arch/arm64/boot/dts/qcom/qcs615.dtsi | 1 + 1 file changed, 1 insertion(+)
An infinite loop has been created by the Coresight devices. When only a
source device is enabled, the coresight_find_activated_sysfs_sink function
is recursively invoked in an attempt to locate an active sink device,
ultimately leading to a stack overflow and system crash. Therefore, disable
the replicator1 to break the infinite loop and prevent a potential stack
overflow.
replicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out
| |
replicator1_in replicator_swao_in
| |
replicator0_out1 replicator_swao_out0
| |
replicator0_in funnel_in1_in3
| |
tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out
[call trace]
dump_backtrace+0x9c/0x128
show_stack+0x20/0x38
dump_stack_lvl+0x48/0x60
dump_stack+0x18/0x28
panic+0x340/0x3b0
nmi_panic+0x94/0xa0
panic_bad_stack+0x114/0x138
handle_bad_stack+0x34/0xb8
__bad_stack+0x78/0x80
coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]
coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
...
coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
coresight_enable_sysfs+0x80/0x2a0 [coresight]
side effect after the change:
Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.
Fixes: bf469630552a ("arm64: dts: qcom: qcs615: Add coresight nodes")
Signed-off-by: Jie Gan <jie.gan@oss.qualcomm.com>
---
arch/arm64/boot/dts/qcom/qcs615.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/boot/dts/qcom/qcs615.dtsi b/arch/arm64/boot/dts/qcom/qcs615.dtsi
index f08ba09772f3..b67c1f8a1118 100644
--- a/arch/arm64/boot/dts/qcom/qcs615.dtsi
+++ b/arch/arm64/boot/dts/qcom/qcs615.dtsi
@@ -1902,6 +1902,7 @@ replicator@604a000 {
clocks = <&aoss_qmp>;
clock-names = "apb_pclk";
+ status = "disabled";
in-ports {
port {
--
2.34.1
On Thu, 22 May 2025 08:50:16 +0800, Jie Gan wrote:
> An infinite loop has been created by the Coresight devices. When only a
> source device is enabled, the coresight_find_activated_sysfs_sink function
> is recursively invoked in an attempt to locate an active sink device,
> ultimately leading to a stack overflow and system crash. Therefore, disable
> the replicator1 to break the infinite loop and prevent a potential stack
> overflow.
>
> [...]
Applied, thanks!
[1/1] arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight
commit: bd4f35786d5f0798cc1f8c187a81a7c998e6c58f
Best regards,
--
Bjorn Andersson <andersson@kernel.org>
On 22/05/2025 01:50, Jie Gan wrote:
> An infinite loop has been created by the Coresight devices. When only a
> source device is enabled, the coresight_find_activated_sysfs_sink function
> is recursively invoked in an attempt to locate an active sink device,
> ultimately leading to a stack overflow and system crash. Therefore, disable
> the replicator1 to break the infinite loop and prevent a potential stack
> overflow.
>
> replicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out
> | |
> replicator1_in replicator_swao_in
> | |
> replicator0_out1 replicator_swao_out0
> | |
> replicator0_in funnel_in1_in3
> | |
> tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out
>
> [call trace]
> dump_backtrace+0x9c/0x128
> show_stack+0x20/0x38
> dump_stack_lvl+0x48/0x60
> dump_stack+0x18/0x28
> panic+0x340/0x3b0
> nmi_panic+0x94/0xa0
> panic_bad_stack+0x114/0x138
> handle_bad_stack+0x34/0xb8
> __bad_stack+0x78/0x80
> coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> ...
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_enable_sysfs+0x80/0x2a0 [coresight]
>
> side effect after the change:
> Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.
>
> Fixes: bf469630552a ("arm64: dts: qcom: qcs615: Add coresight nodes")
> Signed-off-by: Jie Gan <jie.gan@oss.qualcomm.com>
It is not easy to fix this in CoreSight driver. Given this is a platform
specific issue, lets fix this in the DT. I will explore the option of
fixing this in the driver.
