On Thu, 10 Oct 2024 11:00:30 +0200 Jiri Olsa <olsajiri@xxxxxxxxx> wrote: > > Unfortunately it's not that simple, the args could be moved around to > > other registers. And objtool doesn't have an emulator. > > > > Also it's not clear how that would deal with >6 args, or IS_ERR() as > > Jirka pointed out upthread. For the >6 args, I would say that the verifier just says any arg greater than 6 can be NULL. There's not many trace events that have that (if any). > > another complication might be that the code in tracepoint's fast assign > can potentially call global function (?), that could do the argument NULL > check and we won't have its code at objtool invocation time I'm starting to think that the best thing to do is to have the verifier add exception code in the bpf program that just kills the task if it faults on reading a tracepoint parameter. This all started because it was assumed (incorrectly, and I was never asked) that trace point args can't be NULL. It was always the case that they could be. This was not a regression. Now that there's existing BPF programs that assume that tracepoint arguments are not NULL, is a bug in user space. Not the kernel. -- Steve
