CoreSight

coresight@lists.linaro.org

7 participants
2476 discussions

Re: [PATCH v3 2/3] coresight: tmc: refactor the tmc-etr mode setting to avoid race conditions

by Suzuki K Poulose

On 18/09/2025 10:15, Yicong Yang wrote: > On 2025/8/18 16:05, Junhao He wrote: >> When trying to run perf and sysfs mode simultaneously, the WARN_ON() >> in tmc_etr_enable_hw() is triggered sometimes: >> >> WARNING: CPU: 42 PID: 3911571 at drivers/hwtracing/coresight/coresight-tmc-etr.c:1060 tmc_etr_enable_hw+0xc0/0xd8 [coresight_tmc] >> [..snip..] >> Call trace: >> tmc_etr_enable_hw+0xc0/0xd8 [coresight_tmc] (P) >> tmc_enable_etr_sink+0x11c/0x250 [coresight_tmc] (L) >> tmc_enable_etr_sink+0x11c/0x250 [coresight_tmc] >> coresight_enable_path+0x1c8/0x218 [coresight] >> coresight_enable_sysfs+0xa4/0x228 [coresight] >> enable_source_store+0x58/0xa8 [coresight] >> dev_attr_store+0x20/0x40 >> sysfs_kf_write+0x4c/0x68 >> kernfs_fop_write_iter+0x120/0x1b8 >> vfs_write+0x2c8/0x388 >> ksys_write+0x74/0x108 >> __arm64_sys_write+0x24/0x38 >> el0_svc_common.constprop.0+0x64/0x148 >> do_el0_svc+0x24/0x38 >> el0_svc+0x3c/0x130 >> el0t_64_sync_handler+0xc8/0xd0 >> el0t_64_sync+0x1ac/0x1b0 >> ---[ end trace 0000000000000000 ]--- >> >> Since the sysfs buffer allocation and the hardware enablement is not >> in the same critical region, it's possible to race with the perf >> >> mode: >> [sysfs mode] [perf mode] >> tmc_etr_get_sysfs_buffer() >> spin_lock(&drvdata->spinlock) >> [sysfs buffer allocation] >> spin_unlock(&drvdata->spinlock) >> spin_lock(&drvdata->spinlock) >> tmc_etr_enable_hw() >> drvdata->etr_buf = etr_perf->etr_buf >> spin_unlock(&drvdata->spinlock) >> spin_lock(&drvdata->spinlock) >> tmc_etr_enable_hw() >> WARN_ON(drvdata->etr_buf) // WARN sicne etr_buf initialized at >> the perf side >> spin_unlock(&drvdata->spinlock) >> >> A race condition is introduced here, perf always prioritizes execution, and >> warnings can lead to concerns about potential hidden bugs, such as getting >> out of sync. >> >> To fix this, configure the tmc-etr mode before invoking enable_etr_perf() >> or enable_etr_sysfs(), explicitly check if the tmc-etr sink is already >> enabled in a different mode, and simplily the setup and checks for "mode". >> To prevent race conditions between mode transitions. >> >> Fixes: 296b01fd106e ("coresight: Refactor out buffer allocation function for ETR") >> Reported-by: Yicong Yang <yangyicong(a)hisilicon.com> >> Closes: https://lore.kernel.org/linux-arm-kernel/20241202092419.11777-2-yangyicong@… >> Signed-off-by: Junhao He <hejunhao3(a)huawei.com> > > Tested by running perf and sysfs mode simultaneously, no warning reproduced. > > Tested-by: Yicong Yang <yangyicong(a)hisilicon.com> > >> --- >> .../hwtracing/coresight/coresight-tmc-etr.c | 80 ++++++++++--------- >> 1 file changed, 42 insertions(+), 38 deletions(-) >> >> diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c b/drivers/hwtracing/coresight/coresight-tmc-etr.c >> index b07fcdb3fe1a..06c74717be19 100644 >> --- a/drivers/hwtracing/coresight/coresight-tmc-etr.c >> +++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c >> @@ -1263,7 +1263,7 @@ static struct etr_buf *tmc_etr_get_sysfs_buffer(struct coresight_device *csdev) >> raw_spin_lock_irqsave(&drvdata->spinlock, flags); >> } >> >> - if (drvdata->reading || coresight_get_mode(csdev) == CS_MODE_PERF) { >> + if (drvdata->reading) { >> ret = -EBUSY; >> goto out; >> } >> @@ -1300,20 +1300,18 @@ static int tmc_enable_etr_sink_sysfs(struct coresight_device *csdev) >> raw_spin_lock_irqsave(&drvdata->spinlock, flags); >> >> /* >> - * In sysFS mode we can have multiple writers per sink. Since this >> - * sink is already enabled no memory is needed and the HW need not be >> - * touched, even if the buffer size has changed. >> + * When