* [PATCH v3 1/1] gcov: use atomic counter updates to fix concurrent access crashes
2026-05-09 14:22 [PATCH v3 0/1] gcov: use -fprofile-update=prefer-atomic with compile-time guard Konstantin Khorenko
@ 2026-05-09 14:22 ` Konstantin Khorenko
0 siblings, 0 replies; 3+ messages in thread
From: Konstantin Khorenko @ 2026-05-09 14:22 UTC (permalink / raw)
To: Andrew Morton, Arnd Bergmann, Peter Oberparleiter
Cc: Nathan Chancellor, Nicolas Schier, Mikhail Zaslonko,
Thomas Weißschuh, Miguel Ojeda, Masahiro Yamada,
Vasileios Almpanis, Pavel Tikhomirov, linux-kernel, linux-kbuild,
Konstantin Khorenko
GCC's GCOV instrumentation can merge global branch counters with loop
induction variables as an optimization. In inflate_fast(), the inner
copy loops get transformed so that the GCOV counter value is loaded
multiple times to compute the loop base address, start index, and end
bound. Since GCOV counters are global (not per-CPU), concurrent
execution on different CPUs causes the counter to change between loads,
producing inconsistent values and out-of-bounds memory writes.
The crash manifests during IPComp (IP Payload Compression) processing
when inflate_fast() runs concurrently on multiple CPUs:
BUG: unable to handle page fault for address: ffffd0a3c0902ffa
RIP: inflate_fast+1431
Call Trace:
zlib_inflate
__deflate_decompress
crypto_comp_decompress
ipcomp_decompress [xfrm_ipcomp]
ipcomp_input [xfrm_ipcomp]
xfrm_input
At the crash point, the compiler generated three loads from the same
global GCOV counter (__gcov0.inflate_fast+216) to compute base, start,
and end for an indexed loop. Another CPU modified the counter between
loads, making the values inconsistent - the write went 3.4 MB past a
65 KB buffer.
Add -fprofile-update=prefer-atomic to CFLAGS_GCOV at the global level in
the top-level Makefile, guarded by a try-run compile test.
The test compiles a minimal program with and without
-fprofile-update=prefer-atomic using the full KBUILD_CFLAGS, then
compares undefined symbols in the resulting object files.
If prefer-atomic introduces new undefined references (such as
__atomic_fetch_add_8 on i386 or __aarch64_ldadd8_relax on arm64 with
outline-atomics), the flag is not added -- the kernel does not link
against libatomic.
On architectures where GCC inlines 64-bit atomic counter updates
(x86_64, s390, ...) the test passes and the flag is enabled, preventing
the compiler from merging counters with loop induction variables and
fixing the observed concurrent-access crash.
On architectures where the flag would introduce libatomic dependencies,
it is silently omitted and behaviour is no worse than before this patch.
Also move the CFLAGS_GCOV block after the final KBUILD_CFLAGS assignments
so the try-run test sees the complete set of compiler flags.
Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
Makefile | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
diff --git a/Makefile b/Makefile
index 9f88dcaae382..95afeecb09e4 100644
--- a/Makefile
+++ b/Makefile
@@ -824,12 +824,6 @@ endif # KBUILD_EXTMOD
# Defaults to vmlinux, but the arch makefile usually adds further targets
all: vmlinux
-CFLAGS_GCOV := -fprofile-arcs -ftest-coverage
-ifdef CONFIG_CC_IS_GCC
-CFLAGS_GCOV += -fno-tree-loop-im
-endif
-export CFLAGS_GCOV
-
# The arch Makefiles can override CC_FLAGS_FTRACE. We may also append it later.
ifdef CONFIG_FUNCTION_TRACER
CC_FLAGS_FTRACE := -pg
@@ -1183,6 +1177,27 @@ KBUILD_AFLAGS += $(KAFLAGS)
KBUILD_CFLAGS += $(KCFLAGS)
KBUILD_RUSTFLAGS += $(KRUSTFLAGS)
+CFLAGS_GCOV := -fprofile-arcs -ftest-coverage
+ifdef CONFIG_CC_IS_GCC
+CFLAGS_GCOV += -fno-tree-loop-im
+# Use atomic counter updates to avoid concurrent-access crashes in GCOV.
