CoreSight

coresight@lists.linaro.org

3 participants
2528 discussions

Re: [PATCH v3] coresight: ETR: Fix ETR buffer use-after-free issue

by Suzuki K Poulose

On Tue, 21 Oct 2025 16:45:25 +0800, Xiaoqi Zhuang wrote: > When ETR is enabled as CS_MODE_SYSFS, if the buffer size is changed > and enabled again, currently sysfs_buf will point to the newly > allocated memory(buf_new) and free the old memory(buf_old). But the > etr_buf that is being used by the ETR remains pointed to buf_old, not > updated to buf_new. In this case, it will result in a memory > use-after-free issue. > > [...] Applied, thanks! [1/1] coresight: ETR: Fix ETR buffer use-after-free issue https://git.kernel.org/coresight/c/35501ac3c7d4 Best regards, -- Suzuki K Poulose <suzuki.poulose(a)arm.com>

1 day, 21 hours

Re: [PATCH] coresight: tpdm: remove redundant check for drvdata

by Suzuki K Poulose

On Fri, 07 Nov 2025 14:16:39 +0800, Jie Gan wrote: > Remove the redundant check for drvdata data because the drvdata here already > has been guarranted to be non-NULL. > > Applied, thanks! [1/1] coresight: tpdm: remove redundant check for drvdata https://git.kernel.org/coresight/c/aa5edd1b5ece Best regards, -- Suzuki K Poulose <suzuki.poulose(a)arm.com>

2 days

Re: [PATCH] coresight: tpdm: remove redundant check for drvdata

by Suzuki K Poulose

On 07/11/2025 06:16, Jie Gan wrote: > Remove the redundant check for drvdata data because the drvdata here already > has been guarranted to be non-NULL. > > Fixes: 350ba15ae187 ("coresight-tpdm: Add nodes for dsb msr support") > Fixes: 8e8804145a46 ("coresight-tpdm: Add msr register support for CMB") This doesn't need to be backported as such, as it is a cleanup. I will drop the Fixes tag and merge this. Suzuki > Signed-off-by: Jie Gan <jie.gan(a)oss.qualcomm.com> > --- > drivers/hwtracing/coresight/coresight-tpdm.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/hwtracing/coresight/coresight-tpdm.c b/drivers/hwtracing/coresight/coresight-tpdm.c > index 0e3896c12f07..06e0a905a67d 100644 > --- a/drivers/hwtracing/coresight/coresight-tpdm.c > +++ b/drivers/hwtracing/coresight/coresight-tpdm.c > @@ -1402,11 +1402,11 @@ static int tpdm_probe(struct device *dev, struct resource *res) > if (ret) > return ret; > > - if (drvdata && tpdm_has_dsb_dataset(drvdata)) > + if (tpdm_has_dsb_dataset(drvdata)) > of_property_read_u32(drvdata->dev->of_node, > "qcom,dsb-msrs-num", &drvdata->dsb_msr_num); > > - if (drvdata && tpdm_has_cmb_dataset(drvdata)) > + if (tpdm_has_cmb_dataset(drvdata)) > of_property_read_u32(drvdata->dev->of_node, > "qcom,cmb-msrs-num", &drvdata->cmb_msr_num); > } else { > > --- > base-commit: df5d79720b152e7ff058f11ed7e88d5b5c8d2a0c > change-id: 20251107-fix_tpdm_redundant_check-a5a7bad4b7c8 > prerequisite-change-id: 20251028-add_static_tpdm_support-1f62477857e2:v4 > prerequisite-patch-id: eda8dd6884b831cb10affc22477aece39c78b408 > prerequisite-patch-id: 7beb8b17d54ff21bc57eab10b56e6ffcfa4d1963 > prerequisite-patch-id: f6f1e78dba3f1d3b1191ab827adab5a3b7b2326a > > Best regards,

