CoreSight

coresight@lists.linaro.org

4 participants
2736 discussions

Re: [PATCH] coresight: fix resource leaks on path build failure

by James Clark

On 20/05/2026 11:13 am, Jie Gan wrote: > > > On 5/20/2026 5:27 PM, Mike Leach wrote: >> >> >>> -----Original Message----- >>> From: James Clark <james.clark(a)linaro.org> >>> Sent: Wednesday, May 20, 2026 9:38 AM >>> To: Jie Gan <jie.gan(a)oss.qualcomm.com> >>> Cc: coresight(a)lists.linaro.org; linux-arm-kernel(a)lists.infradead.org; >>> linux- >>> kernel(a)vger.kernel.org; Suzuki Poulose <Suzuki.Poulose(a)arm.com>; Mike >>> Leach <Mike.Leach(a)arm.com>; Leo Yan <Leo.Yan(a)arm.com>; Alexander >>> Shishkin <alexander.shishkin(a)linux.intel.com>; Mathieu Poirier >>> <mathieu.poirier(a)linaro.org>; Tingwei Zhang >>> <tingwei.zhang(a)oss.qualcomm.com>; Greg Kroah-Hartman >>> <gregkh(a)linuxfoundation.org> >>> Subject: Re: [PATCH] coresight: fix resource leaks on path build failure >>> >>> >>> >>> On 20/05/2026 2:55 am, Jie Gan wrote: >>>> >>>> >>>> On 5/19/2026 9:57 PM, James Clark wrote: >>>>> >>>>> >>>>> On 13/05/2026 2:32 am, Jie Gan wrote: >>>>>> Two related leaks when _coresight_build_path() encounters an error >>>>>> after >>>>>> coresight_grab_device() has already incremented the pm_runtime, >>> module, >>>>>> and device references for a node: >>>>>> >>>>>> 1. In _coresight_build_path(), if kzalloc_obj() for the path node >>>>>> fails >>>>>> after coresight_grab_device() succeeds, >>>>>> coresight_drop_device() was >>>>>> never called, permanently leaking all three references. >>>>>> >>>>>> 2. In coresight_build_path(), on failure the partial path was >>>>>> freed with >>>>>> kfree(path) instead of coresight_release_path(path). kfree() >>>>>> only >>>>>> frees the coresight_path struct itself; it does not iterate >>>>>> path_list >>>>>> to call coresight_drop_device() and kfree() for each >>>>>> coresight_node >>>>>> already added by deeper recursive calls, leaking both the >>>>>> pm_runtime, >>>>>> module, and device references and the node memory for every >>>>>> element >>>>>> on the partial path. >>>>>> >>>>>> Fix both by adding coresight_drop_device() in the OOM unwind of >>>>>> _coresight_build_path(), and replacing kfree(path) with >>>>>> coresight_release_path(path) in coresight_build_path(). >>>>>> >>>>>> Fixes: 32b0707a4182 ("coresight: Add try_get_module() in >>>>>> coresight_grab_device()") >>>>>> Fixes: b3e94405941e ("coresight: associating path with session rather >>>>>> than tracer") >>>>>> Signed-off-by: Jie Gan <jie.gan(a)oss.qualcomm.com> >>>>>> --- >>>>>> drivers/hwtracing/coresight/coresight-core.c | 6 ++++-- >>>>>> 1 file changed, 4 insertions(+), 2 deletions(-) >>>>>> >>>>>> diff --git a/drivers/hwtracing/coresight/coresight-core.c b/drivers/ >>>>>> hwtracing/coresight/coresight-core.c >>>>>> index 46f247f73cf6..c1354ea8e11d 100644 >>>>>> --- a/drivers/hwtracing/coresight/coresight-core.c >>>>>> +++ b/drivers/hwtracing/coresight/coresight-core.c >>>>>> @@ -825,8 +825,10 @@ static int _coresight_build_path(struct >>>>>> coresight_device *csdev, >>>>>> return ret; >>>>>> node = kzalloc_obj(struct coresight_node); >>>>>> - if (!node) >>>>>> + if (!node) { >>>>>> + coresight_drop_device(csdev); >>>>>> return -ENOMEM; >>>>>> + } >>>>>> node->csdev = csdev; >>>>>> list_add(&node->link, &path->path_list); >>>>>> @@ -851,7 +853,7 @@ struct coresight_path >>>>>> *coresight_build_path(struct coresight_device *source, >>>>>> rc = _coresight_build_path(source, source, sink, path); >>>>>> if (rc) { >>>>>> - kfree(path); >>>>>> + coresight_release_path(path); >>>>>> return ERR_PTR(rc); >>>>>> } >>>>>> >>>>>> --- >>>>>> base-commit: e98d21c170b01ddef366f023bbfcf6b31509fa83 >>>>>> change-id: 20260513-fix-memory-leak-issue-034b4a45265e >>>>>> >>>>>> Best regards, >>>>> >>>>> Looks good to me, but sashiko is complaining: https://sashiko.dev/#/ >>>>> patchset/20260513-fix-memory-leak-issue- >>>>> v1-1-49822d7bc7d4%40oss.qualcomm.com >>>>> >>>>> I'm trying to understand why it's saying that, but I think the >>>>> scenario is that if there are multiple correct paths to a sink, when >>>>> one path partially fails and a second path succeeds you could get a >>>>> path_list with some garbage entries in it. >>>> >>>> I think the coresight_release_path is added to address this situation. >>>> We suffered the path partially failure, and we need release all nodes >>>> already added to the path. >>>> >>> >>> It wouldn't call coresight_release_path() in this case though. If one >>> path ends up building to success but a parallel path partially failed >>> then _coresight_build_path() still returns success. During the search it >>> would have still added the nodes from the partially failed path to the >>> path_list. This is only an issue if there are multiple correct paths. >>> > > The point here is there are multiple routes from the same source device > to the same sink device, am right? > > I have no experience on this scenario. So with the scenario, the > build_path may succeeded in one route and failed in another route, but > finally, the _coresight_build_path still returns success, is that correct? > >>>>> >>>>> That's kind of a different and existing issue to the one you've fixed, >>>>> and assumes that multiple paths to one sink are possible, which I'm >>>>> not sure is supported? >>>> >>>> Each path is unique. We only deal with the issue path for balancing the >>>> reference count. >>>> >>>> Thanks, >>>> Jie >>>> >>> >>> I'm not exactly sure what you mean by unique, but the same source and >>> sink could potentially be connected through two different sets of links. >>> >> >> Multiple paths between a source and sink are not permitted under the >> CoreSight spec. >> > > As Mike mentioned, my understanding is that a source device is only > allowed to be added to one valid path—this is what I mean by “unique.” > > Thanks, > Jie > That's ok then we can ignore this for this patch. But it would be good to enforce that in _coresight_build_path() with some kind of assert. Or at least add a comment to appease the AI reviewers. >> If such a system was to be built - then a fix would need to be in the >> declaration of connections - e.g. miss one path out in the device tree >> for example. Not up to the Coresight drivers to handle out of >> specification hardware. >> >> Mike >> >> >>>>> >>>>> It might be as easy as breaking the loop early for any return value >>>>> other than -ENODEV, but I'll leave it to you to decide whether to do >>>>> that here or not. >>>>> >>>>> Reviewed-by: James Clark <james.clark(a)linaro.org> >>>>> >>>> >> >