+# Only enable if -fprofile-update=prefer-atomic does not introduce new
+# undefined symbols (e.g. libatomic calls that the kernel cannot link).
+CFLAGS_GCOV += $(call try-run,\
+ echo 'long long x; void f(void){x++;}' | \
+ $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) -w -fprofile-arcs \
+ -ftest-coverage -x c - -c -o "$$TMP.base" && \
+ echo 'long long x; void f(void){x++;}' | \
+ $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) -w -fprofile-arcs \
+ -ftest-coverage -fprofile-update=prefer-atomic \
+ -x c - -c -o "$$TMP" && \
+ $(NM) "$$TMP.base" | grep ' U ' > "$$TMP.ubase" || true ; \
+ $(NM) "$$TMP" | grep ' U ' > "$$TMP.utest" || true ; \
+ cmp -s "$$TMP.ubase" "$$TMP.utest",\
+ -fprofile-update=prefer-atomic)
+endif
+export CFLAGS_GCOV
+
KBUILD_LDFLAGS_MODULE += --build-id=sha1
LDFLAGS_vmlinux += --build-id=sha1
base-commit: 70390501d1944d4e5b8f7352be180fceb3a44132
--
2.47.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v3 1/1] gcov: use atomic counter updates to fix concurrent access crashes
@ 2026-05-11 11:36 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2026-05-11 11:36 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "only suspicious fbc files changed"
::::::
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
In-Reply-To: <20260509142216.382205-2-khorenko@virtuozzo.com>
References: <20260509142216.382205-2-khorenko@virtuozzo.com>
TO: Konstantin Khorenko <khorenko@virtuozzo.com>
TO: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
TO: Arnd Bergmann <arnd@arndb.de>
TO: Peter Oberparleiter <oberpar@linux.ibm.com>
CC: Nathan Chancellor <nathan@kernel.org>
CC: Nicolas Schier <nsc@kernel.org>
CC: Mikhail Zaslonko <zaslonko@linux.ibm.com>
CC: "Thomas Weißschuh" <linux@weissschuh.net>
CC: Miguel Ojeda <ojeda@kernel.org>
CC: Masahiro Yamada <masahiroy@kernel.org>
CC: Vasileios Almpanis <vasileios.almpanis@virtuozzo.com>
CC: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
CC: linux-kernel@vger.kernel.org
CC: linux-kbuild@vger.kernel.org
CC: Konstantin Khorenko <khorenko@virtuozzo.com>
Hi Konstantin,
kernel test robot noticed the following build errors:
[auto build test ERROR on soc/for-next]
[also build test ERROR on rust/rust-next linus/master v7.1-rc3]
[cannot apply to akpm-mm/mm-everything next-20260508]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Konstantin-Khorenko/gcov-use-atomic-counter-updates-to-fix-concurrent-access-crashes/20260511-031901
base: https://git.kernel.org/pub/scm/linux/kernel/git/soc/soc.git for-next
patch link: https://lore.kernel.org/r/20260509142216.382205-2-khorenko%40virtuozzo.com
patch subject: [PATCH v3 1/1] gcov: use atomic counter updates to fix concurrent access crashes
:::::: branch date: 16 hours ago
:::::: commit date: 16 hours ago
config: mips-allmodconfig (https://download.01.org/0day-ci/archive/20260511/202605111900.vv8DEuyr-lkp@intel.com/config)
compiler: mips-linux-gcc (GCC) 15.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260511/202605111900.vv8DEuyr-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/r/202605111900.vv8DEuyr-lkp@intel.com/
All errors (new ones prefixed by >>):
{standard input}: Assembler messages:
>> {standard input}:200406: Error: branch out of range
{standard input}:200407: Error: branch out of range
{standard input}:200465: Error: branch out of range
{standard input}:200473: Error: branch out of range
{standard input}:200537: Error: branch out of range
{standard input}:200542: Error: branch out of range
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v3 1/1] gcov: use atomic counter updates to fix concurrent access crashes
@ 2026-05-12 17:22 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2026-05-12 17:22 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "only suspicious fbc files changed"
::::::