two sysfs sessions race to acquire an idle sink, both may enter >> + * this function. We need to recheck if the sink is already in use to >> + * prevent duplicate hardware configuration. >> */ >> - if (coresight_get_mode(csdev) == CS_MODE_SYSFS) { >> + if (csdev->refcnt) { >> csdev->refcnt++; >> goto out; >> } >> >> ret = tmc_etr_enable_hw(drvdata, sysfs_buf); >> - if (!ret) { >> - coresight_set_mode(csdev, CS_MODE_SYSFS); >> + if (!ret) >> csdev->refcnt++; >> - } >> >> out: >> raw_spin_unlock_irqrestore(&drvdata->spinlock, flags); >> @@ -1729,39 +1727,24 @@ static int tmc_enable_etr_sink_perf(struct coresight_device *csdev, void *data) >> { >> int rc = 0; >> pid_t pid; >> - unsigned long flags; >> struct tmc_drvdata *drvdata = dev_get_drvdata(csdev->dev.parent); >> struct perf_output_handle *handle = data; >> struct etr_perf_buffer *etr_perf = etm_perf_sink_config(handle); >> >> - raw_spin_lock_irqsave(&drvdata->spinlock, flags); >> - /* Don't use this sink if it is already claimed by sysFS */ >> - if (coresight_get_mode(csdev) == CS_MODE_SYSFS) { >> - rc = -EBUSY; >> - goto unlock_out; >> - } >> - >> - if (WARN_ON(!etr_perf || !etr_perf->etr_buf)) { >> - rc = -EINVAL; >> - goto unlock_out; >> - } >> + if (WARN_ON(!etr_perf || !etr_perf->etr_buf)) >> + return -EINVAL; >> >> /* Get a handle on the pid of the session owner */ >> pid = etr_perf->pid; >> >> /* Do not proceed if this device is associated with another session */ >> - if (drvdata->pid != -1 && drvdata->pid != pid) { >> - rc = -EBUSY; >> - goto unlock_out; >> - } >> + if (drvdata->pid != -1 && drvdata->pid != pid) >> + return -EBUSY; >> >> - /* >> - * No HW configuration is needed if the sink is already in >> - * use for this session. >> - */ >> + /* The sink is already in use for this session */ >> if (drvdata->pid == pid) { >> csdev->refcnt++; >> - goto unlock_out; >> + return rc; >> } >> >> rc = tmc_etr_enable_hw(drvdata, etr_perf->etr_buf); >> @@ -1773,22 +1756,43 @@ static int tmc_enable_etr_sink_perf(struct coresight_device *csdev, void *data) >> csdev->refcnt++; >> } >> >> -unlock_out: >> - raw_spin_unlock_irqrestore(&drvdata->spinlock, flags); >> return rc; >> } >> >> static int tmc_enable_etr_sink(struct coresight_device *csdev, >> enum cs_mode mode, void *data) >> { >> - switch (mode) { >> - case CS_MODE_SYSFS: >> - return tmc_enable_etr_sink_sysfs(csdev); >> - case CS_MODE_PERF: >> - return tmc_enable_etr_sink_perf(csdev, data); >> - default: >> - return -EINVAL; >> + struct tmc_drvdata *drvdata = dev_get_drvdata(csdev->dev.parent); >> + int rc; >> + >> + scoped_guard(raw_spinlock_irqsave, &drvdata->spinlock) { >> + if (coresight_get_mode(csdev) != CS_MODE_DISABLED && >> + coresight_get_mode(csdev) != mode) >> + return -EBUSY; >> + >> + switch (mode) { >> + case CS_MODE_SYSFS: >> + if (csdev->refcnt) { >> + /* The sink is already enabled */ >> + csdev->refcnt++; >> + return 0; >> + } >> + coresight_set_mode(csdev, mode); Why are we spilling bits here in the common code for sysfs ? More on this, see below. >> + break; >> + case CS_MODE_PERF: >> + return tmc_enable_etr_sink_perf(csdev, data); >> + default: >> + return -EINVAL; >> + } >> + } >> + >> + rc = tmc_enable_etr_sink_sysfs(csdev); We now call the above function without the spinlock and the refcnt is managed with and without the spinlock by the users. This is problematic, with refcnt being a non-atomic type. Please fix. I don't see why we can't set the mode in tmc_enable_etr_sink_sysfs() with the locks held and reset the mode if we failed enable it properly. Suzuki >> + if (rc) { >> + scoped_guard(raw_spinlock_irqsave, &drvdata->spinlock) >> + coresight_set_mode(csdev, CS_MODE_DISABLED); >> } >> + >> + return rc; >> } >> >> static int tmc_disable_etr_sink(struct coresight_device *csdev) >>

