/testing/selftests/bpf/benchs/bench_trigger.c
> >> +++ b/tools/testing/selftests/bpf/benchs/bench_trigger.c
> >> @@ -230,8 +230,7 @@ static void trigger_fentry_setup(void)
> >>  static void attach_ksyms_all(struct bpf_program *empty, bool kretprobe)
> >>  {
> >>  	LIBBPF_OPTS(bpf_kprobe_multi_opts, opts);
> >> -	char **syms = NULL;
> >> -	size_t cnt = 0;
> >> +	struct ksyms *ksyms = NULL;
> >>  
> >>  	/* Some recursive functions will be skipped in
> >>  	 * bpf_get_ksyms -> skip_entry, as they can introduce sufficient
> >> @@ -241,13 +240,13 @@ static void attach_ksyms_all(struct bpf_program *empty, bool kretprobe)
> >>  	 * So, don't run the kprobe-multi-all and kretprobe-multi-all on
> >>  	 * a debug kernel.
> >>  	 */
> >> -	if (bpf_get_ksyms(&syms, &cnt, true)) {
> >> +	if (bpf_get_ksyms(&ksyms, true)) {
> >>  		fprintf(stderr, "failed to get ksyms\n");
> >>  		exit(1);
> >>  	}
> >>  
> >> -	opts.syms = (const char **) syms;
> >> -	opts.cnt = cnt;
> >> +	opts.syms = (const char **)ksyms->filtered_syms;
> >> +	opts.cnt = ksyms->filtered_cnt;
> >>  	opts.retprobe = kretprobe;
> >>  	/* attach empty to all the kernel functions except bpf_get_numa_node_id. */
> >>  	if (!bpf_program__attach_kprobe_multi_opts(empty, NULL, &opts)) {
> > 
> > hi,
> > 
> > missing free_kallsyms_local call in here ?
> 
> Yeap, thanks.
> 
> > 
> > 
> >> diff --git a/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c b/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c
> >> index 9caef222e528..f81dcd609ee9 100644
> >> --- a/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c
> >> +++ b/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c
> >> @@ -456,25 +456,23 @@ static void test_kprobe_multi_bench_attach(bool kernel)
> >>  {
> >>  	LIBBPF_OPTS(bpf_kprobe_multi_opts, opts);
> >>  	struct kprobe_multi_empty *skel = NULL;
> >> -	char **syms = NULL;
> >> -	size_t cnt = 0;
> >> +	struct ksyms *ksyms = NULL;
> >>  
> >> -	if (!ASSERT_OK(bpf_get_ksyms(&syms, &cnt, kernel), "bpf_get_ksyms"))
> >> +	if (!ASSERT_OK(bpf_get_ksyms(&ksyms, kernel), "bpf_get_ksyms"))
> >>  		return;
> >>  
> >>  	skel = kprobe_multi_empty__open_and_load();
> >>  	if (!ASSERT_OK_PTR(skel, "kprobe_multi_empty__open_and_load"))
> >>  		goto cleanup;
> >>  
> >> -	opts.syms = (const char **) syms;
> >> -	opts.cnt = cnt;
> >> +	opts.syms = (const char **)ksyms->filtered_syms;
> >> +	opts.cnt = ksyms->filtered_cnt;
> >>  
> >>  	do_bench_test(skel, &opts);
> >>  
> >>  cleanup:
> >>  	kprobe_multi_empty__destroy(skel);
> >> -	if (syms)
> >> -		free(syms);
> >> +	free_kallsyms_local(ksyms);
> >>  }
> >>  
> >>  static void test_kprobe_multi_bench_attach_addr(bool kernel)
> >> diff --git a/tools/testing/selftests/bpf/trace_helpers.c b/tools/testing/selftests/bpf/trace_helpers.c
> >> index eeaab7013ca2..0e63daf83ed5 100644
> >> --- a/tools/testing/selftests/bpf/trace_helpers.c
> >> +++ b/tools/testing/selftests/bpf/trace_helpers.c
> >> @@ -24,12 +24,6 @@
> >>  #define TRACEFS_PIPE	"/sys/kernel/tracing/trace_pipe"
> >>  #define DEBUGFS_PIPE	"/sys/kernel/debug/tracing/trace_pipe"
> >>  
> >> -struct ksyms {
> >> -	struct ksym *syms;
> >> -	size_t sym_cap;
> >> -	size_t sym_cnt;
> >> -};
> >> -
> >>  static struct ksyms *ksyms;
> >>  static pthread_mutex_t ksyms_mutex = PTHREAD_MUTEX_INITIALIZER;
> >>  
> >> @@ -54,6 +48,8 @@ void free_kallsyms_local(struct ksyms *ksyms)
> >>  	if (!ksyms)
> >>  		return;
> >>  
> >> +	free(ksyms->filtered_syms);
> >> +
> >>  	if (!ksyms->syms) {
> >>  		free(ksyms);
> >>  		return;
> >> @@ -610,7 +606,7 @@ static int search_kallsyms_compare(const void *p1, const struct ksym *p2)
> >>  	return compare_name(p1, p2->name);
> >>  }
> >>  
> >> -int bpf_get_ksyms(char ***symsp, size_t *cntp, bool kernel)
> >> +int bpf_get_ksyms(struct ksyms **ksymsp, bool kernel)
> >>  {
> >>  	size_t cap = 0, cnt = 0;
> >>  	char *name = NULL, *ksym_name, **syms = NULL;
> >> @@ -637,8 +633,10 @@ int bpf_get_ksyms(char ***symsp, size_t *cntp, bool kernel)
> >>  	else
> >>  		f = fopen("/sys/kernel/debug/tracing/available_filter_functions", "r");
> >>  
> >> -	if (!f)
> >> +	if (!f) {
> >> +		free_kallsyms_local(ksyms);
> >>  		return -EINVAL;
> >> +	}
> >>  
> >>  	map = hashmap__new(symbol_hash, symbol_equal, NULL);
> >>  	if (IS_ERR(map)) {
> >> @@ -679,15 +677,18 @@ int bpf_get_ksyms(char ***symsp, size_t *cntp, bool kernel)
> >>  		syms[cnt++] = ksym_name;
> >>  	}
> >>  
> >> -	*symsp = syms;
> >> -	*cntp = cnt;
> >> +	ksyms->filtered_syms = syms;
> >> +	ksyms->filtered_cnt = cnt;
> >> +	*ksymsp = ksyms;
> >>  
> >>  error:
> >>  	free(name);
> >>  	fclose(f);
> >>  	hashmap__free(map);
> >> -	if (err)
> >> +	if (err) {
> >>  		free(syms);
> >> +		free_kallsyms_local(ksyms);
> >> +	}
> > 
> > I think we could just call free_kallsyms_local unconditionally in here
> > and fix callers to free syms pointer? seems easier than adding filtered*
> > fields to ksyms
> 
> The strings in filtered_syms are ksyms->syms[i].name pointers (not
> copied). I didn't want to do another strdup, and I also didn't like
> passing three out parameters to bpf_get_ksyms().
> 
> So I decided to consolidate the data gathered by bpf_get_ksyms() in
> struct ksyms. ksyms->filtered_syms essentially is a view into the
> ksyms->syms, and it can be unused too.
> 
> Does this make sense?

yep, sounds good

thanks,
jirka