2 days

[PATCH] coresight: tmc: Prevent sysfs parameter changes if sink in use

by Mike Leach

The sysfs files that change the operational parameters for TMC buffer_size, stop_on_flush and trigger_cntr are writable when the TMC is in use. The new values will have no effect and be silently ignored. Alter the sysfs functions to return -EBUSY if the TMC is currently in use, and also protect the write values using the spinlock. Signed-off-by: Mike Leach <mike.leach(a)linaro.org> --- .../hwtracing/coresight/coresight-tmc-core.c | 41 ++++++++++++++++--- 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/drivers/hwtracing/coresight/coresight-tmc-core.c b/drivers/hwtracing/coresight/coresight-tmc-core.c index 36599c431be6..a1216a1f9681 100644 --- a/drivers/hwtracing/coresight/coresight-tmc-core.c +++ b/drivers/hwtracing/coresight/coresight-tmc-core.c @@ -489,15 +489,24 @@ static ssize_t trigger_cntr_store(struct device *dev, const char *buf, size_t size) { int ret; - unsigned long val; + unsigned long val, flags; struct tmc_drvdata *drvdata = dev_get_drvdata(dev->parent); ret = kstrtoul(buf, 16, &val); if (ret) return ret; + /* do not permit write if the sink is currently in use */ + raw_spin_lock_irqsave(&drvdata->spinlock, flags); + if (coresight_get_mode(drvdata->csdev) != CS_MODE_DISABLED) { + ret = -EBUSY; + goto out; + } drvdata->trigger_cntr = val; - return size; + ret = size; +out: + raw_spin_unlock_irqrestore(&drvdata->spinlock, flags); + return ret; } static DEVICE_ATTR_RW(trigger_cntr); @@ -514,7 +523,7 @@ static ssize_t buffer_size_store(struct device *dev, const char *buf, size_t size) { int ret; - unsigned long val; + unsigned long val, flags; struct tmc_drvdata *drvdata = dev_get_drvdata(dev->parent); /* Only permitted for TMC-ETRs */ @@ -527,8 +536,18 @@ static ssize_t buffer_size_store(struct device *dev, /* The buffer size should be page aligned */ if (val & (PAGE_SIZE - 1)) return -EINVAL; + + /* do not permit write if the sink is currently in use */ + raw_spin_lock_irqsave(&drvdata->spinlock, flags); + if (coresight_get_mode(drvdata->csdev) != CS_MODE_DISABLED) { + ret = -EBUSY; + goto out; + } drvdata->size = val; - return size; + ret = size; +out: + raw_spin_unlock_irqrestore(&drvdata->spinlock, flags); + return ret; } static DEVICE_ATTR_RW(buffer_size); @@ -547,17 +566,27 @@ static ssize_t stop_on_flush_store(struct device *dev, { int ret; u8 val; + unsigned long flags; struct tmc_drvdata *drvdata = dev_get_drvdata(dev->parent); ret = kstrtou8(buf, 0, &val); if (ret) return ret; + + /* do not permit write if the sink is currently in use */ + raw_spin_lock_irqsave(&drvdata->spinlock, flags); + if (coresight_get_mode(drvdata->csdev) != CS_MODE_DISABLED) { + ret = -EBUSY; + goto out; + } if (val) drvdata->stop_on_flush = true; else drvdata->stop_on_flush = false; - - return size; + ret = size; +out: + raw_spin_unlock_irqrestore(&drvdata->spinlock, flags); + return ret; } static DEVICE_ATTR_RW(stop_on_flush); -- 2.32.0

2 days, 21 hours

Re: [subset] [PATCH v4 0/3] coresight: add static TPDM support

by Suzuki K Poulose

On Tue, 28 Oct 2025 18:11:39 +0800, Jie Gan wrote: > The static TPDM function as a dummy source, however, it is essential > to enable the port connected to the TPDA and configure the element size. > Without this, the TPDA cannot correctly receive trace data from the > static TPDM. Since the static TPDM does not require MMIO mapping to > access its registers, a clock controller is not mandatory for its > operation. > > [...] Applied, thanks! [1/3] dt-bindings: arm: document the static TPDM compatible https://git.kernel.org/coresight/c/8d204b6f1f7a [2/3] coresight: tpdm: add static tpdm support https://git.kernel.org/coresight/c/14ae052f7947 Best regards, -- Suzuki K Poulose <suzuki.poulose(a)arm.com>