Acked-by: Suzuki K Poulose <suzuki.poulose@arm.com>
On 5/22/25 2:50 AM, Jie Gan wrote:
> An infinite loop has been created by the Coresight devices. When only a
> source device is enabled, the coresight_find_activated_sysfs_sink function
> is recursively invoked in an attempt to locate an active sink device,
> ultimately leading to a stack overflow and system crash. Therefore, disable
> the replicator1 to break the infinite loop and prevent a potential stack
> overflow.
Is it something we can fix the driver not to do instead?
Konrad
>
> replicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out
> | |
> replicator1_in replicator_swao_in
> | |
> replicator0_out1 replicator_swao_out0
> | |
> replicator0_in funnel_in1_in3
> | |
> tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out
>
> [call trace]
> dump_backtrace+0x9c/0x128
> show_stack+0x20/0x38
> dump_stack_lvl+0x48/0x60
> dump_stack+0x18/0x28
> panic+0x340/0x3b0
> nmi_panic+0x94/0xa0
> panic_bad_stack+0x114/0x138
> handle_bad_stack+0x34/0xb8
> __bad_stack+0x78/0x80
> coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> ...
> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> coresight_enable_sysfs+0x80/0x2a0 [coresight]
>
> side effect after the change:
> Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.
>
> Fixes: bf469630552a ("arm64: dts: qcom: qcs615: Add coresight nodes")
> Signed-off-by: Jie Gan <jie.gan@oss.qualcomm.com>
> ---
> arch/arm64/boot/dts/qcom/qcs615.dtsi | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/arm64/boot/dts/qcom/qcs615.dtsi b/arch/arm64/boot/dts/qcom/qcs615.dtsi
> index f08ba09772f3..b67c1f8a1118 100644
> --- a/arch/arm64/boot/dts/qcom/qcs615.dtsi
> +++ b/arch/arm64/boot/dts/qcom/qcs615.dtsi
> @@ -1902,6 +1902,7 @@ replicator@604a000 {
>
> clocks = <&aoss_qmp>;
> clock-names = "apb_pclk";
> + status = "disabled";
>
> in-ports {
> port {
On 5/22/2025 11:06 PM, Konrad Dybcio wrote:
> On 5/22/25 2:50 AM, Jie Gan wrote:
>> An infinite loop has been created by the Coresight devices. When only a
>> source device is enabled, the coresight_find_activated_sysfs_sink function
>> is recursively invoked in an attempt to locate an active sink device,
>> ultimately leading to a stack overflow and system crash. Therefore, disable
>> the replicator1 to break the infinite loop and prevent a potential stack
>> overflow.
>
> Is it something we can fix the driver not to do instead?
>
As Suzuki mentioned in other mail thread, it is very difficult to
observe the scenario that there is a loop in the path by current driver.
I tried fix the issue in driver before send this DT fix patch.
I will continue to seek an option of fixing in driver.
Thanks,
Jie
> Konrad
>
>>
>> replicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out
>> | |
>> replicator1_in replicator_swao_in
>> | |
>> replicator0_out1 replicator_swao_out0
>> | |
>> replicator0_in funnel_in1_in3
>> | |
>> tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out
>>
>> [call trace]
>> dump_backtrace+0x9c/0x128
>> show_stack+0x20/0x38
>> dump_stack_lvl+0x48/0x60
>> dump_stack+0x18/0x28
>> panic+0x340/0x3b0
>> nmi_panic+0x94/0xa0
>> panic_bad_stack+0x114/0x138
>> handle_bad_stack+0x34/0xb8
>> __bad_stack+0x78/0x80
>> coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]
>> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
>> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
>> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
>> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
>> ...
>> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
>> coresight_enable_sysfs+0x80/0x2a0 [coresight]
>>
>> side effect after the change:
>> Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.