1 day, 19 hours

Re: [PATCH] coresight: fix resource leaks on path build failure

by James Clark

On 20/05/2026 2:55 am, Jie Gan wrote: > > > On 5/19/2026 9:57 PM, James Clark wrote: >> >> >> On 13/05/2026 2:32 am, Jie Gan wrote: >>> Two related leaks when _coresight_build_path() encounters an error after >>> coresight_grab_device() has already incremented the pm_runtime, module, >>> and device references for a node: >>> >>> 1. In _coresight_build_path(), if kzalloc_obj() for the path node fails >>> after coresight_grab_device() succeeds, coresight_drop_device() was >>> never called, permanently leaking all three references. >>> >>> 2. In coresight_build_path(), on failure the partial path was freed with >>> kfree(path) instead of coresight_release_path(path). kfree() only >>> frees the coresight_path struct itself; it does not iterate >>> path_list >>> to call coresight_drop_device() and kfree() for each coresight_node >>> already added by deeper recursive calls, leaking both the >>> pm_runtime, >>> module, and device references and the node memory for every element >>> on the partial path. >>> >>> Fix both by adding coresight_drop_device() in the OOM unwind of >>> _coresight_build_path(), and replacing kfree(path) with >>> coresight_release_path(path) in coresight_build_path(). >>> >>> Fixes: 32b0707a4182 ("coresight: Add try_get_module() in >>> coresight_grab_device()") >>> Fixes: b3e94405941e ("coresight: associating path with session rather >>> than tracer") >>> Signed-off-by: Jie Gan <jie.gan(a)oss.qualcomm.com> >>> --- >>> drivers/hwtracing/coresight/coresight-core.c | 6 ++++-- >>> 1 file changed, 4 insertions(+), 2 deletions(-) >>> >>> diff --git a/drivers/hwtracing/coresight/coresight-core.c b/drivers/ >>> hwtracing/coresight/coresight-core.c >>> index 46f247f73cf6..c1354ea8e11d 100644 >>> --- a/drivers/hwtracing/coresight/coresight-core.c >>> +++ b/drivers/hwtracing/coresight/coresight-core.c >>> @@ -825,8 +825,10 @@ static int _coresight_build_path(struct >>> coresight_device *csdev, >>> return ret; >>> node = kzalloc_obj(struct coresight_node); >>> - if (!node) >>> + if (!node) { >>> + coresight_drop_device(csdev); >>> return -ENOMEM; >>> + } >>> node->csdev = csdev; >>> list_add(&node->link, &path->path_list); >>> @@ -851,7 +853,7 @@ struct coresight_path >>> *coresight_build_path(struct coresight_device *source, >>> rc = _coresight_build_path(source, source, sink, path); >>> if (rc) { >>> - kfree(path); >>> + coresight_release_path(path); >>> return ERR_PTR(rc); >>> } >>> >>> --- >>> base-commit: e98d21c170b01ddef366f023bbfcf6b31509fa83 >>> change-id: 20260513-fix-memory-leak-issue-034b4a45265e >>> >>> Best regards, >> >> Looks good to me, but sashiko is complaining: https://sashiko.dev/#/ >> patchset/20260513-fix-memory-leak-issue- >> v1-1-49822d7bc7d4%40oss.qualcomm.com >> >> I'm trying to understand why it's saying that, but I think the >> scenario is that if there are multiple correct paths to a sink, when >> one path partially fails and a second path succeeds you could get a >> path_list with some garbage entries in it. > > I think the coresight_release_path is added to address this situation. > We suffered the path partially failure, and we need release all nodes > already added to the path. > It wouldn't call coresight_release_path() in this case though. If one path ends up building to success but a parallel path partially failed then _coresight_build_path() still returns success. During the search it would have still added the nodes from the partially failed path to the path_list. This is only an issue if there are multiple correct paths. >> >> That's kind of a different and existing issue to the one you've fixed, >> and assumes that multiple paths to one sink are possible, which I'm >> not sure is supported? > > Each path is unique. We only deal with the issue path for balancing the > reference count. > > Thanks, > Jie > I'm not exactly sure what you mean by unique, but the same source and sink could potentially be connected through two different sets of links. >> >> It might be as easy as breaking the loop early for any return value >> other than -ENODEV, but I'll leave it to you to decide whether to do >> that here or not. >> >> Reviewed-by: James Clark <james.clark(a)linaro.org> >> >

