From nobody Tue Apr 7 07:08:24 2026 Received: from sender-of-o57.zoho.eu (sender-of-o57.zoho.eu [136.143.169.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A4C234DB7E for ; Sun, 15 Mar 2026 19:49:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=136.143.169.57 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773604188; cv=pass; b=O0/dY73FQWK4TAi6rb2+3784mo//7PNVRJAxl6WFI/tsfwZRq7xXzApFgqf7dCYp7hV03P5o5Sbt28DuePbRqdtGUpAGBB8HHWAWUaPsqOA9Vo8q955xzUoI4Z85up6pUSZqMo4+3o+cB5Tg10SKorgbxT14VqacuP8dTl8bM1U= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773604188; c=relaxed/simple; bh=xFD5P1+tpNL46pqEf5qsQVrgFdcnBmrl4/ErncUESJI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=iSqIPMKZxL8tNLrAJbjxe+cPLlqhtcX7pI4aLXEWK1pOM6UBKHGU82WS/PlIbnlGxIWF/aGTihE2r2wrI76wXv84vcjArU+OkFIEIVnGSArvoZPrF2qKrCU3zYp7PSZN08tPFIa0o7hxp5eARY71Sh4slUruXBoSp4+ousxX1pQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=objecting.org; spf=pass smtp.mailfrom=objecting.org; dkim=pass (1024-bit key) header.d=objecting.org header.i=objecting@objecting.org header.b=fv532EsX; arc=pass smtp.client-ip=136.143.169.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=objecting.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=objecting.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=objecting.org header.i=objecting@objecting.org header.b="fv532EsX" ARC-Seal: i=1; a=rsa-sha256; t=1773604183; cv=none; d=zohomail.eu; s=zohoarc; b=Vq7HPeEF/ti2OTQwPQcRya/828cP5qkwYGmtGjZR1Kz2btVpMNu9+/+yEMvIYPTZhBkHUQpCW279Kt4uGviKJOBItb3Md6tiwfT/B2zA1pGg9SLjYVtuvXGwluie/3watfEN9o/aySjaorSAdtn2MGaA02qMbKHjALNxL+J/ktU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu; s=zohoarc; t=1773604183; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=soJiT+wuPoOk0Vq2USNg5BuzIP78RwRfNPkF/XuwJmQ=; b=Fl7wd6g2/5BT31+2BivM9rRvqt69FZC7FvVWn/jSfqAxOk/WsAa57anYd+qOvuKOQqXhhu2v9fIeld/HAwuB9CiCCVIAMxL05xy5f6Cg+L67JoadQdSXWSS2D/Ide7LTE2+ix4RpHo5n0h9GiZvi2hJMYSfy2wxpJ8JICVrKxGQ= ARC-Authentication-Results: i=1; mx.zohomail.eu; dkim=pass header.i=objecting.org; spf=pass smtp.mailfrom=objecting@objecting.org; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1773604183; s=zmail; d=objecting.org; i=objecting@objecting.org; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=soJiT+wuPoOk0Vq2USNg5BuzIP78RwRfNPkF/XuwJmQ=; b=fv532EsXuBlkX2GUylurFgxkMZeVyeRWnk2DYDik5W6FkvM32ewzukf3c6fl0BaR Jg9iEn5D4huZBmpNYJjPLCiJP9V2AgyXylo/SJdznunHtjVWNUOI0o/t51yfWARWKiJ qy/BnFtDX0wGQlI7zG8AvezF0x3yji6NotoVl1Do= Received: by mx.zoho.eu with SMTPS id 1773604181959146.8462308732344; Sun, 15 Mar 2026 20:49:41 +0100 (CET) From: Josh Law To: Andrew Morton , Josh Law Cc: linux-kernel@vger.kernel.org Subject: [PATCH 1/3] lib/bug: annotate concurrent access to bug->flags with READ_ONCE/WRITE_ONCE Date: Sun, 15 Mar 2026 19:49:37 +0000 Message-Id: <20260315194939.328612-2-objecting@objecting.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260315194939.328612-1-objecting@objecting.org> References: <20260315194939.328612-1-objecting@objecting.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External Content-Type: text/plain; charset="utf-8" Multiple CPUs can hit a WARN_ON_ONCE simultaneously, causing concurrent reads and writes to bug->flags without synchronization. In __report_bug(), the flags are read to check BUGFLAG_DONE and then BUGFLAG_DONE is set via a plain read-modify-write. The race is benign since the store is idempotent, but KCSAN will flag this as a data race. Read the flags once with READ_ONCE and reuse the cached value for both the flag checks and the WRITE_ONCE store. Also annotate the concurrent clear in clear_once_table(). Update the misleading comment that claimed concurrency is not an issue. Signed-off-by: Josh Law --- lib/bug.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/lib/bug.c b/lib/bug.c index bbc301097749..037c7370dadf 100644 --- a/lib/bug.c +++ b/lib/bug.c @@ -201,6 +201,7 @@ static enum bug_trap_type __report_bug(struct bug_entry= *bug, unsigned long buga { bool warning, once, done, no_cut, has_args; const char *file, *fmt; + unsigned short flags; unsigned line; =20 if (!bug) { @@ -217,20 +218,24 @@ static enum bug_trap_type __report_bug(struct bug_ent= ry *bug, unsigned long buga bug_get_file_line(bug, &file, &line); fmt =3D bug_get_format(bug); =20 - warning =3D bug->flags & BUGFLAG_WARNING; - once =3D bug->flags & BUGFLAG_ONCE; - done =3D bug->flags & BUGFLAG_DONE; - no_cut =3D bug->flags & BUGFLAG_NO_CUT_HERE; - has_args =3D bug->flags & BUGFLAG_ARGS; + flags =3D READ_ONCE(bug->flags); + warning =3D flags & BUGFLAG_WARNING; + once =3D flags & BUGFLAG_ONCE; + done =3D flags & BUGFLAG_DONE; + no_cut =3D flags & BUGFLAG_NO_CUT_HERE; + has_args =3D flags & BUGFLAG_ARGS; =20 if (warning && once) { if (done) return BUG_TRAP_TYPE_WARN; =20 /* - * Since this is the only store, concurrency is not an issue. + * Multiple CPUs can hit a WARN_ON_ONCE at the same time + * and both read done =3D=3D false. The race is benign: setting + * BUGFLAG_DONE is idempotent, and the worst case is that + * the warning prints a few extra times. */ - bug->flags |=3D BUGFLAG_DONE; + WRITE_ONCE(bug->flags, flags | BUGFLAG_DONE); } =20 /* @@ -289,7 +294,7 @@ static void clear_once_table(struct bug_entry *start, s= truct bug_entry *end) struct bug_entry *bug; =20 for (bug =3D start; bug < end; bug++) - bug->flags &=3D ~BUGFLAG_DONE; + WRITE_ONCE(bug->flags, READ_ONCE(bug->flags) & ~BUGFLAG_DONE); } =20 void generic_bug_clear_once(void) --=20 2.34.1