3 days

Re: [PATCH v4 3/3] arm64: dts: qcom: lemans: enable static TPDM

by Suzuki K Poulose

On 28/10/2025 10:11, Jie Gan wrote: > Enable static TPDM device for lemans. > > Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> > Signed-off-by: Jie Gan <jie.gan(a)oss.qualcomm.com> Assuming this goes via some other tree: Acked-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> > --- > arch/arm64/boot/dts/qcom/lemans.dtsi | 105 +++++++++++++++++++++++++++++++++++ > 1 file changed, 105 insertions(+) > > diff --git a/arch/arm64/boot/dts/qcom/lemans.dtsi b/arch/arm64/boot/dts/qcom/lemans.dtsi > index 0b154d57ba24..8a93b353d11c 100644 > --- a/arch/arm64/boot/dts/qcom/lemans.dtsi > +++ b/arch/arm64/boot/dts/qcom/lemans.dtsi > @@ -2961,6 +2961,14 @@ funnel1_in4: endpoint { > <&apss_funnel1_out>; > }; > }; > + > + port@5 { > + reg = <5>; > + > + funnel1_in5: endpoint { > + remote-endpoint = <&dlct0_funnel_out>; > + }; > + }; > }; > }; > > @@ -3118,6 +3126,60 @@ etr1_out: endpoint { > }; > }; > > + tpda@4ad3000 { > + compatible = "qcom,coresight-tpda", "arm,primecell"; > + reg = <0x0 0x4ad3000 0x0 0x1000>; > + > + clocks = <&aoss_qmp>; > + clock-names = "apb_pclk"; > + > + in-ports { > + #address-cells = <1>; > + #size-cells = <0>; > + > + port@10 { > + reg = <16>; > + dlct0_tpda_in16: endpoint { > + remote-endpoint = <&turing0_funnel_out>; > + }; > + }; > + }; > + > + out-ports { > + port { > + dlct0_tpda_out: endpoint { > + remote-endpoint = > + <&dlct0_funnel_in0>; > + }; > + }; > + }; > + > + }; > + > + funnel@4ad4000 { > + compatible = "arm,coresight-dynamic-funnel", "arm,primecell"; > + reg = <0x0 0x4ad4000 0x0 0x1000>; > + > + clocks = <&aoss_qmp>; > + clock-names = "apb_pclk"; > + > + in-ports { > + port { > + dlct0_funnel_in0: endpoint { > + remote-endpoint = <&dlct0_tpda_out>; > + }; > + }; > + }; > + > + out-ports { > + port { > + dlct0_funnel_out: endpoint { > + remote-endpoint = <&funnel1_in5>; > + }; > + }; > + }; > + }; > + > funnel@4b04000 { > compatible = "arm,coresight-dynamic-funnel", "arm,primecell"; > reg = <0x0 0x4b04000 0x0 0x1000>; > @@ -3390,6 +3452,35 @@ aoss_cti: cti@4b13000 { > clock-names = "apb_pclk"; > }; > > + funnel@4b83000 { > + compatible = "arm,coresight-dynamic-funnel", "arm,primecell"; > + reg = <0x0 0x4b83000 0x0 0x1000>; > + > + clocks = <&aoss_qmp>; > + clock-names = "apb_pclk"; > + > + in-ports { > + #address-cells = <1>; > + #size-cells = <0>; > + > + port@1 { > + reg = <1>; > + > + turing0_funnel_in1: endpoint { > + remote-endpoint = <&turing_llm_tpdm_out>; > + }; > + }; > + }; > + > + out-ports { > + port { > + turing0_funnel_out: endpoint { > + remote-endpoint = <&dlct0_tpda_in16>; > + }; > + }; > + }; > + }; > + > etm@6040000 { > compatible = "arm,primecell"; > reg = <0x0 0x6040000 0x0 0x1000>; > @@ -8269,6 +8360,20 @@ arch_timer: timer { > <GIC_PPI 10 (GIC_CPU_MASK_SIMPLE(8) | IRQ_TYPE_LEVEL_LOW)>; > }; > > + turing-llm-tpdm { > + compatible = "qcom,coresight-static-tpdm"; > + > + qcom,cmb-element-bits = <32>; > + > + out-ports { > + port { > + turing_llm_tpdm_out: endpoint { > + remote-endpoint = <&turing0_funnel_in1>; > + }; > + }; > + }; > + }; > + > pcie0: pcie@1c00000 { > compatible = "qcom,pcie-sa8775p"; > reg = <0x0 0x01c00000 0x0 0x3000>, >