2 days, 1 hour

Re: [PATCH] coresight: fix resource leaks on path build failure

by James Clark

On 13/05/2026 2:32 am, Jie Gan wrote: > Two related leaks when _coresight_build_path() encounters an error after > coresight_grab_device() has already incremented the pm_runtime, module, > and device references for a node: > > 1. In _coresight_build_path(), if kzalloc_obj() for the path node fails > after coresight_grab_device() succeeds, coresight_drop_device() was > never called, permanently leaking all three references. > > 2. In coresight_build_path(), on failure the partial path was freed with > kfree(path) instead of coresight_release_path(path). kfree() only > frees the coresight_path struct itself; it does not iterate path_list > to call coresight_drop_device() and kfree() for each coresight_node > already added by deeper recursive calls, leaking both the pm_runtime, > module, and device references and the node memory for every element > on the partial path. > > Fix both by adding coresight_drop_device() in the OOM unwind of > _coresight_build_path(), and replacing kfree(path) with > coresight_release_path(path) in coresight_build_path(). > > Fixes: 32b0707a4182 ("coresight: Add try_get_module() in coresight_grab_device()") > Fixes: b3e94405941e ("coresight: associating path with session rather than tracer") > Signed-off-by: Jie Gan <jie.gan(a)oss.qualcomm.com> > --- > drivers/hwtracing/coresight/coresight-core.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/hwtracing/coresight/coresight-core.c b/drivers/hwtracing/coresight/coresight-core.c > index 46f247f73cf6..c1354ea8e11d 100644 > --- a/drivers/hwtracing/coresight/coresight-core.c > +++ b/drivers/hwtracing/coresight/coresight-core.c > @@ -825,8 +825,10 @@ static int _coresight_build_path(struct coresight_device *csdev, > return ret; > > node = kzalloc_obj(struct coresight_node); > - if (!node) > + if (!node) { > + coresight_drop_device(csdev); > return -ENOMEM; > + } > > node->csdev = csdev; > list_add(&node->link, &path->path_list); > @@ -851,7 +853,7 @@ struct coresight_path *coresight_build_path(struct coresight_device *source, > > rc = _coresight_build_path(source, source, sink, path); > if (rc) { > - kfree(path); > + coresight_release_path(path); > return ERR_PTR(rc); > } > > > --- > base-commit: e98d21c170b01ddef366f023bbfcf6b31509fa83 > change-id: 20260513-fix-memory-leak-issue-034b4a45265e > > Best regards, Looks good to me, but sashiko is complaining: https://sashiko.dev/#/patchset/20260513-fix-memory-leak-issue-v1-1-49822d7b… I'm trying to understand why it's saying that, but I think the scenario is that if there are multiple correct paths to a sink, when one path partially fails and a second path succeeds you could get a path_list with some garbage entries in it. That's kind of a different and existing issue to the one you've fixed, and assumes that multiple paths to one sink are possible, which I'm not sure is supported? It might be as easy as breaking the loop early for any return value other than -ENODEV, but I'll leave it to you to decide whether to do that here or not. Reviewed-by: James Clark <james.clark(a)linaro.org>