3 hours, 28 minutes

ITM support in OpenCSD

by Mike Leach

Hi, I will be making the OpenCSD ITM support in the development branch (itm-decoder-dev) part of the main upstream branch. If anyone has any feedback on this support please let me know. Mike -- Mike Leach Principal Engineer, ARM Ltd. Manchester Design Centre. UK

7 hours, 39 minutes

[PATCH 0/2] perf: Fix overflow in PERF_IDX2OFF() for Arm SPE and TRBE drivers

by Leo Yan

If the AUX buffer size is specified as 2 GiB or larger, the expression "(buf)->nr_pages << PAGE_SHIFT" may exceed 0x8000_0000. Since (buf)->nr_pages is a signed integer, the shift can overflow and produce a negative value. As a result, PERF_IDX2OFF() fails to work correctly. Fix this by casting (buf)->nr_pages to unsigned long before the shift, which allows PERF_IDX2OFF() to handle large buffers properly. Signed-off-by: Leo Yan <leo.yan(a)arm.com> --- Leo Yan (2): coresight: trbe: Prevent overflow in PERF_IDX2OFF() perf: arm_spe: Prevent overflow in PERF_IDX2OFF() drivers/hwtracing/coresight/coresight-trbe.c | 3 ++- drivers/perf/arm_spe_pmu.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) --- base-commit: 5aca7966d2a7255ba92fd5e63268dd767b223aa5 change-id: 20250917-fix_aux_trace_index-9745674f5061 Best regards, -- Leo Yan <leo.yan(a)arm.com>

