Re: [PATCH] tracing: eprobe: read the complete FILTER_PTR_STRING pointer

Next message: Leon Hwang: "[RFC PATCH bpf 5/6] bpf: Disallow interpreter fallback for gotox insn"
Previous message: Leon Hwang: "[RFC PATCH bpf 4/6] bpf: Disallow interpreter fallback for internal BPF_PROBE_ATOMIC insn"
In reply to: Steven Rostedt: "Re: [PATCH] tracing: eprobe: read the complete FILTER_PTR_STRING pointer"
Next in thread: Steven Rostedt: "Re: [PATCH] tracing: eprobe: read the complete FILTER_PTR_STRING pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Google

Date: Fri Jun 26 2026 - 11:49:59 EST

On Fri, 26 Jun 2026 06:42:23 -0400
Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:

> On Fri, 26 Jun 2026 12:20:36 +0200
> Martin Kaiser <martin@xxxxxxxxx> wrote:
>
> > > That is, to have +u0() say "this is going to be dereferencing user space".
> >
> > > I'll add Martin's patch and see if it makes the above work.
> >
> > I've just tried your command with my patch. It works for me, filenames are
> > logged correctly.
>
> Yep, this definitely looks like a fix. We have;
>
> addr = rec + field->offset;
>
> Where addr points to the location of the field on the ring buffer, thus
> your change to make it:
>
> val = *(unsigned long *)addr;
>
> Reads the full "long size" of the event on the ring buffer, instead of
> reading just one byte. It is "val" that gets dereferenced later by the
> probe logic (the "+0u()"), which has all the protections we need.
>
> I'll queue this up.

I've already queued this on my probes/core branch.
(which will be probes/fixes)

Thanks,

>
> Thanks!
>
> -- Steve

--
Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>