A task could enable tracing on multiple kcov_dataflow file descriptors, corrupting the internal tracking state when one is subsequently closed.
Check current->kcov_df_enabled before allowing KCOV_DF_ENABLE and return -EBUSY if already active. This matches kcov's check of t->kcov != NULL in the KCOV_ENABLE path. Reported-by: sashiko-bot <[email protected]> Closes: https://sashiko.dev/#/patchset/20260603-kcov-dataflow-next-20260603-v2-0-fee0939de2c4%40est.tech Signed-off-by: Yunseong Kim <[email protected]> --- kernel/kcov_dataflow.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/kcov_dataflow.c b/kernel/kcov_dataflow.c index 5248293280d5..27587b8ceeab 100644 --- a/kernel/kcov_dataflow.c +++ b/kernel/kcov_dataflow.c @@ -287,8 +287,8 @@ static long kcov_df_ioctl(struct file *filep, unsigned int cmd, unsigned long ar break; case KCOV_DF_ENABLE: - if (!df->area || df->t) { - res = -EINVAL; + if (!df->area || df->t || current->kcov_df_enabled) { + res = -EBUSY; break; } df->t = current; -- 2.43.0