23 hours, 15 minutes

Re: [PATCH] coresight: Fix data argument to coresight_enable_helpers

by Leo Yan

On Wed, Sep 17, 2025 at 09:35:55AM +0800, Jie Gan wrote: [...] > > diff --git a/drivers/hwtracing/coresight/coresight-core.c b/drivers/hwtracing/coresight/coresight-core.c > > index fa758cc21827..b1077d73c988 100644 > > --- a/drivers/hwtracing/coresight/coresight-core.c > > +++ b/drivers/hwtracing/coresight/coresight-core.c > > @@ -510,7 +510,7 @@ int coresight_enable_path(struct coresight_path *path, enum cs_mode mode, > > type = csdev->type; > > /* Enable all helpers adjacent to the path first */ > > - ret = coresight_enable_helpers(csdev, mode, path); > > + ret = coresight_enable_helpers(csdev, mode, sink_data); > > I dont think we can change back to sink_data since we introduced > coresight_path to wrap 'data' which is needed by the path. This change can fix catu issue but will cause regression for ctcu driver. > I suggest you to add the struct perf_output_handle to the coresight_path, > then retrieving it with data->perf_handle in tmc_etr_get_buffer. > > before: > struct perf_output_handle *handle = data; > > after: > struct coresight_path *path = data; > struct perf_output_handle *handle = path->perf_handle; > > We can assign the perf_output_handle to the coresight_path after we > constructed the coresight_path in perf mode. The suggestion looks good to me. Thanks, Leo

1 day, 7 hours

Re: [PATCH v3] coresight: Fix possible deadlock in coresight_panic_cb

by Leo Yan

On Tue, Sep 16, 2025 at 12:51:11PM -0400, Sean Anderson wrote: > On 9/16/25 12:48, Leo Yan wrote: > > On Tue, Sep 16, 2025 at 12:14:40PM -0400, Sean Anderson wrote: > > > > [...] > > > >> > Could you check if the drafted patch below looks good to you? If so, I > >> > >> As stated above I disagree with a half-hearted removal. If you want to do that, > >> then I will resend v2 done with an rcu list and you can make your own follow-up. > > > > It is fine to disagree, but please don't resend v2 :) > > > > We have plan to refactor locking in CoreSight driver, I will try my > > best to avoid adding new lock unless with a strong reason. > > As said above it will be done with an rcu list, so no new lock. > > Or I can do this patch but stick the notifier block in csdev as suggested by Suzuki. I am fine for adding the notifier block in csdev. Suzuki, could you confirm if this is the right way to move forward? Thanks, Leo

1 day, 8 hours

[PATCH v4 0/3] coresight-tnoc: Add support for Interconnect TNOC

by Yuanfang Zhang

This patch series adds support for the Qualcomm CoreSight Interconnect TNOC (Trace Network On Chip) block, which acts as a CoreSight graph link forwarding trace data from subsystems to the Aggregator TNOC. Unlike the Aggregator TNOC, this block does not support aggregation or ATID assignment. Signed-off-by: Yuanfang Zhang <yuanfang.zhang(a)oss.qualcomm.com> --- Changes in v4: - Fix unintended blank line removals in trace_noc_enable_hw. - Link to v3: https://lore.kernel.org/r/20250828-itnoc-v3-0-f1b55dea7a27@oss.qualcomm.com Changes in v3: - Add detail for changes in V2. - Remove '#address-cells' and '#size-cells' properties from in-ports field. - Fix comment indentation for packet description. - Link to v2: https://lore.kernel.org/r/20250819-itnoc-v2-0-2d0e6be44e2f@oss.qualcomm.com Changes in v2: - Removed the trailing '|' after the description in qcom,coresight-itnoc.yaml. - Dropped the 'select' section from the YAML file. - Updated node name to use a more generic naming convention. - Removed the 'items' property from the compatible field. - Deleted the description for the reg property. - Dropped clock-names and adjusted the order of clock-names and clocks. - Moved additionalProperties to follow the $ref of out-ports. - Change "atid" type from u32 to int, set it as "-EOPNOTSUPP" for non-AMBA device. - Link to v1: https://lore.kernel.org/r/20250815-itnoc-v1-0-62c8e4f7ad32@oss.qualcomm.com --- Yuanfang Zhang (3): dt-bindings: arm: qcom: Add Coresight Interconnect TNOC coresight-tnoc: add platform driver to support Interconnect TNOC coresight-tnoc: Add runtime PM support for Interconnect TNOC .../bindings/arm/qcom,coresight-itnoc.yaml | 90 ++++++++++++++ drivers/hwtracing/coresight/coresight-tnoc.c | 136 +++++++++++++++++++-- 2 files changed, 215 insertions(+), 11 deletions(-) --- base-commit: 2b52cf338d39d684a1c6af298e8204902c026aca change-id: 20250815-itnoc-460273d1b80c Best regards, -- Yuanfang Zhang <yuanfang.zhang(a)oss.qualcomm.com>