2 days, 21 hours

Re: [PATCH] coresight: platform: defer connection counter increment until alloc succeeds

by James Clark

On 11/05/2026 5:19 am, Jie Gan wrote: > coresight_add_out_conn() increments nr_outconns before calling > devm_krealloc_array() and again before devm_kmalloc(). If either > allocation fails, the counter is already bumped while the corresponding > array entry is NULL or uninitialized garbage. > > coresight_add_in_conn() has the same problem with nr_inconns and > devm_krealloc_array(). > > In both cases the probe returns -ENOMEM, which causes > coresight_get_platform_data() to call coresight_release_platform_data() > for cleanup. That function iterates up to nr_outconns (or nr_inconns) > entries and dereferences each pointer unconditionally, hitting the NULL > or garbage entry and panicking instead of failing gracefully. > > Fix by moving the counter increments to after all allocations succeed, > so the struct is always consistent on any error path. > > Fixes: 3d4ff657e454 ("coresight: Dynamically add connections") > Fixes: e3f4e68797a9 ("coresight: Store in-connections as well as out-connections") > Signed-off-by: Jie Gan <jie.gan(a)oss.qualcomm.com> Reviewed-by: James Clark <james.clark(a)linaro.org> > --- > drivers/hwtracing/coresight/coresight-platform.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git a/drivers/hwtracing/coresight/coresight-platform.c b/drivers/hwtracing/coresight/coresight-platform.c > index e337b6e2bf32..93c2d075cad6 100644 > --- a/drivers/hwtracing/coresight/coresight-platform.c > +++ b/drivers/hwtracing/coresight/coresight-platform.c > @@ -45,9 +45,8 @@ coresight_add_out_conn(struct device *dev, > } > } > > - pdata->nr_outconns++; > pdata->out_conns = > - devm_krealloc_array(dev, pdata->out_conns, pdata->nr_outconns, > + devm_krealloc_array(dev, pdata->out_conns, pdata->nr_outconns + 1, > sizeof(*pdata->out_conns), GFP_KERNEL); > if (!pdata->out_conns) > return ERR_PTR(-ENOMEM); > @@ -63,7 +62,8 @@ coresight_add_out_conn(struct device *dev, > * used right away. > */ > *conn = *new_conn; > - pdata->out_conns[pdata->nr_outconns - 1] = conn; > + pdata->out_conns[pdata->nr_outconns] = conn; > + pdata->nr_outconns++; > return conn; > } > EXPORT_SYMBOL_GPL(coresight_add_out_conn); > @@ -86,13 +86,13 @@ int coresight_add_in_conn(struct coresight_connection *out_conn) > return 0; > } > > - pdata->nr_inconns++; > pdata->in_conns = > - devm_krealloc_array(dev, pdata->in_conns, pdata->nr_inconns, > + devm_krealloc_array(dev, pdata->in_conns, pdata->nr_inconns + 1, > sizeof(*pdata->in_conns), GFP_KERNEL); > if (!pdata->in_conns) > return -ENOMEM; > - pdata->in_conns[pdata->nr_inconns - 1] = out_conn; > + pdata->in_conns[pdata->nr_inconns] = out_conn; > + pdata->nr_inconns++; > return 0; > } > EXPORT_SYMBOL_GPL(coresight_add_in_conn); > > --- > base-commit: e98d21c170b01ddef366f023bbfcf6b31509fa83 > change-id: 20260511-fix-ref-count-issue-7c44ce39700f > > Best regards,

2 days, 22 hours

Re: [PATCH] coresight: drop lookup reference in coresight_get_sink_by_id()

by Suzuki K Poulose

On 19/05/2026 09:43, Ma Ke wrote: > bus_find_device() returns a device with its reference count > incremented. coresight_get_sink_by_id() only uses the returned device > to find the matching CoreSight sink by id and does not need to > transfer this lookup reference to its callers. > > Keeping the reference forces callers such as etm_setup_aux() to know > about the internal lookup implementation and to drop the reference > themselves. This is error-prone and led to a leaked reference when a > user-selected sink is used for perf AUX tracing. > > Drop the reference inside coresight_get_sink_by_id() after converting > the device to the corresponding coresight_device. The CoreSight path > code takes device references it needs when building/using the path. > > Found by code review. Thanks for the report. But.. > > Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> > Cc: stable(a)vger.kernel.org > Fixes: 226443925887 ("coresight: Use event attributes for sink selection") I would rather drop the reference in the etm_setup_aux, to make sure we are still dealing with a valid device, that has not been removed under our feet. Suzuki > --- > drivers/hwtracing/coresight/coresight-core.c | 15 ++++++++++++++- > 1 file changed, 14 insertions(+), 1 deletion(-) > > diff --git a/drivers/hwtracing/coresight/coresight-core.c b/drivers/hwtracing/coresight/coresight-core.c > index 46f247f73cf6..2cca4ed83e2c 100644 > --- a/drivers/hwtracing/coresight/coresight-core.c > +++ b/drivers/hwtracing/coresight/coresight-core.c > @@ -624,11 +624,24 @@ static int coresight_sink_by_id(struct device *dev, const void *data) > struct coresight_device *coresight_get_sink_by_id(u32 id) > { > struct device *dev = NULL; > + struct coresight_device *csdev; > > dev = bus_find_device(&coresight_bustype, NULL, &id, > coresight_sink_by_id); > + if (!dev) > + return NULL; > + > + csdev = to_coresight_device(dev); > + > + /* > + * bus_find_device() returns a device with its reference count > + * incremented. coresight_get_sink_by_id() only performs a lookup; > + * the CoreSight path code takes the references it needs when the > + * path is built, so drop the lookup reference here. > + */ > + put_device(dev); > > - return dev ? to_coresight_device(dev) : NULL; > + return csdev; > } > > /**