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
In-Reply-To: <20260509142216.382205-2-khorenko@virtuozzo.com>
References: <20260509142216.382205-2-khorenko@virtuozzo.com>
TO: Konstantin Khorenko <khorenko@virtuozzo.com>
TO: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
TO: Arnd Bergmann <arnd@arndb.de>
TO: Peter Oberparleiter <oberpar@linux.ibm.com>
CC: Nathan Chancellor <nathan@kernel.org>
CC: Nicolas Schier <nsc@kernel.org>
CC: Mikhail Zaslonko <zaslonko@linux.ibm.com>
CC: "Thomas Weißschuh" <linux@weissschuh.net>
CC: Miguel Ojeda <ojeda@kernel.org>
CC: Masahiro Yamada <masahiroy@kernel.org>
CC: Vasileios Almpanis <vasileios.almpanis@virtuozzo.com>
CC: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
CC: linux-kernel@vger.kernel.org
CC: linux-kbuild@vger.kernel.org
CC: Konstantin Khorenko <khorenko@virtuozzo.com>
Hi Konstantin,
kernel test robot noticed the following build errors:
[auto build test ERROR on soc/for-next]
[also build test ERROR on rust/rust-next linus/master v7.1-rc3]
[cannot apply to akpm-mm/mm-everything next-20260508]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Konstantin-Khorenko/gcov-use-atomic-counter-updates-to-fix-concurrent-access-crashes/20260511-031901
base: https://git.kernel.org/pub/scm/linux/kernel/git/soc/soc.git for-next
patch link: https://lore.kernel.org/r/20260509142216.382205-2-khorenko%40virtuozzo.com
patch subject: [PATCH v3 1/1] gcov: use atomic counter updates to fix concurrent access crashes
:::::: branch date: 2 days ago
:::::: commit date: 2 days ago
config: xtensa-allyesconfig (https://download.01.org/0day-ci/archive/20260513/202605130158.6HuxKlY5-lkp@intel.com/config)
compiler: xtensa-linux-gcc (GCC) 15.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260513/202605130158.6HuxKlY5-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/r/202605130158.6HuxKlY5-lkp@intel.com/
All errors (new ones prefixed by >>):
{standard input}: Assembler messages:
>> {standard input}:215673: Error: operand 2 of 'l32r' has out of range value '4294705148'
{standard input}:215704: Error: operand 2 of 'l32r' has out of range value '4294705060'
{standard input}:215752: Error: operand 2 of 'l32r' has out of range value '4294704944'
{standard input}:215785: Error: operand 2 of 'l32r' has out of range value '4294704860'
{standard input}:215850: Error: operand 2 of 'l32r' has out of range value '4294705148'
{standard input}:215851: Error: operand 2 of 'l32r' has out of range value '4294704700'
{standard input}:215885: Error: operand 2 of 'l32r' has out of range value '4294705064'
{standard input}:215910: Error: operand 2 of 'l32r' has out of range value '4294704556'
{standard input}:215976: Error: operand 2 of 'l32r' has out of range value '4294704392'
{standard input}:216042: Error: operand 2 of 'l32r' has out of range value '4294704228'
{standard input}:216087: Error: operand 2 of 'l32r' has out of range value '4294704116'
{standard input}:216101: Error: operand 2 of 'l32r' has out of range value '4294704516'
{standard input}:216116: Error: operand 2 of 'l32r' has out of range value '4294704480'
{standard input}:216117: Error: operand 2 of 'l32r' has out of range value '4294704040'
{standard input}:216153: Error: operand 2 of 'l32r' has out of range value '4294704392'
{standard input}:216166: Error: operand 2 of 'l32r' has out of range value '4294704360'
{standard input}:216182: Error: operand 2 of 'l32r' has out of range value '4294704328'
{standard input}:216183: Error: operand 2 of 'l32r' has out of range value '4294703880'
{standard input}:216217: Error: operand 2 of 'l32r' has out of range value '4294704240'
{standard input}:216242: Error: operand 2 of 'l32r' has out of range value '4294703736'
{standard input}:216307: Error: operand 2 of 'l32r' has out of range value '4294703572'
