Re: [RFC PATCH v2 02/14] kcov: fix INIT_TRACK race in kcov_dataflow

Next message: fffsqian: "[PATCH 1/1] irqchip/renesas-irqc: fix generic IRQ chip leak on remove"
Previous message: Kuniyuki Iwashima: "Re: [PATCH net v5 4/7] net: ip6_tunnel: require CAP_NET_ADMIN in the device netns for changelink"
In reply to: Yunseong Kim: "[RFC PATCH v2 02/14] kcov: fix INIT_TRACK race in kcov_dataflow"
Next in thread: Yunseong Kim: "Re: [RFC PATCH v2 02/14] kcov: fix INIT_TRACK race in kcov_dataflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexander Potapenko

Date: Fri Jun 12 2026 - 02:56:43 EST

On Thu, Jun 11, 2026 at 6:21 PM Yunseong Kim <yunseong.kim@xxxxxxxx> wrote:
>
> Two threads calling KCOV_DF_INIT_TRACK concurrently could both observe
> df->area == NULL, drop the lock to allocate, and then both assign their
> allocation to df->area, leaking one buffer.
>
> Fix by rechecking df->area after re-acquiring the lock. If another
> thread won the race, free the allocation and return -EBUSY. This
> matches the pattern used by KCOV_INIT_TRACE in kernel/kcov.c.
>
> Reported-by: sashiko-bot <sashiko-bot@xxxxxxxxxx>
> Closes: https://sashiko.dev/#/patchset/20260603-kcov-dataflow-next-20260603-v2-0-fee0939de2c4%40est.tech
> Signed-off-by: Yunseong Kim <yunseong.kim@xxxxxxxx>

Can we please avoid this?
kcov_dataflow.c is being introduced in the same series, there is no
need to send a buggy commit and a follow-up fix - just squash the two
together and note the changes after Signed-off-by: separated by a
triple dash.