3 days

Re: [PATCH v4 2/3] coresight: tpdm: add static tpdm support

by Suzuki K Poulose

On 28/10/2025 10:11, Jie Gan wrote: > The static TPDM function as a dummy source, however, it is essential > to enable the port connected to the TPDA and configure the element size. > Without this, the TPDA cannot correctly receive trace data from the > static TPDM. Since the static TPDM does not require MMIO mapping to > access its registers, a clock controller is not mandatory for its > operation. > > Signed-off-by: Jie Gan <jie.gan(a)oss.qualcomm.com> > --- > drivers/hwtracing/coresight/coresight-tpda.c | 7 -- > drivers/hwtracing/coresight/coresight-tpdm.c | 174 ++++++++++++++++++++++----- > drivers/hwtracing/coresight/coresight-tpdm.h | 12 ++ > 3 files changed, 154 insertions(+), 39 deletions(-) > > diff --git a/drivers/hwtracing/coresight/coresight-tpda.c b/drivers/hwtracing/coresight/coresight-tpda.c > index 333b3cb23685..3a3825d27f86 100644 > --- a/drivers/hwtracing/coresight/coresight-tpda.c > +++ b/drivers/hwtracing/coresight/coresight-tpda.c > @@ -22,13 +22,6 @@ > > DEFINE_CORESIGHT_DEVLIST(tpda_devs, "tpda"); > > -static bool coresight_device_is_tpdm(struct coresight_device *csdev) > -{ > - return (coresight_is_device_source(csdev)) && > - (csdev->subtype.source_subtype == > - CORESIGHT_DEV_SUBTYPE_SOURCE_TPDM); > -} > - > static void tpda_clear_element_size(struct coresight_device *csdev) > { > struct tpda_drvdata *drvdata = dev_get_drvdata(csdev->dev.parent); > diff --git a/drivers/hwtracing/coresight/coresight-tpdm.c b/drivers/hwtracing/coresight/coresight-tpdm.c > index 7214e65097ec..0e3896c12f07 100644 > --- a/drivers/hwtracing/coresight/coresight-tpdm.c > +++ b/drivers/hwtracing/coresight/coresight-tpdm.c > @@ -470,6 +470,9 @@ static void tpdm_enable_cmb(struct tpdm_drvdata *drvdata) > */ > static void __tpdm_enable(struct tpdm_drvdata *drvdata) > { > + if (coresight_is_static_tpdm(drvdata->csdev)) > + return; > + > CS_UNLOCK(drvdata->base); > > tpdm_enable_dsb(drvdata); > @@ -532,6 +535,9 @@ static void tpdm_disable_cmb(struct tpdm_drvdata *drvdata) > /* TPDM disable operations */ > static void __tpdm_disable(struct tpdm_drvdata *drvdata) > { > + if (coresight_is_static_tpdm(drvdata->csdev)) > + return; > + > CS_UNLOCK(drvdata->base); > > tpdm_disable_dsb(drvdata); > @@ -595,6 +601,30 @@ static int tpdm_datasets_setup(struct tpdm_drvdata *drvdata) > return 0; > } > > +static int static_tpdm_datasets_setup(struct tpdm_drvdata *drvdata, struct device *dev) > +{ > + /* setup datasets for static TPDM */ > + if (fwnode_property_present(dev->fwnode, "qcom,dsb-element-bits") && > + (!drvdata->dsb)) { > + drvdata->dsb = devm_kzalloc(drvdata->dev, > + sizeof(*drvdata->dsb), GFP_KERNEL); > + > + if (!drvdata->dsb) > + return -ENOMEM; > + } > + > + if (fwnode_property_present(dev->fwnode, "qcom,cmb-element-bits") && > + (!drvdata->cmb)) { > + drvdata->cmb = devm_kzalloc(drvdata->dev, > + sizeof(*drvdata->cmb), GFP_KERNEL); > + > + if (!drvdata->cmb) > + return -ENOMEM; > + } > + > + return 0; > +} > + > static ssize_t reset_dataset_store(struct device *dev, > struct device_attribute *attr, > const char *buf, > @@ -1342,10 +1372,9 @@ static const struct attribute_group *tpdm_attr_grps[] = { > NULL, > }; > > -static int tpdm_probe(struct amba_device *adev, const struct amba_id *id) > +static int tpdm_probe(struct device *dev, struct resource *res) > { > void __iomem *base; > - struct device *dev = &adev->dev; > struct coresight_platform_data *pdata; > struct tpdm_drvdata *drvdata; > struct coresight_desc desc = { 0 }; > @@ -1354,32 +1383,37 @@ static int tpdm_probe(struct amba_device *adev, const struct amba_id *id) > pdata = coresight_get_platform_data(dev); > if (IS_ERR(pdata)) > return PTR_ERR(pdata); > - adev->dev.platform_data = pdata; > + dev->platform_data = pdata; > > /* driver data*/ > drvdata = devm_kzalloc(dev, sizeof(*drvdata), GFP_KERNEL); > if (!drvdata) > return -ENOMEM; > - drvdata->dev = &adev->dev; > + drvdata->dev = dev; > dev_set_drvdata(dev, drvdata); > > - base = devm_ioremap_resource(dev, &adev->res); > - if (IS_ERR(base)) > - return PTR_ERR(base); > + if (res) { > + base = devm_ioremap_resource(dev, res); > + if (IS_ERR(base)) > + return PTR_ERR(base); > > - drvdata->base = base; > + drvdata->base = base; > + ret = tpdm_datasets_setup(drvdata); > + if (ret) > + return ret; > > - ret = tpdm_datasets_setup(drvdata); > - if (ret) > - return ret; > - > - if (drvdata && tpdm_has_dsb_dataset(drvdata)) > - of_property_read_u32(drvdata->dev->of_node, > - "qcom,dsb-msrs-num", &drvdata->dsb_msr_num); > + if (drvdata && tpdm_has_dsb_dataset(drvdata)) > + of_property_read_u32(drvdata->dev->of_node, > + "qcom,dsb-msrs-num", &drvdata->dsb_msr_num); > > - if (drvdata && tpdm_has_cmb_dataset(drvdata)) > - of_property_read_u32(drvdata->dev->of_node, > - "qcom,cmb-msrs-num", &drvdata->cmb_msr_num); > + if (drvdata && tpdm_has_cmb_dataset(drvdata)) > + of_property_read_u32(drvdata->dev->of_node, > + "qcom,cmb-msrs-num", &drvdata->cmb_msr_num); minor nit: drvdata is guranteed to be !NULL, as we err out if it was. This can be fixed up as separate patch. Suzuki > + } else { > + ret = static_tpdm_datasets_setup(drvdata, dev); > + if (ret) > + return ret; > + } > > /* Set up coresight component description */ > desc.name = coresight_alloc_device_name(&tpdm_devs, dev); > @@ -1388,34 +1422,51 @@ static int tpdm_probe(struct amba_device *adev, const struct amba_id *id) > desc.type = CORESIGHT_DEV_TYPE_SOURCE; > desc.subtype.source_subtype = CORESIGHT_DEV_SUBTYPE_SOURCE_TPDM; > desc.ops = &tpdm_cs_ops; > - desc.pdata = adev->dev.platform_data; > - desc.dev = &adev->dev; > + desc.pdata = dev->platform_data; > + desc.dev = dev; > desc.access = CSDEV_ACCESS_IOMEM(base); > - desc.groups = tpdm_attr_grps; > + if (res) > + desc.groups = tpdm_attr_grps; > drvdata->csdev = coresight_register(&desc); > if (IS_ERR(drvdata->csdev)) > return PTR_ERR(drvdata->csdev); > > spin_lock_init(&drvdata->spinlock); > > - /* Decrease pm refcount when probe is done.*/ > - pm_runtime_put(&adev->dev); > - > return 0; > } > > -static void tpdm_remove(struct amba_device *adev) > +static int tpdm_remove(struct device *dev) > { > - struct tpdm_drvdata *drvdata = dev_get_drvdata(&adev->dev); > + struct tpdm_drvdata *drvdata = dev_get_drvdata(dev); > > coresight_unregister(drvdata->csdev); > + > + return 0; > +} > + > +static int dynamic_tpdm_probe(struct amba_device *adev, > + const struct amba_id *id) > +{ > + int ret; > + > + ret = tpdm_probe(&adev->dev, &adev->res); > + if (!ret) > + pm_runtime_put(&adev->dev); > + > + return ret; > +} > + > +static void dynamic_tpdm_remove(struct amba_device *adev) > +{ > + tpdm_remove(&adev->dev); > } > > /* > * Different TPDM has different periph id. > * The difference is 0-7 bits' value. So ignore 0-7 bits. > */ > -static const struct amba_id tpdm_ids[] = { > +static const struct amba_id dynamic_tpdm_ids[] = { > { > .id = 0x001f0e00, > .mask = 0x00ffff00, > @@ -1423,17 +1474,76 @@ static const struct amba_id tpdm_ids[] = { > { 0, 0, NULL }, > }; > > -static struct amba_driver tpdm_driver = { > +MODULE_DEVICE_TABLE(amba, dynamic_tpdm_ids); > + > +static struct amba_driver dynamic_tpdm_driver = { > .drv = { > .name = "coresight-tpdm", > .suppress_bind_attrs = true, > }, > - .probe = tpdm_probe, > - .id_table = tpdm_ids, > - .remove = tpdm_remove, > + .probe = dynamic_tpdm_probe, > + .id_table = dynamic_tpdm_ids, > + .remove = dynamic_tpdm_remove, > }; > > -module_amba_driver(tpdm_driver); > +static int tpdm_platform_probe(struct platform_device *pdev) > +{ > + struct resource *res = platform_get_resource(pdev, IORESOURCE_MEM, 0); > + int ret; > + > + pm_runtime_get_noresume(&pdev->dev); > + pm_runtime_set_active(&pdev->dev); > + pm_runtime_enable(&pdev->dev); > + > + ret = tpdm_probe(&pdev->dev, res); > + pm_runtime_put(&pdev->dev); > + if (ret) > + pm_runtime_disable(&pdev->dev); > + > + return ret; > +} > + > +static void tpdm_platform_remove(struct platform_device *pdev) > +{ > + struct tpdm_drvdata *drvdata = dev_get_drvdata(&pdev->dev); > + > + if (WARN_ON(!drvdata)) > + return; > + > + tpdm_remove(&pdev->dev); > + pm_runtime_disable(&pdev->dev); > +} > + > +static const struct of_device_id static_tpdm_match[] = { > + {.compatible = "qcom,coresight-static-tpdm"}, > + {} > +}; > + > +MODULE_DEVICE_TABLE(of, static_tpdm_match); > + > +static struct platform_driver static_tpdm_driver = { > + .probe = tpdm_platform_probe, > + .remove = tpdm_platform_remove, > + .driver = { > + .name = "coresight-static-tpdm", > + .of_match_table = static_tpdm_match, > + .suppress_bind_attrs = true, > + }, > +}; > + > +static int __init tpdm_init(void) > +{ > + return coresight_init_driver("tpdm", &dynamic_tpdm_driver, &static_tpdm_driver, > + THIS_MODULE); > +} > + > +static void __exit tpdm_exit(void) > +{ > + coresight_remove_driver(&dynamic_tpdm_driver, &static_tpdm_driver); > +} > + > +module_init(tpdm_init); > +module_exit(tpdm_exit); > > MODULE_LICENSE("GPL"); > MODULE_DESCRIPTION("Trace, Profiling & Diagnostic Monitor driver"); > diff --git a/drivers/hwtracing/coresight/coresight-tpdm.h b/drivers/hwtracing/coresight/coresight-tpdm.h > index b11754389734..2867f3ab8186 100644 > --- a/drivers/hwtracing/coresight/coresight-tpdm.h > +++ b/drivers/hwtracing/coresight/coresight-tpdm.h > @@ -343,4 +343,16 @@ struct tpdm_dataset_attribute { > enum dataset_mem mem; > u32 idx; > }; > + > +static inline bool coresight_device_is_tpdm(struct coresight_device *csdev) > +{ > + return (coresight_is_device_source(csdev)) && > + (csdev->subtype.source_subtype == > + CORESIGHT_DEV_SUBTYPE_SOURCE_TPDM); > +} > + > +static inline bool coresight_is_static_tpdm(struct coresight_device *csdev) > +{ > + return (coresight_device_is_tpdm(csdev) && !csdev->access.base); > +} > #endif /* _CORESIGHT_CORESIGHT_TPDM_H */ >