1 day, 13 hours

Re: [PATCH v3] coresight: Fix possible deadlock in coresight_panic_cb

by Leo Yan

On Mon, Sep 15, 2025 at 10:31:24AM -0400, Sean Anderson wrote: > On 9/15/25 05:58, Leo Yan wrote: > > On Fri, Sep 12, 2025 at 11:13:14AM -0400, Sean Anderson wrote: > >> coresight_panic_cb is called with interrupts disabled during panics. > >> However, bus_for_each_dev calls bus_to_subsys which takes > >> bus_kset->list_lock without disabling IRQs. This may cause a deadlock. > > > > I would rephrase it to make it clearer for anyone reading it later: > > > > coresight_panic_cb() is called during panics, which can preempt a flow > > that triggers exceptions (such as data or instruction aborts). > > I don't see what exceptions have to do with it. You can also panic > during a regular interrupt. The commit mentioned "without disabling IRQs" gives the impression that the deadlock is caused by IRQ-unsafe locking, which might mislead into thinking why the issue cannot be fixed with IRQ-safe locking. Regardless of whether IRQs are disabled, and regardless of the context (interrupt, bottom-half, or normal thread), the conditions for the deadlock are only about: (a) The bus lock has been acquired; (b) A panic is triggered to try to acquire the same lock. [...] > > When I review this patch, I recognize we can consolidate panic notifier > > in coresight-tmc-core.c, so we don't need to distribute the changes > > into ETF and ETR drivers (sorry if I misled you in my previous reply). > > And this kind of thing is why I went with the straightforward fix > initially. I do not want to bikeshed the extent that this gets removed. > IMO the whole "panic ops" stuff should be done directly with the panic > notifier, hence this patch. If you do not agree with that, then ack v2 > and send a follow up of your own to fix it how you see fit. I would fix it in one go. I agree with you that "the whole panic ops stuff should be done directly with the panic". The only difference between us is that I would keep the `panic_ops` callback. To me, this encapsulates panic callbacks into different modules, to make the code more general. Could you check if the drafted patch below looks good to you? If so, I will send out a formal patch. ---8<--- From ea78dd22cbdd97f709c5991d5bd3be97be6e137e Mon Sep 17 00:00:00 2001 From: Sean Anderson <sean.anderson(a)linux.dev> Date: Tue, 16 Sep 2025 16:03:58 +0100 Subject: [PATCH] coresight: Fix possible deadlock in coresight_panic_cb() coresight_panic_cb() is called during a panic. It invokes bus_for_each_dev(), which then calls bus_to_subsys() and takes the 'bus_kset->list_lock'. If a panic occurs after the lock has been acquired, it can lead to a deadlock. Instead of using a common panic notifier to iterate the bus, this commit directly registers the TMC device's panic notifier. This avoids bus iteration and effectively eliminates the race condition that could cause the deadlock. Fixes: 46006ceb5d02 ("coresight: core: Add provision for panic callbacks") Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> Signed-off-by: Leo Yan <leo.yan(a)arm.com> --- drivers/hwtracing/coresight/coresight-core.c | 42 ------------------- .../hwtracing/coresight/coresight-tmc-core.c | 26 ++++++++++++ drivers/hwtracing/coresight/coresight-tmc.h | 2 + 3 files changed, 28 insertions(+), 42 deletions(-) diff --git a/drivers/hwtracing/coresight/coresight-core.c b/drivers/hwtracing/coresight/coresight-core.c index 3267192f0c1c..cb0cc8d77056 100644 --- a/drivers/hwtracing/coresight/coresight-core.c +++ b/drivers/hwtracing/coresight/coresight-core.c @@ -21,7 +21,6 @@ #include <linux/property.h> #include <linux/delay.h> #include <linux/pm_runtime.h> -#include <linux/panic_notifier.h> #include "coresight-etm-perf.h" #include "coresight-priv.h" @@ -1566,36 +1565,6 @@ const struct bus_type coresight_bustype = { .name = "coresight", }; -static int coresight_panic_sync(struct device *dev, void *data) -{ - int mode; - struct coresight_device *csdev; - - /* Run through panic sync handlers for all enabled devices */ - csdev = container_of(dev, struct coresight_device, dev); - mode = coresight_get_mode(csdev); - - if ((mode == CS_MODE_SYSFS) || (mode == CS_MODE_PERF)) { - if (panic_ops(csdev)) - panic_ops(csdev)->sync(csdev); - } - - return 0; -} - -static int coresight_panic_cb(struct notifier_block *self, - unsigned long v, void *p) -{ - bus_for_each_dev(&coresight_bustype, NULL, NULL, - coresight_panic_sync); - - return 0; -} - -static struct notifier_block coresight_notifier = { - .notifier_call = coresight_panic_cb, -}; - static int __init coresight_init(void) { int ret; @@ -1608,20 +1577,11 @@ static int __init coresight_init(void) if (ret) goto exit_bus_unregister; - /* Register function to be called for panic */ - ret = atomic_notifier_chain_register(&panic_notifier_list, - &coresight_notifier); - if (ret) - goto exit_perf; - /* initialise the coresight syscfg API */ ret = cscfg_init(); if (!ret) return 0; - atomic_notifier_chain_unregister(&panic_notifier_list, - &coresight_notifier); -exit_perf: etm_perf_exit(); exit_bus_unregister: bus_unregister(&coresight_bustype); @@ -1631,8 +1591,6 @@ static int __init coresight_init(void) static void __exit coresight_exit(void) { cscfg_exit(); - atomic_notifier_chain_unregister(&panic_notifier_list, - &coresight_notifier); etm_perf_exit(); bus_unregister(&coresight_bustype); } diff --git a/drivers/hwtracing/coresight/coresight-tmc-core.c b/drivers/hwtracing/coresight/coresight-tmc-core.c index 36599c431be6..108ed9daf56d 100644 --- a/drivers/hwtracing/coresight/coresight-tmc-core.c +++ b/drivers/hwtracing/coresight/coresight-tmc-core.c @@ -21,6 +21,7 @@ #include <linux/slab.h> #include <linux/dma-mapping.h> #include <linux/spinlock.h> +#include <linux/panic_notifier.h> #include <linux/pm_runtime.h> #include <linux/of.h> #include <linux/of_address.h> @@ -769,6 +770,21 @@ static void register_crash_dev_interface(struct tmc_drvdata *drvdata, "Valid crash tracedata found\n"); } +static int tmc_panic_cb(struct notifier_block *nb, unsigned long v, void *p) +{ + struct tmc_drvdata *drvdata = container_of(nb, struct tmc_drvdata, + panic_notifier); + struct coresight_device *csdev = drvdata->csdev; + + if (coresight_get_mode(csdev) == CS_MODE_DISABLED) + return 0; + + if (panic_ops(csdev)) + panic_ops(csdev)->sync(csdev); + + return 0; +} + static int __tmc_probe(struct device *dev, struct resource *res) { int ret = 0; @@ -885,6 +901,12 @@ static int __tmc_probe(struct device *dev, struct resource *res) goto out; } + if (panic_ops(drvdata->csdev)) { + drvdata->panic_notifier.notifier_call = tmc_panic_cb; + atomic_notifier_chain_register(&panic_notifier_list, + &drvdata->panic_notifier); + } + out: if (is_tmc_crashdata_valid(drvdata) && !tmc_prepare_crashdata(drvdata)) @@ -929,6 +951,10 @@ static void __tmc_remove(struct device *dev) { struct tmc_drvdata *drvdata = dev_get_drvdata(dev); + if (panic_ops(drvdata->csdev)) + atomic_notifier_chain_unregister(&panic_notifier_list, + &drvdata->panic_notifier); + /* * Since misc_open() holds a refcount on the f_ops, which is * etb fops in this case, device is there until last file diff --git a/drivers/hwtracing/coresight/coresight-tmc.h b/drivers/hwtracing/coresight/coresight-tmc.h index cbb4ba439158..873c5427673c 100644 --- a/drivers/hwtracing/coresight/coresight-tmc.h +++ b/drivers/hwtracing/coresight/coresight-tmc.h @@ -243,6 +243,7 @@ struct tmc_resrv_buf { * (after crash) by default. * @crash_mdata: Reserved memory for storing tmc crash metadata. * Used by ETR/ETF. + * @panic_notifier: Notifier used to clean up during a panic */ struct tmc_drvdata { struct clk *atclk; @@ -273,6 +274,7 @@ struct tmc_drvdata { struct etr_buf *perf_buf; struct tmc_resrv_buf resrv_buf; struct tmc_resrv_buf crash_mdata; + struct notifier_block panic_notifier; }; struct etr_buf_operations { -- 2.34.1