{standard input}:216376: Error: operand 2 of 'l32r' has out of range value '4294703392'
{standard input}:216423: Error: operand 2 of 'l32r' has out of range value '4294703280'
{standard input}:216432: Error: operand 2 of 'l32r' has out of range value '4294703256'
{standard input}:216460: Error: operand 2 of 'l32r' has out of range value '4294703188'
{standard input}:216469: Error: operand 2 of 'l32r' has out of range value '4294703160'
{standard input}:216500: Error: operand 2 of 'l32r' has out of range value '4294703076'
{standard input}:216548: Error: operand 2 of 'l32r' has out of range value '4294702960'
{standard input}:216565: Error: operand 2 of 'l32r' has out of range value '4294703352'
{standard input}:216580: Error: operand 2 of 'l32r' has out of range value '4294703316'
{standard input}:216581: Error: operand 2 of 'l32r' has out of range value '4294702876'
{standard input}:216617: Error: operand 2 of 'l32r' has out of range value '4294703228'
{standard input}:216630: Error: operand 2 of 'l32r' has out of range value '4294703196'
{standard input}:216646: Error: operand 2 of 'l32r' has out of range value '4294703164'
{standard input}:216647: Error: operand 2 of 'l32r' has out of range value '4294702716'
{standard input}:216681: Error: operand 2 of 'l32r' has out of range value '4294703080'
{standard input}:216706: Error: operand 2 of 'l32r' has out of range value '4294702572'
{standard input}:216772: Error: operand 2 of 'l32r' has out of range value '4294702412'
{standard input}:216838: Error: operand 2 of 'l32r' has out of range value '4294702248'
{standard input}:216883: Error: operand 2 of 'l32r' has out of range value '4294702136'
{standard input}:216897: Error: operand 2 of 'l32r' has out of range value '4294702536'
{standard input}:216912: Error: operand 2 of 'l32r' has out of range value '4294702500'
{standard input}:216913: Error: operand 2 of 'l32r' has out of range value '4294702060'
{standard input}:216949: Error: operand 2 of 'l32r' has out of range value '4294702412'
{standard input}:216962: Error: operand 2 of 'l32r' has out of range value '4294702380'
{standard input}:216978: Error: operand 2 of 'l32r' has out of range value '4294702348'
{standard input}:216979: Error: operand 2 of 'l32r' has out of range value '4294701900'
{standard input}:217013: Error: operand 2 of 'l32r' has out of range value '4294702260'
{standard input}:217038: Error: operand 2 of 'l32r' has out of range value '4294701756'
{standard input}:217083: Error: operand 2 of 'l32r' has out of range value '4294701648'
{standard input}:217113: Error: operand 2 of 'l32r' has out of range value '4294701568'
{standard input}:217163: Error: operand 2 of 'l32r' has out of range value '4294701444'
{standard input}:217184: Error: operand 2 of 'l32r' has out of range value '4294701392'
{standard input}:217193: Error: operand 2 of 'l32r' has out of range value '4294701364'
{standard input}:217224: Error: operand 2 of 'l32r' has out of range value '4294701280'
{standard input}:217272: Error: operand 2 of 'l32r' has out of range value '4294701164'
{standard input}:217289: Error: operand 2 of 'l32r' has out of range value '4294701556'
{standard input}:217304: Error: operand 2 of 'l32r' has out of range value '4294701520'
{standard input}:217305: Error: operand 2 of 'l32r' has out of range value '4294701080'
{standard input}:217341: Error: operand 2 of 'l32r' has out of range value '4294701432'
{standard input}:217354: Error: operand 2 of 'l32r' has out of range value '4294701400'
{standard input}:217370: Error: operand 2 of 'l32r' has out of range value '4294701368'
{standard input}:217371: Error: operand 2 of 'l32r' has out of range value '4294700920'
{standard input}:217405: Error: operand 2 of 'l32r' has out of range value '4294701284'