3 days

Re: [PATCH v5 0/2] Add Qualcomm extended CTI support

by Mike Leach

Hi, On Mon, 3 Nov 2025 at 08:46, Yingchao Deng <yingchao.deng(a)oss.qualcomm.com> wrote: > > >Hi, > > > >This set is looking good now and appears to be getting close to being ready. > > > >There are a few minor issues in the second patch and a few items that > >need to be confirmed. > >1) I note that you removed the code to prevent calling claim/disclaim. > >Does this mean that you confirm that you have tested the patch update > >for claim tags I posted works on your system? > > I just tested this patch, the default value of qcom_cti's CLAIMSET register is 0xf, > and unlike the standard CTI (write 0 is no effect), it can be written with 0. > So, is it acceptable to write 0 to the claimset register of qcom_cti after reading the > devarch register during the probe phase? > > devarch = readl_relaxed(drvdata->base + CORESIGHT_DEVARCH); > if (CTI_DEVARCH_ARCHITECT(devarch) == ARCHITECT_QCOM) { > drvdata->subtype = QCOM_CTI; > drvdata->offsets = cti_extended_offset; > writel_relaxed(0, drvdata->base + CORESIGHT_CLAIMSET); > } else { > drvdata->subtype = ARM_STD_CTI; > drvdata->offsets = cti_normal_offset; > } > OK - if you look at v2 of the cliam tag set you will see we introduce a "claim_tag_info" attribute to the coresight_device structure. This is initially set to CS_CLAIM_TAG_UNKNOWN, and on the first claim/disclaim API call the claim tags validity will be tested and a value of CS_CLAIM_TAG_STD_PROTOCOL or CS_CLAIM_TAG_NOT_IMPL set, skipping the test on all subsequent claim calls. if you set this in the probe function i.e. csdev->claim_tag_info = CS_CLAIM_TAG_NOT_IMPL, then the claim tags will not be used. whichever method you use, please ensure a comment appears in the code describing why the workaround is necessary. Regards Mike > >2) In patch 2 I made some comments in regard to ARCH values - please > >confirm that these are accurate and have been tested as working on > >your system > > Yes, the bits 31:20 in qcom_cti's DEVARCH register are 0x8EF. > > >3) As mentioned in the comments to patch 2 - you need to update the > >docs for the new sysfs selection file you have added > > Will update in v6. > > Thanks > Yingchao > > > > >Thanks and Regards > > > >Mike > > > >On Mon, 20 Oct 2025 at 08:12, Yingchao Deng > ><yingchao.deng(a)oss.qualcomm.com> wrote: > >> > >> The QCOM extended CTI is a heavily parameterized version of ARM’s CSCTI. > >> It allows a debugger to send to trigger events to a processor or to send > >> a trigger event to one or more processors when a trigger event occurs on > >> another processor on the same SoC, or even between SoCs. > >> > >> QCOM extended CTI supports up to 128 triggers. And some of the register > >> offsets are changed. > >> > >> The commands to configure CTI triggers are the same as ARM's CTI. > >> > >> Changes in v5: > >> 1. Move common part in qcom-cti.h to coresight-cti.h. > >> 2. Convert trigger usage fields to dynamic bitmaps and arrays. > >> 3. Fix holes in struct cti_config to save some space. > >> 4. Revert the previous changes related to the claim tag in > >> cti_enable/disable_hw. > >> Link to v4 - https://lore.kernel.org/linux-arm-msm/20250902-extended_cti-v4-1-7677de04b4… > >> > >> Changes in v4: > >> 1. Read the DEVARCH registers to identify Qualcomm CTI. > >> 2. Add a reg_idx node, and refactor the coresight_cti_reg_show() and > >> coresight_cti_reg_store() functions accordingly. > >> 3. The register offsets specific to Qualcomm CTI are moved to qcom_cti.h. > >> Link to v3 - https://lore.kernel.org/linux-arm-msm/20250722081405.2947294-1-quic_jinlmao… > >> > >> Changes in v3: > >> 1. Rename is_extended_cti() to of_is_extended_cti(). > >> 2. Add the missing 'i' when write the CTI trigger registers. > >> 3. Convert the multi-line output in sysfs to single line. > >> 4. Initialize offset arrays using designated initializer. > >> Link to V2 - https://lore.kernel.org/all/20250429071841.1158315-3-quic_jinlmao@quicinc.c… > >> > >> Changes in V2: > >> 1. Add enum for compatible items. > >> 2. Move offset arrays to coresight-cti-core > >> > >> Signed-off-by: Jinlong Mao <jinlong.mao(a)oss.qualcomm.com> > >> Signed-off-by: Yingchao Deng <yingchao.deng(a)oss.qualcomm.com> > >> --- > >> Yingchao Deng (2): > >> coresight: cti: Convert trigger usage fields to dynamic bitmaps and arrays > >> coresight: cti: Add Qualcomm extended CTI support > >> > >> drivers/hwtracing/coresight/coresight-cti-core.c | 144 +++++++++++++--- > >> .../hwtracing/coresight/coresight-cti-platform.c | 16 +- > >> drivers/hwtracing/coresight/coresight-cti-sysfs.c | 184 +++++++++++++++------ > >> drivers/hwtracing/coresight/coresight-cti.h | 60 ++++++- > >> drivers/hwtracing/coresight/qcom-cti.h | 29 ++++ > >> 5 files changed, 346 insertions(+), 87 deletions(-) > >> --- > >> base-commit: 1fdbb3ff1233e204e26f9f6821ae9c125a055229 > >> change-id: 20251016-extended_cti-2a426c8894b1 > >> > >> Best regards, > >> -- > >> Yingchao Deng <yingchao.deng(a)oss.qualcomm.com> > >> -- Mike Leach Principal Engineer, ARM Ltd. Manchester Design Centre. UK

