From: sashiko-bot@kernel.org
To: "Leo Yan" <leo.yan@arm.com>
Cc: linux-perf-users@vger.kernel.org
Subject: Re: [PATCH v9 5/9] perf cs-etm: Use thread-stack for last branch entries
Date: Tue, 16 Jun 2026 15:13:13 +0000 [thread overview]
Message-ID: <20260616151314.5BBD11F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260616-b4-arm_cs_callchain_support_v1-v9-5-f8fad931c413@arm.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Cross-CPU state corruption when flushing shared thread stacks on local trace discontinuity
--
commit abf6f97a0108ff607c740e49b61365089d433985
Author: Leo Yan <leo.yan@arm.com>
perf cs-etm: Use thread-stack for last branch entries
CS ETM maintains its own circular array for last branch entries, with
local helpers to update, copy and reset the branch stack. This
duplicates logic already provided by the common code.
> diff --git a/tools/perf/util/cs-etm.c b/tools/perf/util/cs-etm.c
> index 6827ef8871a8f..51b05a0bc1898 100644
> --- a/tools/perf/util/cs-etm.c
> +++ b/tools/perf/util/cs-etm.c
[ ... ]
> @@ -2025,7 +1965,7 @@ static int cs_etm__flush(struct cs_etm_queue *etmq,
>
> /* Reset last branches after flush the trace */
> if (etm->synth_opts.last_branch)
> - cs_etm__reset_last_branch_rb(tidq);
> + thread_stack__flush(tidq->frontend_thread);
[Severity: High]
Can this cause cross-CPU state corruption when flushing shared thread stacks?
When cs_etm__flush() is called due to a local trace discontinuity or the end of
a block on a specific trace queue (CPU), it calls thread_stack__flush() on
the frontend_thread.
If the traced thread is shared across multiple CPUs (such as the global idle
thread pid == 0), thread_stack__flush() will iterate over ts->arr_sz and
reset the branch stacks for all CPUs associated with that thread:
tools/perf/util/thread-stack.c:thread_stack__flush() {
...
for (pos = 0; pos < ts->arr_sz; pos++) {
int ret = __thread_stack__flush(thread, ts + pos);
...
}
This replaces the previously safe localized reset for the trace queue with a
global flush. Could a localized discontinuity on CPU A silently wipe out the
active branch stack and callchain history of the shared thread executing
concurrently on CPU B?
>
> return err;
> }
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260616-b4-arm_cs_callchain_support_v1-v9-0-f8fad931c413@arm.com?part=5
next prev parent reply other threads:[~2026-06-16 15:13 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-16 14:51 [PATCH v9 0/9] perf cs-etm: Support thread stack and callchain Leo Yan
2026-06-16 14:51 ` [PATCH v9 1/9] perf cs-etm: Fix thread leaks on trace queue init failure Leo Yan
2026-06-16 14:51 ` [PATCH v9 2/9] perf cs-etm: Filter synthesized branch samples Leo Yan
2026-06-16 14:51 ` [PATCH v9 3/9] perf cs-etm: Decode ETE exception packets Leo Yan
2026-06-16 14:51 ` [PATCH v9 4/9] perf cs-etm: Refactor instruction size handling Leo Yan
2026-06-16 14:51 ` [PATCH v9 5/9] perf cs-etm: Use thread-stack for last branch entries Leo Yan
2026-06-16 15:13 ` sashiko-bot [this message]
2026-06-16 15:42 ` Leo Yan
2026-06-16 14:51 ` [PATCH v9 6/9] perf cs-etm: Flush thread stacks after decoder reset Leo Yan
2026-06-16 15:10 ` sashiko-bot
2026-06-16 14:51 ` [PATCH v9 7/9] perf cs-etm: Support call indentation Leo Yan
2026-06-16 15:08 ` sashiko-bot
2026-06-16 14:51 ` [PATCH v9 8/9] perf cs-etm: Synthesize callchains for instruction samples Leo Yan
2026-06-16 15:12 ` sashiko-bot
2026-06-16 14:51 ` [PATCH v9 9/9] perf test: Add Arm CoreSight callchain test Leo Yan
2026-06-16 15:08 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260616151314.5BBD11F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=leo.yan@arm.com \
--cc=linux-perf-users@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox