* [PATCH] arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight
@ 2025-05-22 0:50 Jie Gan
2025-05-22 15:06 ` Konrad Dybcio
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Jie Gan @ 2025-05-22 0:50 UTC (permalink / raw)
To: Bjorn Andersson, Konrad Dybcio, Rob Herring, Krzysztof Kozlowski,
Conor Dooley, Suzuki K Poulose, Mike Leach, James Clark
Cc: linux-arm-msm, devicetree, linux-kernel
An infinite loop has been created by the Coresight devices. When only a
source device is enabled, the coresight_find_activated_sysfs_sink function
is recursively invoked in an attempt to locate an active sink device,
ultimately leading to a stack overflow and system crash. Therefore, disable
the replicator1 to break the infinite loop and prevent a potential stack
overflow.
replicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out
| |
replicator1_in replicator_swao_in
| |
replicator0_out1 replicator_swao_out0
| |
replicator0_in funnel_in1_in3
| |
tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out
[call trace]
dump_backtrace+0x9c/0x128
show_stack+0x20/0x38
dump_stack_lvl+0x48/0x60
dump_stack+0x18/0x28
panic+0x340/0x3b0
nmi_panic+0x94/0xa0
panic_bad_stack+0x114/0x138
handle_bad_stack+0x34/0xb8
__bad_stack+0x78/0x80
coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]
coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
...
coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
coresight_enable_sysfs+0x80/0x2a0 [coresight]
side effect after the change:
Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.
Fixes: bf469630552a ("arm64: dts: qcom: qcs615: Add coresight nodes")
Signed-off-by: Jie Gan <jie.gan@oss.qualcomm.com>
---
arch/arm64/boot/dts/qcom/qcs615.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/boot/dts/qcom/qcs615.dtsi b/arch/arm64/boot/dts/qcom/qcs615.dtsi
index f08ba09772f3..b67c1f8a1118 100644
--- a/arch/arm64/boot/dts/qcom/qcs615.dtsi
+++ b/arch/arm64/boot/dts/qcom/qcs615.dtsi
@@ -1902,6 +1902,7 @@ replicator@604a000 {
clocks = <&aoss_qmp>;
clock-names = "apb_pclk";
+ status = "disabled";
in-ports {
port {
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight
2025-05-22 0:50 [PATCH] arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight Jie Gan
@ 2025-05-22 15:06 ` Konrad Dybcio
2025-05-26 0:40 ` Jie Gan
2025-05-22 15:54 ` Suzuki K Poulose
2025-06-18 4:09 ` Bjorn Andersson
2 siblings, 1 reply; 6+ messages in thread
From: Konrad Dybcio @ 2025-05-22 15:06 UTC (permalink / raw)
To: Jie Gan, Bjorn Andersson, Konrad Dybcio, Rob Herring,
Krzysztof Kozlowski, Conor Dooley, Suzuki K Poulose, Mike Leach,
James Clark
Cc: linux-arm-msm, devicetree, linux-kernel
On 5/22/25 2:50 AM, Jie Gan wrote:
> An infinite loop has been created by the Coresight devices. When only a
> source device is enabled, the coresight_find_activated_sysfs_sink function
> is recursively invoked in an attempt to locate an active sink device,
> ultimately leading to a stack overflow and system crash. Therefore, disable
> the replicator1 to break the infinite loop and prevent a potential stack
> overflow.
Is it something we can fix the driver not to do instead?
Konrad
>
> replicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out
> | |
> replicator1_in replicator_swao_in
> | |
> replicator0_out1 replicator_swao_out0
> | |
> replicator0_in funnel_in1_in3
> | |
> tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out
>
> [call trace]
> dump_backtrace+0x9c/0x128
> show_stack+0x20/0x38
> dump_stack_lvl+0x48/0x60
> dump_stack+0x18/0x28
> panic+0x340/0x3b0
> nmi_panic+0x94/0xa0
> panic_bad_stack+0x114/0x138
> handle_bad_stack+0x34/0xb8
> __bad_stack+0x78/0x80
> coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> ...
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_enable_sysfs+0x80/0x2a0 [coresight]
>
> side effect after the change:
> Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.
>
> Fixes: bf469630552a ("arm64: dts: qcom: qcs615: Add coresight nodes")
> Signed-off-by: Jie Gan <jie.gan@oss.qualcomm.com>
> ---
> arch/arm64/boot/dts/qcom/qcs615.dtsi | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/arm64/boot/dts/qcom/qcs615.dtsi b/arch/arm64/boot/dts/qcom/qcs615.dtsi
> index f08ba09772f3..b67c1f8a1118 100644
> --- a/arch/arm64/boot/dts/qcom/qcs615.dtsi
> +++ b/arch/arm64/boot/dts/qcom/qcs615.dtsi
> @@ -1902,6 +1902,7 @@ replicator@604a000 {
>
> clocks = <&aoss_qmp>;
> clock-names = "apb_pclk";
> + status = "disabled";
>
> in-ports {
> port {
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight
2025-05-22 0:50 [PATCH] arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight Jie Gan
2025-05-22 15:06 ` Konrad Dybcio
@ 2025-05-22 15:54 ` Suzuki K Poulose
2025-06-18 4:09 ` Bjorn Andersson
2 siblings, 0 replies; 6+ messages in thread
From: Suzuki K Poulose @ 2025-05-22 15:54 UTC (permalink / raw)
To: Jie Gan, Bjorn Andersson, Konrad Dybcio, Rob Herring,
Krzysztof Kozlowski, Conor Dooley, Mike Leach, James Clark
Cc: linux-arm-msm, devicetree, linux-kernel
On 22/05/2025 01:50, Jie Gan wrote:
> An infinite loop has been created by the Coresight devices. When only a
> source device is enabled, the coresight_find_activated_sysfs_sink function
> is recursively invoked in an attempt to locate an active sink device,
> ultimately leading to a stack overflow and system crash. Therefore, disable
> the replicator1 to break the infinite loop and prevent a potential stack
> overflow.
>
> replicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out
> | |
> replicator1_in replicator_swao_in
> | |
> replicator0_out1 replicator_swao_out0
> | |
> replicator0_in funnel_in1_in3
> | |
> tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out
>
> [call trace]
> dump_backtrace+0x9c/0x128
> show_stack+0x20/0x38
> dump_stack_lvl+0x48/0x60
> dump_stack+0x18/0x28
> panic+0x340/0x3b0
> nmi_panic+0x94/0xa0
> panic_bad_stack+0x114/0x138
> handle_bad_stack+0x34/0xb8
> __bad_stack+0x78/0x80
> coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> ...
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_enable_sysfs+0x80/0x2a0 [coresight]
>
> side effect after the change:
> Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.
>
> Fixes: bf469630552a ("arm64: dts: qcom: qcs615: Add coresight nodes")
> Signed-off-by: Jie Gan <jie.gan@oss.qualcomm.com>
It is not easy to fix this in CoreSight driver. Given this is a platform
specific issue, lets fix this in the DT. I will explore the option of
fixing this in the driver.
Acked-by: Suzuki K Poulose <suzuki.poulose@arm.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight
2025-05-22 15:06 ` Konrad Dybcio
@ 2025-05-26 0:40 ` Jie Gan
2025-05-28 13:30 ` Mike Leach
0 siblings, 1 reply; 6+ messages in thread
From: Jie Gan @ 2025-05-26 0:40 UTC (permalink / raw)
To: Konrad Dybcio, Bjorn Andersson, Konrad Dybcio, Rob Herring,
Krzysztof Kozlowski, Conor Dooley, Suzuki K Poulose, Mike Leach,
James Clark
Cc: linux-arm-msm, devicetree, linux-kernel
On 5/22/2025 11:06 PM, Konrad Dybcio wrote:
> On 5/22/25 2:50 AM, Jie Gan wrote:
>> An infinite loop has been created by the Coresight devices. When only a
>> source device is enabled, the coresight_find_activated_sysfs_sink function
>> is recursively invoked in an attempt to locate an active sink device,
>> ultimately leading to a stack overflow and system crash. Therefore, disable
>> the replicator1 to break the infinite loop and prevent a potential stack
>> overflow.