3 days, 1 hour

Re: [PATCH v3] coresight: ETR: Fix ETR buffer use-after-free issue

by Leo Yan

On Tue, Oct 21, 2025 at 04:45:25PM +0800, Xiaoqi Zhuang wrote: > When ETR is enabled as CS_MODE_SYSFS, if the buffer size is changed > and enabled again, currently sysfs_buf will point to the newly > allocated memory(buf_new) and free the old memory(buf_old). But the > etr_buf that is being used by the ETR remains pointed to buf_old, not > updated to buf_new. In this case, it will result in a memory > use-after-free issue. > > Fix this by checking ETR's mode before updating and releasing buf_old, > if the mode is CS_MODE_SYSFS, then skip updating and releasing it. > > Fixes: bd2767ec3df2 ("coresight: Fix run time warnings while reusing ETR buffer") > Signed-off-by: Xiaoqi Zhuang <xiaoqi.zhuang(a)oss.qualcomm.com> Tested on my Juno board with below steps: 1) Enable the first path: ETM2 -> ETR0 echo 1 > /sys/bus/coresight/devices/tmc_etr0/enable_sink echo 1 > /sys/bus/coresight/devices/etm2/enable_source 2) Enlarge buffer size from 1MiB to 4MiB cat /sys/bus/coresight/devices/tmc_etr0/buffer_size 0x100000 echo 0x400000 > /sys/bus/coresight/devices/tmc_etr0/buffer_size 3) Enable the second path: ETM0 -> ETR0 echo 1 > /sys/bus/coresight/devices/etm0/enable_source 4) Disable paths echo 0 > /sys/bus/coresight/devices/etm0/enable_source echo 0 > /sys/bus/coresight/devices/etm2/enable_source Without this patch, the oops will be triggered when disable paths. I can confirm this patch does dismiss the issue. Tested-by: Leo Yan <leo.yan(a)arm.com> > --- > Changes in v3: > - Add a fix tag for the fix patch. > - Link to v2: https://lore.kernel.org/r/20251021-fix_etr_issue-v2-1-80c40c9cac8c@oss.qual… > > Changes in v2: > - Exit earlier to avoid allocating memory unnecessarily. > - Link to v1: https://lore.kernel.org/r/20251020-fix_etr_issue-v1-1-902ab51770b4@oss.qual… > --- > drivers/hwtracing/coresight/coresight-tmc-etr.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c b/drivers/hwtracing/coresight/coresight-tmc-etr.c > index b07fcdb3fe1a..800be06598c1 100644 > --- a/drivers/hwtracing/coresight/coresight-tmc-etr.c > +++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c > @@ -1250,6 +1250,13 @@ static struct etr_buf *tmc_etr_get_sysfs_buffer(struct coresight_device *csdev) > * with the lock released. > */ > raw_spin_lock_irqsave(&drvdata->spinlock, flags); > + > + /* > + * If the ETR is already enabled, continue with the existing buffer. > + */ > + if (coresight_get_mode(csdev) == CS_MODE_SYSFS) > + goto out; > + > sysfs_buf = READ_ONCE(drvdata->sysfs_buf); > if (!sysfs_buf || (sysfs_buf->size != drvdata->size)) { > raw_spin_unlock_irqrestore(&drvdata->spinlock, flags); > > --- > base-commit: 98ac9cc4b4452ed7e714eddc8c90ac4ae5da1a09 > change-id: 20251020-fix_etr_issue-02c706dbc899 > > Best regards, > -- > Xiaoqi Zhuang <xiaoqi.zhuang(a)oss.qualcomm.com> > >

