From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 61AE53563D4
	for <linux-kernel@vger.kernel.org>; Sat, 30 May 2026 00:00:04 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780099205; cv=none; b=LUDUL3wA3qmAbODxa17jgChYI5BNZhhNWFrnzOmEgSkwjrlEytphnmx4IM1oWQRkp7hu18UQ769cCbTuM3lscdVM4BCC+jv19jdvj7KKfrgCqBhgUpo6yZmD1lOAkXdbneISsOej/Ke0ZwAh6O/9Ft3ZH5LRW7cMYhLmR5JAweM=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780099205; c=relaxed/simple;
	bh=fOoFN8gdIBsh8ofglyDO9cIc5uaCrsMStvBK2E0maME=;
	h=Message-ID:Date:From:To:Cc:Subject:References:MIME-Version:
	 Content-Type; b=Tm+qBINBy6AhejQ1w/sSRruXxXNd+EUrFLjkwz/ZMmmCzokRQqLkUFAqvA5br0kBLz93CDcJH9/HSZRBPCPdOAXh18TmD5cakjBo1Et5k37EFLTQZZSnWG6qcitaSXmgaNPGm6fWjb1ZtWRrvzfUpzDuOC686LjZBe5om7If7oY=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=nE0pJYXJ; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="nE0pJYXJ"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4799E1F0089B;
	Sat, 30 May 2026 00:00:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780099204;
	bh=xnhUgr8tKSSDRUYSxI6lXMXurP+1cYyfy+Ax/U/a99M=;
	h=Date:From:To:Cc:Subject:References;
	b=nE0pJYXJUVKfZokdVOCrMRQoVu4MgCwTAqWaFJYN38mr7odATKcXItDdb4pr+Fc+R
	 466XaV6t8sFvbW8G17H+2ttgXF5zNsfptUFRZXtvZKi3CX54Vn6t9MhcrtBdDzh4as
	 gJ9s1pnOU0QDA0Q5eiYK+VcrNj+zRcpOKRhNnDMLCI2/0p6JUbA/RLmua5vx0LvKgH
	 6AXED2/1zkYbspD0+gWYb3eUthdEr4yY81QXORMMjRg+K6sW6o3tTbgXOEJCBHhZk6
	 Zh/H0gY9UcFX97Bod/F/mAuJktf5t27I6LKh1KNc4I3Lc5swLB9RLSW+cAK4w0xowt
	 3AJuwKGuP8LOQ==
Received: from rostedt by gandalf with local (Exim 4.99.2)
	(envelope-from <rostedt@kernel.org>)
	id 1wT788-0000000AgD8-1jVq;
	Fri, 29 May 2026 20:00:44 -0400
Message-ID: <20260530000044.276359018@kernel.org>
User-Agent: quilt/0.69
Date: Fri, 29 May 2026 20:00:31 -0400
From: Steven Rostedt <rostedt@kernel.org>
To: linux-kernel@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>,
 Mark Rutland <mark.rutland@arm.com>,
 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
 Andrew Morton <akpm@linux-foundation.org>,
 Karl Mehltretter <kmehltretter@gmail.com>
Subject: [for-next][PATCH 2/3] tracing: Disable KCOV instrumentation for trace_irqsoff.o
References: <20260530000029.648858285@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8

From: Karl Mehltretter <kmehltretter@gmail.com>

When KCOV runs its boot selftest with whole-kernel instrumentation
enabled, it sets current->kcov_mode to KCOV_MODE_TRACE_PC without
installing a coverage area. Any instrumented code accepted as task-context
coverage in that window dereferences current->kcov_area and crashes.

On ARMv5 Versatile PB with CONFIG_KCOV_SELFTEST=y,
CONFIG_KCOV_INSTRUMENT_ALL=y and CONFIG_IRQSOFF_TRACER=y, boot hits a
NULL pointer fault during the selftest:

  kcov: running self test
  Internal error: Oops: 5 [#1] ARM
  PC is at __sanitizer_cov_trace_pc+0x4c/0x90
  Kernel panic - not syncing: Fatal exception

A diagnostic run showed the unwanted coverage comes from the IRQs-off
tracer callbacks reached from ARM IRQ entry before hardirq context is
visible to KCOV:

  __sanitizer_cov_trace_pc from tracer_hardirqs_off+0x18/0x1cc
  tracer_hardirqs_off from trace_hardirqs_off+0x34/0x54
  trace_hardirqs_off from __irq_svc+0x58/0xb0
  __irq_svc from kcov_init+0x7c/0xdc

and similarly through tracer_hardirqs_on().

trace_preemptirq.o is already excluded because this tracing path can run
from early interrupt code and produce coverage unrelated to syscall
inputs. Exclude trace_irqsoff.o as well, instead of requiring users to
turn off CONFIG_KCOV_INSTRUMENT_ALL=y, which is the default whole-kernel
KCOV mode.

With the exclusion in place, the same ARMv5 Versatile PB QEMU test boots
through the KCOV selftest and reaches userspace.

Tested on ARMv5 Versatile PB QEMU with CONFIG_KCOV_SELFTEST=y,
CONFIG_KCOV_INSTRUMENT_ALL=y and CONFIG_IRQSOFF_TRACER=y.

Link: https://patch.msgid.link/20260525170428.67211-1-kmehltretter@gmail.com
Assisted-by: Codex:gpt-5
Signed-off-by: Karl Mehltretter <kmehltretter@gmail.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
---
 kernel/trace/Makefile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/trace/Makefile b/kernel/trace/Makefile
index 9b0834134cae..660675e1d426 100644
--- a/kernel/trace/Makefile
+++ b/kernel/trace/Makefile
@@ -48,9 +48,10 @@ ifdef CONFIG_GCOV_PROFILE_FTRACE
 GCOV_PROFILE := y
 endif
 
-# Functions in this file could be invoked from early interrupt
-# code and produce random code coverage.
+# Functions in these files can run from IRQ entry before hardirq context
+# is visible to KCOV, and produce coverage unrelated to syscall inputs.
 KCOV_INSTRUMENT_trace_preemptirq.o := n
+KCOV_INSTRUMENT_trace_irqsoff.o := n
 
 CFLAGS_bpf_trace.o := -I$(src)
 
-- 
2.53.0