3 days, 1 hour

[PATCH v14 00/28] CoreSight: Refactor power management for CoreSight path

by Leo Yan

This series focuses on CoreSight path power management. The changes can be divided into four parts for review: Patches 01 - 10: Preparison for CPU PM: Fix source disabling on idr_alloc failure. Fix helper enable failure handling. Refactor CPU ID stored in csdev. Move CPU lock to sysfs layer. Move per-CPU source pointer from etm-perf to core layer. Refactor etm-perf to retrieve source via per-CPU's event data for lockless and get source reference during AUX setup. Patches 11 - 13: Refactor CPU idle flow managed in the CoreSight core layer. Patches 14 - 23: Refactor path enable / disable with range, control path during CPU idle. Patches 24 - 25: Support the sink (TRBE) control during CPU idle. Patches 26 - 28: Move CPU hotplug into the core layer, and fix sysfs mode for hotplug. This series is rebased on the coresight-next branch and has been verified on Juno-r2 (ETM + ETR) and FVP RevC (ETE + TRBE). Built successfully for armv7 (ARCH=arm). --- Changes in v14: - Fixed percpu_pm_failed write with per_cpu(percpu_pm_faile, cpu). - Link to v13: https://lore.kernel.org/r/20260515-arm_coresight_path_power_management_impr… Changes in v13: - Cleared percpu_pm_failed flag when source is unregistered (Suzuki). - Rebased on latest coresight-next. - Link to v12: https://lore.kernel.org/r/20260511-arm_coresight_path_power_management_impr… Changes in v12: - Added comments on coresight_{get|put)_percpu_source_ref (Suzuki). - Refined failure handling in path enable (Suzuki). - Added coresight_is_software_source() helper (Suzuki). - Reordered taking ref on csdev and its parent in patch 07. - Define the enum mode with bit flags. - Minor improvements on commit logs. - Rebased on lastest coresight-next. - Link to v11: https://lore.kernel.org/r/20260501-arm_coresight_path_power_management_impr… Changes in v11: - Moved per-CPU source pointer from etm-perf to core (Suzuki). - Added grabbing/ungrabbing csdev for device reference (Suzuki). - Minor refine for error handling and logs in CPU PM (James). - Refactored etm-perf with fetching path/source from event data (Suzuki). - Fixed Helper error handling (sashiko). - Added Jie's test tag (thanks!). - Minor improvement for comments and commit logs. - Link to v10: https://lore.kernel.org/r/20260405-arm_coresight_path_power_management_impr… Changes in v10: - Removed redundant checks in ETMv4 PM callbacks (sashiko). - Added a new const structure etm4_cs_pm_ops (sashiko). - Used fine-grained spinlock on sysfs_active_config (sashiko). - Blocked notification after failures in save / restore to avoid lockups. - Changed Change CPUHP_AP_ARM_CORESIGHT_STARTING to CPUHP_AP_ARM_CORESIGHT_ONLINE so that the CPU hotplug callback runs in the thread context (sashiko). - Link to v9: https://lore.kernel.org/r/20260401-arm_coresight_path_power_management_impr… Signed-off-by: Leo Yan <leo.yan(a)arm.com> --- Jie Gan (1): coresight: Fix source not disabled on idr_alloc_u32 failure Leo Yan (26): coresight: Handle helper enable failure properly coresight: Extract device init into coresight_init_device() coresight: Populate CPU ID into coresight_device coresight: Remove .cpu_id() callback from source ops coresight: Take hotplug lock in enable_source_store() for Sysfs mode coresight: perf: Retrieve path and source from event data coresight: Take a reference on csdev coresight: Move per-CPU source pointer to core layer coresight: Take per-CPU source reference during AUX setup coresight: Register CPU PM notifier in core layer coresight: etm4x: Hook CPU PM callbacks coresight: etm4x: Remove redundant checks in PM save and restore coresight: syscfg: Use IRQ-safe spinlock to protect active variables coresight: Disable source helpers in coresight_disable_path() coresight: Control path with range coresight: Use helpers to fetch first and last nodes coresight: Introduce coresight_enable_source() helper coresight: Save active path for system tracers coresight: etm4x: Set active path on target CPU coresight: etm3x: Set active path on target CPU coresight: sysfs: Use source's path pointer for path control coresight: Control path during CPU idle coresight: Add PM callbacks for sink device coresight: sysfs: Increment refcount only for software source coresight: Move CPU hotplug callbacks to core layer coresight: sysfs: Validate CPU online status for per-CPU sources Yabin Cui (1): coresight: trbe: Save and restore state across CPU low power state drivers/hwtracing/coresight/coresight-catu.c | 2 +- drivers/hwtracing/coresight/coresight-core.c | 551 +++++++++++++++++++-- drivers/hwtracing/coresight/coresight-cti-core.c | 9 +- drivers/hwtracing/coresight/coresight-etm-perf.c | 288 ++++++----- drivers/hwtracing/coresight/coresight-etm3x-core.c | 73 +-- drivers/hwtracing/coresight/coresight-etm4x-core.c | 166 ++----- drivers/hwtracing/coresight/coresight-priv.h | 6 + drivers/hwtracing/coresight/coresight-syscfg.c | 38 +- drivers/hwtracing/coresight/coresight-syscfg.h | 2 + drivers/hwtracing/coresight/coresight-sysfs.c | 131 ++--- drivers/hwtracing/coresight/coresight-trbe.c | 61 ++- include/linux/coresight.h | 27 +- include/linux/cpuhotplug.h | 2 +- 13 files changed, 874 insertions(+), 482 deletions(-) --- base-commit: f4526ffee6ff9f5845b430957417149eded74bf3 change-id: 20251104-arm_coresight_path_power_management_improvement-dab4966f8280 Best regards, -- Leo Yan <leo.yan(a)arm.com>