{standard input}:217430: Error: operand 2 of 'l32r' has out of range value '4294700776'
{standard input}:217496: Error: operand 2 of 'l32r' has out of range value '4294700616'
{standard input}:217562: Error: operand 2 of 'l32r' has out of range value '4294700452'
{standard input}:217607: Error: operand 2 of 'l32r' has out of range value '4294700340'
{standard input}:217621: Error: operand 2 of 'l32r' has out of range value '4294700740'
{standard input}:217636: Error: operand 2 of 'l32r' has out of range value '4294700704'
{standard input}:217637: Error: operand 2 of 'l32r' has out of range value '4294700264'
{standard input}:217673: Error: operand 2 of 'l32r' has out of range value '4294700616'
{standard input}:217686: Error: operand 2 of 'l32r' has out of range value '4294700584'
{standard input}:217702: Error: operand 2 of 'l32r' has out of range value '4294700552'
{standard input}:217703: Error: operand 2 of 'l32r' has out of range value '4294700104'
{standard input}:217737: Error: operand 2 of 'l32r' has out of range value '4294700464'
{standard input}:217762: Error: operand 2 of 'l32r' has out of range value '4294699960'
{standard input}:217807: Error: operand 2 of 'l32r' has out of range value '4294699852'
{standard input}:217837: Error: operand 2 of 'l32r' has out of range value '4294699772'
{standard input}:217888: Error: operand 2 of 'l32r' has out of range value '4294699644'
{standard input}:217897: Error: operand 2 of 'l32r' has out of range value '4294699620'
{standard input}:217930: Error: operand 2 of 'l32r' has out of range value '4294699532'
{standard input}:217978: Error: operand 2 of 'l32r' has out of range value '4294699416'
{standard input}:218017: Error: operand 2 of 'l32r' has out of range value '4294699316'
{standard input}:218064: Error: operand 2 of 'l32r' has out of range value '4294699204'
{standard input}:218094: Error: operand 2 of 'l32r' has out of range value '4294699124'
{standard input}:218162: Error: operand 2 of 'l32r' has out of range value '4294698960'
{standard input}:218209: Error: operand 2 of 'l32r' has out of range value '4294698844'
{standard input}:218221: Error: operand 2 of 'l32r' has out of range value '4294698812'
{standard input}:218230: Error: operand 2 of 'l32r' has out of range value '4294698788'
{standard input}:218263: Error: operand 2 of 'l32r' has out of range value '4294698700'
{standard input}:218310: Error: operand 2 of 'l32r' has out of range value '4294698588'
{standard input}:218326: Error: operand 2 of 'l32r' has out of range value '4294698544'
{standard input}:218343: Error: operand 2 of 'l32r' has out of range value '4294698500'
{standard input}:218352: Error: operand 2 of 'l32r' has out of range value '4294698476'
{standard input}:218378: Error: operand 2 of 'l32r' has out of range value '4294698396'
{standard input}:218393: Error: operand 2 of 'l32r' has out of range value '4294698356'
{standard input}:218423: Error: operand 2 of 'l32r' has out of range value '4294698280'
{standard input}:218475: Error: operand 2 of 'l32r' has out of range value '4294698152'
{standard input}:218484: Error: operand 2 of 'l32r' has out of range value '4294698128'
{standard input}:218510: Error: operand 2 of 'l32r' has out of range value '4294698048'
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-05-12 17:22 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-11 11:36 [PATCH v3 1/1] gcov: use atomic counter updates to fix concurrent access crashes kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2026-05-12 17:22 kernel test robot
2026-05-09 14:22 [PATCH v3 0/1] gcov: use -fprofile-update=prefer-atomic with compile-time guard Konstantin Khorenko
2026-05-09 14:22 ` [PATCH v3 1/1] gcov: use atomic counter updates to fix concurrent access crashes Konstantin Khorenko
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.