>
> Is it something we can fix the driver not to do instead?
>
As Suzuki mentioned in other mail thread, it is very difficult to
observe the scenario that there is a loop in the path by current driver.
I tried fix the issue in driver before send this DT fix patch.
I will continue to seek an option of fixing in driver.
Thanks,
Jie
> Konrad
>
>>
>> replicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out
>> | |
>> replicator1_in replicator_swao_in
>> | |
>> replicator0_out1 replicator_swao_out0
>> | |
>> replicator0_in funnel_in1_in3
>> | |
>> tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out
>>
>> [call trace]
>> dump_backtrace+0x9c/0x128
>> show_stack+0x20/0x38
>> dump_stack_lvl+0x48/0x60
>> dump_stack+0x18/0x28
>> panic+0x340/0x3b0
>> nmi_panic+0x94/0xa0
>> panic_bad_stack+0x114/0x138
>> handle_bad_stack+0x34/0xb8
>> __bad_stack+0x78/0x80
>> coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]
>> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
>> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
>> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
>> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
>> ...
>> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
>> coresight_enable_sysfs+0x80/0x2a0 [coresight]
>>
>> side effect after the change:
>> Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.
>>
>> Fixes: bf469630552a ("arm64: dts: qcom: qcs615: Add coresight nodes")
>> Signed-off-by: Jie Gan <jie.gan@oss.qualcomm.com>
>> ---
>> arch/arm64/boot/dts/qcom/qcs615.dtsi | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/arch/arm64/boot/dts/qcom/qcs615.dtsi b/arch/arm64/boot/dts/qcom/qcs615.dtsi
>> index f08ba09772f3..b67c1f8a1118 100644
>> --- a/arch/arm64/boot/dts/qcom/qcs615.dtsi
>> +++ b/arch/arm64/boot/dts/qcom/qcs615.dtsi
>> @@ -1902,6 +1902,7 @@ replicator@604a000 {
>>
>> clocks = <&aoss_qmp>;
>> clock-names = "apb_pclk";
>> + status = "disabled";
>>
>> in-ports {
>> port {
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight
2025-05-26 0:40 ` Jie Gan
@ 2025-05-28 13:30 ` Mike Leach
0 siblings, 0 replies; 6+ messages in thread
From: Mike Leach @ 2025-05-28 13:30 UTC (permalink / raw)
To: Jie Gan
Cc: Konrad Dybcio, Bjorn Andersson, Konrad Dybcio, Rob Herring,
Krzysztof Kozlowski, Conor Dooley, Suzuki K Poulose, James Clark,
linux-arm-msm, devicetree, linux-kernel
Hi,
This is clearly a platform issue - loops as you describe are not
permitted by the CoreSight architecture specification.
We should not be trying to fix issues that are out of specification in
the drivers.
Regards
Mike
On Mon, 26 May 2025 at 01:40, Jie Gan <jie.gan@oss.qualcomm.com> wrote:
>
>
>
> On 5/22/2025 11:06 PM, Konrad Dybcio wrote:
> > On 5/22/25 2:50 AM, Jie Gan wrote:
> >> An infinite loop has been created by the Coresight devices. When only a
> >> source device is enabled, the coresight_find_activated_sysfs_sink function
> >> is recursively invoked in an attempt to locate an active sink device,
> >> ultimately leading to a stack overflow and system crash. Therefore, disable
> >> the replicator1 to break the infinite loop and prevent a potential stack
> >> overflow.
> >
> > Is it something we can fix the driver not to do instead?