2 days

Re: [PATCH v3] coresight: Fix possible deadlock in coresight_panic_cb

by Leo Yan

On Tue, Sep 16, 2025 at 12:14:40PM -0400, Sean Anderson wrote: [...] > > Could you check if the drafted patch below looks good to you? If so, I > > As stated above I disagree with a half-hearted removal. If you want to do that, > then I will resend v2 done with an rcu list and you can make your own follow-up. It is fine to disagree, but please don't resend v2 :) We have plan to refactor locking in CoreSight driver, I will try my best to avoid adding new lock unless with a strong reason. Thanks, Leo

2 days

[PATCH v3 00/31] CoreSight: Address CPU Power Management Issues

by Leo Yan

This series addresses CPU power management issues in the CoreSight drivers. For easier review, the patches are organized into two categories: o Patches 01 ~ 10 focus on CPU power management within the ETM drivers. These patches fix SMP-safe access to the mode, correct context synchronization, and refactor the CPU suspend/resume flows. o Patches 11 ~ 31 extend CPU power management to cover activated paths, including helpers, links, and sinks. These changes move CPU PM and hotplug notifiers from the ETMv4 driver into the CoreSight core layer. Summary: - Patches 01 ~ 03: Fix device mode access in the SMP mode. - Patch 04 : A minor fix for polling bit. - Patches 05 ~ 07: Improve the context synchronization based on the ETM specification (IHI0064H.b) and Arm ARM (ARM DDI 0487 L.a). - Patches 08 ~ 10: Refactor the context save/restore flow in the ETMv4 driver, in the end, the CPU PM callbacks reuse the normal enabling and disabling flows. - Patches 11 ~ 17: Move CPU PM code from ETMv4 driver to the core layer. - Patches 18 ~ 23: Enhance the CTI driver for preparation dynamically controlling CTI devices in PM flows. This includes device mode handling in the CTI driver and distinguishing trace modes (Perf or SysFS). Refactor the PM notifier and improve locking usage (including for syscfg). - Patches 24 ~ 31: Support save and restore context for TRBE and manages activated paths during CPU idle and CPU hotplug. Verification: This series has been verified on Juno-r0 and r2 platform. Stress test script: #!/usr/bin/bash echo 1 > /sys/bus/coresight/devices/tmc_etr0/enable_sink while true; do echo 0 > /sys/devices/system/cpu/cpu2/online; echo 1 > /sys/devices/system/cpu/cpu2/online; done & while true; do echo 1 > /sys/bus/coresight/devices/etm2/enable_source; echo 0 > /sys/bus/coresight/devices/etm2/enable_source; done & Test script with kernel module insmod / rmmod: #!/bin/bash modules=( "coresight" "coresight_dummy" "coresight_replicator" "coresight_tpiu" "coresight_cpu_debug" "coresight_etb10" "coresight_stm" "coresight_trbe" "coresight_tmc" "coresight_ctcu" "coresight_catu" "coresight_etm4x" "coresight_cti" "coresight_funnel" "coresight_tnoc" ) module_dir="/mnt/build/drivers/hwtracing/coresight/" if [[ "$1" == "in" ]]; then echo "Inserting modules..." for mod in "${modules[@]}"; do modprobe $mod && echo "Loaded $mod" || echo "Failed to load $mod" done elif [[ "$1" == "rm" ]]; then echo "Removing modules..." # Remove in reverse order to respect dependencies for (( idx=${#modules[@]}-1 ; idx>=0 ; idx-- )); do mod="${modules[$idx]}" echo "Removing $mod..." rmmod "$mod" && echo "Removed $mod" || echo "Failed to remove $mod" done fi --- Changes in v3: - Fixed building failure in ETMv3 driver (kernel test robot). - Refactoring ETMv3 change for checking CPU ID (Levi). - Fixed NULL pointer issue during CPU idle (James). - Fixed lockdep complaint for HARDIRQ-safe and HARDIRA-unsafe (James). - Fixed acquiring mutex in atomic context (James). - Rebased on the latest coresight-next branch. - Link to v2: https://lore.kernel.org/r/20250701-arm_cs_pm_fix_v3-v2-0-23ebb864fcc1@arm.c… Changes in v2: - Refactored ETMv4 suspend and resume for reusing the normal enabling and disabling flows (James). - Used a per-CPU structure to maintain path pointers (James). - Supported helpers in CPU PM flows (James). - Fixed the SMP-safe access to device mode. - Fixed the context synchronization in ETMv4x driver. - Link to v1: https://lore.kernel.org/linux-arm-kernel/20250516160742.1200904-1-leo.yan@a… Signed-off-by: Leo Yan <leo.yan(a)arm.com> --- Leo Yan (30): coresight: Change device mode to atomic type coresight: etm4x: Always set tracer's device mode on target CPU coresight: etm3x: Always set tracer's device mode on target CPU coresight: etm4x: Correct polling IDLE bit coresight: etm4x: Ensure context synchronization is not ignored coresight: etm4x: Add context synchronization before enabling trace coresight: etm4x: Properly control filter in CPU idle with FEAT_TRF coresight: etm4x: Remove the state_needs_restore flag coresight: etm4x: Add flag to control single-shot restart coresight: etm4x: Reuse normal enable and disable logic in CPU idle coresight: Populate CPU ID into the coresight_device structure coresight: sysfs: Validate CPU online status for per-CPU sources coresight: Set per CPU source pointer coresight: Register CPU PM notifier in core layer coresight: etm4x: Hook CPU PM callbacks coresight: Add callback to determine if context save/restore is needed coresight: etm4x: Remove redundant condition checks in save and restore coresight: cti: Fix race condition by using device mode coresight: cti: Introduce CS_MODE_DEBUG mode coresight: cti: Register PM notifier after data initialization coresight: cti: Properly handle modes in CPU PM notifiers coresight: cti: Make spin lock usage consistent coresight: syscfg: Use spinlock to protect active variables coresight: Add per-CPU path pointer coresight: Add 'in_idle' argument to path enable/disable functions coresight: Control path during CPU idle coresight: Add PM callbacks for percpu sink coresight: Take hotplug lock in enable_source_store() for Sysfs mode coresight: Move CPU hotplug callbacks to core layer coresight: Manage activated path during CPU hotplug Yabin Cui (1): coresight: trbe: Save and restore state across CPU low power state drivers/hwtracing/coresight/coresight-catu.c | 1 + drivers/hwtracing/coresight/coresight-core.c | 337 ++++++++++++-- drivers/hwtracing/coresight/coresight-ctcu-core.c | 1 + drivers/hwtracing/coresight/coresight-cti-core.c | 69 ++- drivers/hwtracing/coresight/coresight-cti-sysfs.c | 2 +- drivers/hwtracing/coresight/coresight-dummy.c | 1 + drivers/hwtracing/coresight/coresight-etb10.c | 1 + drivers/hwtracing/coresight/coresight-etm3x-core.c | 55 ++- drivers/hwtracing/coresight/coresight-etm4x-core.c | 491 ++++++--------------- drivers/hwtracing/coresight/coresight-etm4x.h | 62 --- drivers/hwtracing/coresight/coresight-funnel.c | 1 + drivers/hwtracing/coresight/coresight-replicator.c | 1 + drivers/hwtracing/coresight/coresight-stm.c | 1 + drivers/hwtracing/coresight/coresight-syscfg.c | 22 +- drivers/hwtracing/coresight/coresight-syscfg.h | 2 + drivers/hwtracing/coresight/coresight-sysfs.c | 10 + drivers/hwtracing/coresight/coresight-tmc-core.c | 1 + drivers/hwtracing/coresight/coresight-tpda.c | 1 + drivers/hwtracing/coresight/coresight-tpdm.c | 1 + drivers/hwtracing/coresight/coresight-tpiu.c | 1 + drivers/hwtracing/coresight/coresight-trbe.c | 85 ++++ drivers/hwtracing/coresight/ultrasoc-smb.c | 1 + include/linux/coresight.h | 55 ++- 23 files changed, 687 insertions(+), 515 deletions(-) --- base-commit: 559d6c380ea0a27e71d0269410301303515e4179 change-id: 20250909-arm_coresight_power_management_fix-139873f942e8 Best regards, -- Leo Yan <leo.yan(a)arm.com>