3 days, 19 hours

[PATCH v13 00/28] CoreSight: Refactor power management for CoreSight path

by Leo Yan

This series focuses on CoreSight path power management. The changes can be divided into four parts for review: Patches 01 - 10: Preparison for CPU PM: Fix source disabling on idr_alloc failure. Fix helper enable failure handling. Refactor CPU ID stored in csdev. Move CPU lock to sysfs layer. Move per-CPU source pointer from etm-perf to core layer. Refactor etm-perf to retrieve source via per-CPU's event data for lockless and get source reference during AUX setup. Patches 11 - 13: Refactor CPU idle flow managed in the CoreSight core layer. Patches 14 - 23: Refactor path enable / disable with range, control path during CPU idle. Patches 24 - 25: Support the sink (TRBE) control during CPU idle. Patches 26 - 28: Move CPU hotplug into the core layer, and fix sysfs mode for hotplug. This series is rebased on the coresight-next branch and has been verified on Juno-r2 (ETM + ETR) and FVP RevC (ETE + TRBE). Built successfully for armv7 (ARCH=arm). --- Changes in v13: - Cleared percpu_pm_failed flag when source is unregistered (Suzuki). - Rebased on lastest coresight-next. - Link to v12: https://lore.kernel.org/r/20260511-arm_coresight_path_power_management_impr… Changes in v12: - Added comments on coresight_{get|put)_percpu_source_ref (Suzuki). - Refined failure handling in path enable (Suzuki). - Added coresight_is_software_source() helper (Suzuki). - Reordered taking ref on csdev and its parent in patch 07. - Define the enum mode with bit flags. - Minor improvements on commit logs. - Rebased on lastest coresight-next. - Link to v11: https://lore.kernel.org/r/20260501-arm_coresight_path_power_management_impr… Changes in v11: - Moved per-CPU source pointer from etm-perf to core (Suzuki). - Added grabbing/ungrabbing csdev for device reference (Suzuki). - Minor refine for error handling and logs in CPU PM (James). - Refactored etm-perf with fetching path/source from event data (Suzuki). - Fixed Helper error handling (sashiko). - Added Jie's test tag (thanks!). - Minor improvement for comments and commit logs. - Link to v10: https://lore.kernel.org/r/20260405-arm_coresight_path_power_management_impr… Changes in v10: - Removed redundant checks in ETMv4 PM callbacks (sashiko). - Added a new const structure etm4_cs_pm_ops (sashiko). - Used fine-grained spinlock on sysfs_active_config (sashiko). - Blocked notification after failures in save / restore to avoid lockups. - Changed Change CPUHP_AP_ARM_CORESIGHT_STARTING to CPUHP_AP_ARM_CORESIGHT_ONLINE so that the CPU hotplug callback runs in the thread context (sashiko). - Link to v9: https://lore.kernel.org/r/20260401-arm_coresight_path_power_management_impr… Signed-off-by: Leo Yan <leo.yan(a)arm.com> --- Jie Gan (1): coresight: Fix source not disabled on idr_alloc_u32 failure Leo Yan (26): coresight: Handle helper enable failure properly coresight: Extract device init into coresight_init_device() coresight: Populate CPU ID into coresight_device coresight: Remove .cpu_id() callback from source ops coresight: Take hotplug lock in enable_source_store() for Sysfs mode coresight: perf: Retrieve path and source from event data coresight: Take a reference on csdev coresight: Move per-CPU source pointer to core layer coresight: Take per-CPU source reference during AUX setup coresight: Register CPU PM notifier in core layer coresight: etm4x: Hook CPU PM callbacks coresight: etm4x: Remove redundant checks in PM save and restore coresight: syscfg: Use IRQ-safe spinlock to protect active variables coresight: Disable source helpers in coresight_disable_path() coresight: Control path with range coresight: Use helpers to fetch first and last nodes coresight: Introduce coresight_enable_source() helper coresight: Save active path for system tracers coresight: etm4x: Set active path on target CPU coresight: etm3x: Set active path on target CPU coresight: sysfs: Use source's path pointer for path control coresight: Control path during CPU idle coresight: Add PM callbacks for sink device coresight: sysfs: Increment refcount only for software source coresight: Move CPU hotplug callbacks to core layer coresight: sysfs: Validate CPU online status for per-CPU sources Yabin Cui (1): coresight: trbe: Save and restore state across CPU low power state drivers/hwtracing/coresight/coresight-catu.c | 2 +- drivers/hwtracing/coresight/coresight-core.c | 551 +++++++++++++++++++-- drivers/hwtracing/coresight/coresight-cti-core.c | 9 +- drivers/hwtracing/coresight/coresight-etm-perf.c | 288 ++++++----- drivers/hwtracing/coresight/coresight-etm3x-core.c | 73 +-- drivers/hwtracing/coresight/coresight-etm4x-core.c | 166 ++----- drivers/hwtracing/coresight/coresight-priv.h | 6 + drivers/hwtracing/coresight/coresight-syscfg.c | 38 +- drivers/hwtracing/coresight/coresight-syscfg.h | 2 + drivers/hwtracing/coresight/coresight-sysfs.c | 131 ++--- drivers/hwtracing/coresight/coresight-trbe.c | 61 ++- include/linux/coresight.h | 27 +- include/linux/cpuhotplug.h | 2 +- 13 files changed, 874 insertions(+), 482 deletions(-) --- base-commit: f4526ffee6ff9f5845b430957417149eded74bf3 change-id: 20251104-arm_coresight_path_power_management_improvement-dab4966f8280 Best regards, -- Leo Yan <leo.yan(a)arm.com>