> >
>
> As Suzuki mentioned in other mail thread, it is very difficult to
> observe the scenario that there is a loop in the path by current driver.
>
> I tried fix the issue in driver before send this DT fix patch.
> I will continue to seek an option of fixing in driver.
>
> Thanks,
> Jie
>
> > Konrad
> >
> >>
> >> replicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out
> >> | |
> >> replicator1_in replicator_swao_in
> >> | |
> >> replicator0_out1 replicator_swao_out0
> >> | |
> >> replicator0_in funnel_in1_in3
> >> | |
> >> tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out
> >>
> >> [call trace]
> >> dump_backtrace+0x9c/0x128
> >> show_stack+0x20/0x38
> >> dump_stack_lvl+0x48/0x60
> >> dump_stack+0x18/0x28
> >> panic+0x340/0x3b0
> >> nmi_panic+0x94/0xa0
> >> panic_bad_stack+0x114/0x138
> >> handle_bad_stack+0x34/0xb8
> >> __bad_stack+0x78/0x80
> >> coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]
> >> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> >> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> >> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> >> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> >> ...
> >> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> >> coresight_enable_sysfs+0x80/0x2a0 [coresight]
> >>
> >> side effect after the change:
> >> Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.
> >>
> >> Fixes: bf469630552a ("arm64: dts: qcom: qcs615: Add coresight nodes")
> >> Signed-off-by: Jie Gan <jie.gan@oss.qualcomm.com>
> >> ---
> >> arch/arm64/boot/dts/qcom/qcs615.dtsi | 1 +
> >> 1 file changed, 1 insertion(+)
> >>
> >> diff --git a/arch/arm64/boot/dts/qcom/qcs615.dtsi b/arch/arm64/boot/dts/qcom/qcs615.dtsi
> >> index f08ba09772f3..b67c1f8a1118 100644
> >> --- a/arch/arm64/boot/dts/qcom/qcs615.dtsi
> >> +++ b/arch/arm64/boot/dts/qcom/qcs615.dtsi
> >> @@ -1902,6 +1902,7 @@ replicator@604a000 {
> >>
> >> clocks = <&aoss_qmp>;
> >> clock-names = "apb_pclk";
> >> + status = "disabled";
> >>
> >> in-ports {
> >> port {
>
--
Mike Leach
Principal Engineer, ARM Ltd.
Manchester Design Centre. UK
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight
2025-05-22 0:50 [PATCH] arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight Jie Gan
2025-05-22 15:06 ` Konrad Dybcio
2025-05-22 15:54 ` Suzuki K Poulose
@ 2025-06-18 4:09 ` Bjorn Andersson
2 siblings, 0 replies; 6+ messages in thread
From: Bjorn Andersson @ 2025-06-18 4:09 UTC (permalink / raw)
To: Konrad Dybcio, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Suzuki K Poulose, Mike Leach, James Clark, Jie Gan
Cc: linux-arm-msm, devicetree, linux-kernel
On Thu, 22 May 2025 08:50:16 +0800, Jie Gan wrote:
> An infinite loop has been created by the Coresight devices. When only a
> source device is enabled, the coresight_find_activated_sysfs_sink function
> is recursively invoked in an attempt to locate an active sink device,
> ultimately leading to a stack overflow and system crash. Therefore, disable
> the replicator1 to break the infinite loop and prevent a potential stack
> overflow.
>
> [...]
Applied, thanks!
[1/1] arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight
commit: bd4f35786d5f0798cc1f8c187a81a7c998e6c58f
Best regards,
--
Bjorn Andersson <andersson@kernel.org>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-06-18 4:09 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-22 0:50 [PATCH] arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight Jie Gan
2025-05-22 15:06 ` Konrad Dybcio
2025-05-26 0:40 ` Jie Gan
2025-05-28 13:30 ` Mike Leach
2025-05-22 15:54 ` Suzuki K Poulose
2025-06-18 4:09 ` Bjorn Andersson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).