3 days, 4 hours

Re: [PATCH v3] coresight: Fix possible deadlock in coresight_panic_cb

by Leo Yan

On Fri, Sep 12, 2025 at 11:13:14AM -0400, Sean Anderson wrote: > coresight_panic_cb is called with interrupts disabled during panics. > However, bus_for_each_dev calls bus_to_subsys which takes > bus_kset->list_lock without disabling IRQs. This may cause a deadlock. I would rephrase it to make it clearer for anyone reading it later: coresight_panic_cb() is called during panics, which can preempt a flow that triggers exceptions (such as data or instruction aborts). However, bus_for_each_dev() calls bus_to_subsys(), which takes 'bus_kset->list_lock'. If a panic occurs after the lock has been acquired, it will cause a deadlock. > Instead of adding a panic API for coresight devices, just have coresight > drivers that need a panic callback register directly with the panic > notifier. > > Fixes: 46006ceb5d02 ("coresight: core: Add provision for panic callbacks") > Fixes: 6dbcbcfc4496 ("coresight: tmc: Enable panic sync handling") Let us fix the bug caused by the commit 46006ceb5d02. OTOH, I think we should not touch change introduced in the commit 6dbcbcfc4496. Please see details below. > Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> > --- > > Changes in v3: > - Rewrite patch to remove the panic sync API entirely > > Changes in v2: > - Add a comment describing csdev_lock/list > - Consolidate list removal in coresight_device_release > > drivers/hwtracing/coresight/coresight-core.c | 42 ------------------- > .../hwtracing/coresight/coresight-tmc-core.c | 20 ++++++++- > .../hwtracing/coresight/coresight-tmc-etf.c | 12 +++--- > .../hwtracing/coresight/coresight-tmc-etr.c | 12 +++--- > drivers/hwtracing/coresight/coresight-tmc.h | 10 ++++- > include/linux/coresight.h | 11 +---- > 6 files changed, 38 insertions(+), 69 deletions(-) > > diff --git a/drivers/hwtracing/coresight/coresight-core.c b/drivers/hwtracing/coresight/coresight-core.c > index fa758cc21827..297af270bf3d 100644 > --- a/drivers/hwtracing/coresight/coresight-core.c > +++ b/drivers/hwtracing/coresight/coresight-core.c > @@ -19,7 +19,6 @@ > #include <linux/property.h> > #include <linux/delay.h> > #include <linux/pm_runtime.h> > -#include <linux/panic_notifier.h> > > #include "coresight-etm-perf.h" > #include "coresight-priv.h" > @@ -1563,36 +1562,6 @@ const struct bus_type coresight_bustype = { > .name = "coresight", > }; > > -static int coresight_panic_sync(struct device *dev, void *data) > -{ > - int mode; > - struct coresight_device *csdev; > - > - /* Run through panic sync handlers for all enabled devices */ > - csdev = container_of(dev, struct coresight_device, dev); > - mode = coresight_get_mode(csdev); > - > - if ((mode == CS_MODE_SYSFS) || (mode == CS_MODE_PERF)) { > - if (panic_ops(csdev)) > - panic_ops(csdev)->sync(csdev); > - } > - > - return 0; > -} > - > -static int coresight_panic_cb(struct notifier_block *self, > - unsigned long v, void *p) > -{ > - bus_for_each_dev(&coresight_bustype, NULL, NULL, > - coresight_panic_sync); > - > - return 0; > -} > - > -static struct notifier_block coresight_notifier = { > - .notifier_call = coresight_panic_cb, > -}; > - > static int __init coresight_init(void) > { > int ret; > @@ -1605,20 +1574,11 @@ static int __init coresight_init(void) > if (ret) > goto exit_bus_unregister; > > - /* Register function to be called for panic */ > - ret = atomic_notifier_chain_register(&panic_notifier_list, > - &coresight_notifier); > - if (ret) > - goto exit_perf; > - > /* initialise the coresight syscfg API */ > ret = cscfg_init(); > if (!ret) > return 0; > > - atomic_notifier_chain_unregister(&panic_notifier_list, > - &coresight_notifier); > -exit_perf: > etm_perf_exit(); > exit_bus_unregister: > bus_unregister(&coresight_bustype); > @@ -1628,8 +1588,6 @@ static int __init coresight_init(void) > static void __exit coresight_exit(void) > { > cscfg_exit(); > - atomic_notifier_chain_unregister(&panic_notifier_list, > - &coresight_notifier); > etm_perf_exit(); > bus_unregister(&coresight_bustype); > } Removing panic notifier in coresight-core.c looks good to me. > diff --git a/drivers/hwtracing/coresight/coresight-tmc-core.c b/drivers/hwtracing/coresight/coresight-tmc-core.c > index 88afb16bb6be..012f76dbf7d3 100644 > --- a/drivers/hwtracing/coresight/coresight-tmc-core.c > +++ b/drivers/hwtracing/coresight/coresight-tmc-core.c > @@ -16,6 +16,7 @@ > #include <linux/fs.h> > #include <linux/miscdevice.h> > #include <linux/mutex.h> > +#include <linux/panic_notifier.h> > #include <linux/property.h> > #include <linux/uaccess.h> > #include <linux/slab.h> > @@ -834,6 +835,7 @@ static int __tmc_probe(struct device *dev, struct resource *res) > desc.type = CORESIGHT_DEV_TYPE_SINK; > desc.subtype.sink_subtype = CORESIGHT_DEV_SUBTYPE_SINK_SYSMEM; > desc.ops = &tmc_etr_cs_ops; > + drvdata->panic_notifier.notifier_call = tmc_panic_sync_etr; > ret = tmc_etr_setup_caps(dev, devid, &desc.access); > if (ret) > goto out; > @@ -847,6 +849,7 @@ static int __tmc_probe(struct device *dev, struct resource *res) > desc.subtype.sink_subtype = CORESIGHT_DEV_SUBTYPE_SINK_BUFFER; > desc.subtype.link_subtype = CORESIGHT_DEV_SUBTYPE_LINK_FIFO; > desc.ops = &tmc_etf_cs_ops; > + drvdata->panic_notifier.notifier_call = tmc_panic_sync_etf; > dev_list = &etf_devs; > break; > default: > @@ -869,11 +872,18 @@ static int __tmc_probe(struct device *dev, struct resource *res) > dev->platform_data = pdata; > desc.pdata = pdata; > > + if (drvdata->panic_notifier.notifier_call) { > + ret = atomic_notifier_chain_register(&panic_notifier_list, > + &drvdata->panic_notifier); > + if (ret) > + goto out; > + } When I review this patch, I recognize we can consolidate panic notifier in coresight-tmc-core.c, so we don't need to distribute the changes into ETF and ETR drivers (sorry if I misled you in my previous reply). How about we change like below? We still can keep the panic_ops callback, and then register a common callback tmc_panic_cb(), which still checks device state and invoke device's sync callback. diff --git a/drivers/hwtracing/coresight/coresight-tmc-core.c b/drivers/hwtracing/coresight/coresight-tmc-core.c index bd783c9dcb56..f7c175b3ae4c 100644 --- a/drivers/hwtracing/coresight/coresight-tmc-core.c +++ b/drivers/hwtracing/coresight/coresight-tmc-core.c @@ -21,6 +21,7 @@ #include <linux/slab.h> #include <linux/dma-mapping.h> #include <linux/spinlock.h> +#include <linux/panic_notifier.h> #include <linux/pm_runtime.h> #include <linux/of.h> #include <linux/of_address.h> @@ -769,6 +770,22 @@ static void register_crash_dev_interface(struct tmc_drvdata *drvdata, "Valid crash tracedata found\n"); } +static int tmc_panic_cb(struct notifier_block *nb, unsigned long v, void *p) +{ + struct tmc_drvdata *drvdata = container_of(nb, struct tmc_drvdata, + panic_notifier); + struct coresight_device *csdev = drvdata->csdev; + int mode = coresight_get_mode(csdev); + + if (mode == CS_MODE_DISABLED) + return 0; + + if (panic_ops(csdev)) + panic_ops(csdev)->sync(csdev); + + return 0; +} + static int __tmc_probe(struct device *dev, struct resource *res) { int ret = 0; @@ -886,6 +903,12 @@ static int __tmc_probe(struct device *dev, struct resource *res) goto out; } + if (panic_ops(drvdata->csdev)) { + drvdata->panic_notifier.notifier_call = tmc_panic_cb; + atomic_notifier_chain_register(&panic_notifier_list, + &drvdata->panic_notifier); + } + out: if (is_tmc_crashdata_valid(drvdata) && !tmc_prepare_crashdata(drvdata)) @@ -930,6 +953,10 @@ static void __tmc_remove(struct device *dev) { struct tmc_drvdata *drvdata = dev_get_drvdata(dev); + if (panic_ops(drvdata->csdev)) + atomic_notifier_chain_unregister(&panic_notifier_list, + &drvdata->panic_notifier); + /* * Since misc_open() holds a refcount on the f_ops, which is * etb fops in this case, device is there until last file diff --git a/drivers/hwtracing/coresight/coresight-tmc.h b/drivers/hwtracing/coresight/coresight-tmc.h index cbb4ba439158..873c5427673c 100644 --- a/drivers/hwtracing/coresight/coresight-tmc.h +++ b/drivers/hwtracing/coresight/coresight-tmc.h @@ -243,6 +243,7 @@ struct tmc_resrv_buf { * (after crash) by default. * @crash_mdata: Reserved memory for storing tmc crash metadata. * Used by ETR/ETF. + * @panic_notifier: Notifier used to clean up during a panic */ struct tmc_drvdata { struct clk *atclk; @@ -273,6 +274,7 @@ struct tmc_drvdata { struct etr_buf *perf_buf; struct tmc_resrv_buf resrv_buf; struct tmc_resrv_buf crash_mdata; + struct notifier_block panic_notifier; }; struct etr_buf_operations {

3 days, 6 hours

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

CoreSight