3 days, 22 hours

[PATCH v4 00/15] CoreSight: Refactor power management for CoreSight path

by Leo Yan

This series is extracted from [1], focusing on CoreSight path power management. Compared to the previous version, this series is updated heavily for: 1) Dropped the global per CPU variable for saving path pointers. Instead, the activate path is now stored in the source device's structure. This allows fetching the path pointer naturally based on the source regardless of whether it is a per-CPU source or a system source (such as STM). This improvement addresses Mike's comment that, later we can polish coresight-sysfs.c to remove the tracer_path variables. 2) To simplify the series and make it easier to review, the CTI driver related fixes have been removed from this series and which will be sent out separately. 3) This series disables the path when a CPU is hot-plugged off but does not re-enable it when the CPU is subsequently hot-plugged in. This simplifies the implementation and keep it consistent with the perf session's behavior. It also improves security, as there is no risk of unintended tracing caused by a CPU being hot-plugged after a long period of inactivity. This series is dependent on ETM driver's PM improvement series [2] and has been verified on Juno-r2 and FVP RevC. [1] https://lore.kernel.org/linux-arm-kernel/20250915-arm_coresight_power_manag… [2] https://lore.kernel.org/linux-arm-kernel/20251103-arm_coresight_power_manag… --- Changes in v4: - Changed to store path pointer in coresight_device, this is easier for fetching path pointer based on source device (Mike). - Dropped changes in CTI driver. - Only disabled path for CPU hot-plugged off but not enable path for hot-plugged in. - Removed James' test tags for modified patches. - Link to v3: https://lore.kernel.org/r/20250915-arm_coresight_power_management_fix-v3-0-… Signed-off-by: Leo Yan <leo.yan(a)arm.com> --- Leo Yan (14): coresight: sysfs: Validate CPU online status for per-CPU sources coresight: Set per CPU source pointer coresight: Register CPU PM notifier in core layer coresight: etm4x: Hook CPU PM callbacks coresight: Add callback to determine if PM is needed coresight: etm4x: Remove redundant condition checks in save and restore coresight: syscfg: Use spinlock to protect active variables coresight: Introduce coresight_enable_source() helper coresight: Save activated path into source device coresight: Add 'in_idle' argument to enable/disable path functions coresight: Control path during CPU idle coresight: Add PM callbacks for percpu sink coresight: Take hotplug lock in enable_source_store() for Sysfs mode coresight: Move CPU hotplug callbacks to core layer Yabin Cui (1): coresight: trbe: Save and restore state across CPU low power state drivers/hwtracing/coresight/coresight-catu.c | 1 + drivers/hwtracing/coresight/coresight-core.c | 273 ++++++++++++++++++++- drivers/hwtracing/coresight/coresight-ctcu-core.c | 1 + drivers/hwtracing/coresight/coresight-cti-core.c | 1 + drivers/hwtracing/coresight/coresight-dummy.c | 1 + drivers/hwtracing/coresight/coresight-etb10.c | 1 + drivers/hwtracing/coresight/coresight-etm-perf.c | 2 +- drivers/hwtracing/coresight/coresight-etm3x-core.c | 1 + drivers/hwtracing/coresight/coresight-etm4x-core.c | 137 ++--------- drivers/hwtracing/coresight/coresight-funnel.c | 1 + drivers/hwtracing/coresight/coresight-priv.h | 3 + drivers/hwtracing/coresight/coresight-replicator.c | 1 + drivers/hwtracing/coresight/coresight-stm.c | 1 + drivers/hwtracing/coresight/coresight-syscfg.c | 22 +- drivers/hwtracing/coresight/coresight-syscfg.h | 2 + drivers/hwtracing/coresight/coresight-sysfs.c | 12 +- drivers/hwtracing/coresight/coresight-tmc-core.c | 1 + drivers/hwtracing/coresight/coresight-tnoc.c | 2 + drivers/hwtracing/coresight/coresight-tpda.c | 1 + drivers/hwtracing/coresight/coresight-tpdm.c | 1 + drivers/hwtracing/coresight/coresight-tpiu.c | 1 + drivers/hwtracing/coresight/coresight-trbe.c | 85 ++++++- drivers/hwtracing/coresight/ultrasoc-smb.c | 1 + include/linux/coresight.h | 13 + 24 files changed, 425 insertions(+), 140 deletions(-) --- base-commit: f9ac95561513e18c2a2cf8905355dc5f0e030c46 change-id: 20251104-arm_coresight_path_power_management_improvement-dab4966f8280 Best regards, -- Leo Yan <leo.yan(a)arm.com>

4 days, 22 hours

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

CoreSight