>>
>> Fixes: bf469630552a ("arm64: dts: qcom: qcs615: Add coresight nodes")
>> Signed-off-by: Jie Gan <jie.gan@oss.qualcomm.com>
>> ---
>> arch/arm64/boot/dts/qcom/qcs615.dtsi | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/arch/arm64/boot/dts/qcom/qcs615.dtsi b/arch/arm64/boot/dts/qcom/qcs615.dtsi
>> index f08ba09772f3..b67c1f8a1118 100644
>> --- a/arch/arm64/boot/dts/qcom/qcs615.dtsi
>> +++ b/arch/arm64/boot/dts/qcom/qcs615.dtsi
>> @@ -1902,6 +1902,7 @@ replicator@604a000 {
>>
>> clocks = <&aoss_qmp>;
>> clock-names = "apb_pclk";
>> + status = "disabled";
>>
>> in-ports {
>> port {
Hi,
This is clearly a platform issue - loops as you describe are not
permitted by the CoreSight architecture specification.
We should not be trying to fix issues that are out of specification in
the drivers.
Regards
Mike
On Mon, 26 May 2025 at 01:40, Jie Gan <jie.gan@oss.qualcomm.com> wrote:
>
>
>
> On 5/22/2025 11:06 PM, Konrad Dybcio wrote:
> > On 5/22/25 2:50 AM, Jie Gan wrote:
> >> An infinite loop has been created by the Coresight devices. When only a
> >> source device is enabled, the coresight_find_activated_sysfs_sink function
> >> is recursively invoked in an attempt to locate an active sink device,
> >> ultimately leading to a stack overflow and system crash. Therefore, disable
> >> the replicator1 to break the infinite loop and prevent a potential stack
> >> overflow.
> >
> > Is it something we can fix the driver not to do instead?
> >
>
> As Suzuki mentioned in other mail thread, it is very difficult to
> observe the scenario that there is a loop in the path by current driver.
>
> I tried fix the issue in driver before send this DT fix patch.
> I will continue to seek an option of fixing in driver.
>
> Thanks,
> Jie
>
> > Konrad
> >
> >>
> >> replicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out
> >> | |
> >> replicator1_in replicator_swao_in
> >> | |
> >> replicator0_out1 replicator_swao_out0
> >> | |
> >> replicator0_in funnel_in1_in3
> >> | |
> >> tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out
> >>
> >> [call trace]
> >> dump_backtrace+0x9c/0x128
> >> show_stack+0x20/0x38
> >> dump_stack_lvl+0x48/0x60
> >> dump_stack+0x18/0x28
> >> panic+0x340/0x3b0
> >> nmi_panic+0x94/0xa0
> >> panic_bad_stack+0x114/0x138
> >> handle_bad_stack+0x34/0xb8
> >> __bad_stack+0x78/0x80
> >> coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]
> >> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> >> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> >> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> >> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> >> ...
> >> coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]
> >> coresight_enable_sysfs+0x80/0x2a0 [coresight]
> >>
> >> side effect after the change:
> >> Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.
> >>
> >> Fixes: bf469630552a ("arm64: dts: qcom: qcs615: Add coresight nodes")
> >> Signed-off-by: Jie Gan <jie.gan@oss.qualcomm.com>
> >> ---
> >> arch/arm64/boot/dts/qcom/qcs615.dtsi | 1 +
> >> 1 file changed, 1 insertion(+)
> >>
> >> diff --git a/arch/arm64/boot/dts/qcom/qcs615.dtsi b/arch/arm64/boot/dts/qcom/qcs615.dtsi
> >> index f08ba09772f3..b67c1f8a1118 100644
> >> --- a/arch/arm64/boot/dts/qcom/qcs615.dtsi
> >> +++ b/arch/arm64/boot/dts/qcom/qcs615.dtsi
> >> @@ -1902,6 +1902,7 @@ replicator@604a000 {
> >>
> >> clocks = <&aoss_qmp>;
> >> clock-names = "apb_pclk";
> >> + status = "disabled";
> >>
> >> in-ports {
> >> port {
>
--
Mike Leach
Principal Engineer, ARM Ltd.
Manchester Design Centre. UK
© 2016 - 2025 Red Hat, Inc.