6 days, 15 hours

[PATCH v12 00/28] CoreSight: Refactor power management for CoreSight path

by Leo Yan

This series focuses on CoreSight path power management. The changes can be divided into four parts for review: Patches 01 - 10: Preparison for CPU PM: Fix source disabling on idr_alloc failure. Fix helper enable failure handling. Refactor CPU ID stored in csdev. Move CPU lock to sysfs layer. Move per-CPU source pointer from etm-perf to core layer. Refactor etm-perf to retrieve source via per-CPU's event data for lockless and get source reference during AUX setup. Patches 11 - 13: Refactor CPU idle flow managed in the CoreSight core layer. Patches 14 - 23: Refactor path enable / disable with range, control path during CPU idle. Patches 24 - 25: Support the sink (TRBE) control during CPU idle. Patches 26 - 28: Move CPU hotplug into the core layer, and fix sysfs mode for hotplug. This series is rebased on the coresight-next branch and has been verified on Juno-r2 (ETM + ETR) and FVP RevC (ETE + TRBE). Built successfully for armv7 (ARCH=arm). --- Changes in v12: - Added comments on coresight_{get|put)_percpu_source_ref (Suzuki). - Refined failure handling in path enable (Suzuki). - Added coresight_is_software_source() helper (Suzuki). - Reordered taking ref on csdev and its parent in patch 07. - Define the enum mode with bit flags. - Minor improvements on commit logs. - Rebased on lastest coresight-next. - Link to v11: https://lore.kernel.org/r/20260501-arm_coresight_path_power_management_impr… Changes in v11: - Moved per-CPU source pointer from etm-perf to core (Suzuki). - Added grabbing/ungrabbing csdev for device reference (Suzuki). - Minor refine for error handling and logs in CPU PM (James). - Refactored etm-perf with fetching path/source from event data (Suzuki). - Fixed Helper error handling (sashiko). - Added Jie's test tag (thanks!). - Minor improvement for comments and commit logs. - Link to v10: https://lore.kernel.org/r/20260405-arm_coresight_path_power_management_impr… Changes in v10: - Removed redundant checks in ETMv4 PM callbacks (sashiko). - Added a new const structure etm4_cs_pm_ops (sashiko). - Used fine-grained spinlock on sysfs_active_config (sashiko). - Blocked notification after failures in save / restore to avoid lockups. - Changed Change CPUHP_AP_ARM_CORESIGHT_STARTING to CPUHP_AP_ARM_CORESIGHT_ONLINE so that the CPU hotplug callback runs in the thread context (sashiko). - Link to v9: https://lore.kernel.org/r/20260401-arm_coresight_path_power_management_impr… Signed-off-by: Leo Yan <leo.yan(a)arm.com> --- Jie Gan (1): coresight: Fix source not disabled on idr_alloc_u32 failure Leo Yan (26): coresight: Handle helper enable failure properly coresight: Extract device init into coresight_init_device() coresight: Populate CPU ID into coresight_device coresight: Remove .cpu_id() callback from source ops coresight: Take hotplug lock in enable_source_store() for Sysfs mode coresight: perf: Retrieve path and source from event data coresight: Take a reference on csdev coresight: Move per-CPU source pointer to core layer coresight: Take per-CPU source reference during AUX setup coresight: Register CPU PM notifier in core layer coresight: etm4x: Hook CPU PM callbacks coresight: etm4x: Remove redundant checks in PM save and restore coresight: syscfg: Use IRQ-safe spinlock to protect active variables coresight: Disable source helpers in coresight_disable_path() coresight: Control path with range coresight: Use helpers to fetch first and last nodes coresight: Introduce coresight_enable_source() helper coresight: Save active path for system tracers coresight: etm4x: Set active path on target CPU coresight: etm3x: Set active path on target CPU coresight: sysfs: Use source's path pointer for path control coresight: Control path during CPU idle coresight: Add PM callbacks for sink device coresight: sysfs: Increment refcount only for software source coresight: Move CPU hotplug callbacks to core layer coresight: sysfs: Validate CPU online status for per-CPU sources Yabin Cui (1): coresight: trbe: Save and restore state across CPU low power state drivers/hwtracing/coresight/coresight-catu.c | 2 +- drivers/hwtracing/coresight/coresight-core.c | 548 ++++++++++++++++++--- drivers/hwtracing/coresight/coresight-cti-core.c | 9 +- drivers/hwtracing/coresight/coresight-etm-perf.c | 285 ++++++----- drivers/hwtracing/coresight/coresight-etm3x-core.c | 73 +-- drivers/hwtracing/coresight/coresight-etm4x-core.c | 166 ++----- drivers/hwtracing/coresight/coresight-priv.h | 6 + drivers/hwtracing/coresight/coresight-syscfg.c | 38 +- drivers/hwtracing/coresight/coresight-syscfg.h | 2 + drivers/hwtracing/coresight/coresight-sysfs.c | 131 ++--- drivers/hwtracing/coresight/coresight-trbe.c | 61 ++- include/linux/coresight.h | 27 +- include/linux/cpuhotplug.h | 2 +- 13 files changed, 870 insertions(+), 480 deletions(-) --- base-commit: 0ec0a8785d21f63db520bd9d2a67c55e855d36a8 change-id: 20251104-arm_coresight_path_power_management_improvement-dab4966f8280 Best regards, -- Leo Yan <leo.yan(a)arm.com>

6 days, 19 hours

Re: [PATCH v6 02/13] coresight: etm4x: fix underflow for nrseqstate

by Leo Yan

On Fri, May 15, 2026 at 12:10:45PM +0100, Yeoreum Yun wrote: [...] > TBH, the number of transition is determinied by the MAX number of > SEQ_STATE that's why I think define the ETM_MAX_SEQ_TRANSITIONS with > > #define ETM_MAX_SEQ_TRANSITIONS (ETM_MAX_SEQ_STATE - 1) > > and uses ETM_MAX_SEQ_TRANSITIONS for the TCRSEQEVR and seq_ctrl. > > Thought? Looks good to me.

6 days, 21 hours

Re: [PATCH v6 04/13] coresight: etm4x: exclude ss_status from drvdata->config

by Leo Yan

On Sat, May 09, 2026 at 12:55:19PM +0100, Yeoreum Yun wrote: > > > caps->nr_ss_cmp = FIELD_GET(TRCIDR4_NUMSSCC_MASK, etmidr4); > > > for (i = 0; i < caps->nr_ss_cmp; i++) { > > > - drvdata->config.ss_status[i] = > > > - etm4x_relaxed_read32(csa, TRCSSCSRn(i)); > > > + drvdata->ss_status[i] = etm4x_relaxed_read32(csa, TRCSSCSRn(i)); > > > + drvdata->ss_status[i] &= (TRCSSCSRn_PC | TRCSSCSRn_DV | > > > + TRCSSCSRn_DA | TRCSSCSRn_INST); > > > > It is fine for read these capacity bits when probe, but we need to clear > > status when a session is starting to avoid the stale value left from > > previous session: > > > > drvdata->ss_status[idx] &= ~(TRCSSCSRn_STATUS | TRCSSCSRn_PENDING); > But, I want to clarify that the perf is one of exceptional case > since the "etm4_parse_event_config()" is called at the "resume" of session > for per-thread mode event. Good point! The right way would move etm4_parse_event_config() to setup AUX phase (e.g., call it when build path). > Anyway as we discussed, since now there have been no issue > relavant for those bits, let the clear drvdata->ss_status at the > etm4_parse_event_config(). I am fine to clear status in etm4_parse_event_config() in this series. Thanks, Leo

1 week

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

CoreSight