From nobody Tue Dec 2 01:51:42 2025 Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A0299247291 for ; Fri, 21 Nov 2025 00:24:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763684653; cv=none; b=rTByuKmgKk9DPoW53R20G8uSrQI7KSQ/eFnaKHHt3668evT31bLMb/cz7VZfmZTK5QOsuZ9qizifGWvEpHwfU+bHz+Toc0JnHVtv4Hc3PhCZYEXHzYFR4Ly4r51YysxqWxrfAAUwHiFbG1LCg7RDz1YSjWMeKPthm5z18QUfYMM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763684653; c=relaxed/simple; bh=5os83zxEZ0Ozk7dsqcbWD9QpjT9uJl5uWV2HAv+1IOU=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=Xvk2Z5j2/cSnX/NsacIyeTPesOndjK/YAF/B8RlyJZzvED8bADfRsXbRR6K9l1W1PlaYUVgBBd0w2kXpknFlb6n7IuLerRtPDeOK9KsMxlINvd6GaVlJCUHP7PN89VeP7c3I9S5s4CsJLmnzDKnRlN4Fnq+eaDSQbfjc1XB7Y5s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=OQVrFko4; arc=none smtp.client-ip=209.85.214.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OQVrFko4" Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-29568d93e87so13039645ad.2 for ; Thu, 20 Nov 2025 16:24:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763684650; x=1764289450; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=kXY0DT6HIsSoJH5czBF21Sus1oqhqzcXbPhbx1UdXUk=; b=OQVrFko4V661JvWoKOFMcOZ7QKhFT/DlhFkT/zefEsUs/7yLflSlh9khyB3b0Pycaw YP4OsMIodiytiahG7QiCNppCziVhpt2JboPiub5GhXulx2+ZsQF6qB8KJzkXsP7VRKGD 0CZWZPEyHqrlpzw14SfDpOwowhOHzIXodSB0YrmLWNcVej1VMNy1Q7eObG0vJ5J2hp4j XDvgZbevIXrGER2R8DbZDD9t38+JM6myPnYKIH1lfiUT/ZaE85QNtm+gFRD2rjbxvoR1 /jq/WsgmIz5miixBpP6GLRuLoV35+/RXM/iMgoMtnr37F8zJojeqe8iieGpz0Wd6tjt/ 5wWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763684650; x=1764289450; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=kXY0DT6HIsSoJH5czBF21Sus1oqhqzcXbPhbx1UdXUk=; b=MGmAWaonJcffr+upDTLzEygtzx/MGWDpvGpSrtsZSMy+U8jKiUG+g/JjyIm8bTPB3u OZHQmiprwTaG6EJaSLlwloOHVIaM5JVKZqBijBjLpC3krmblikHbhbHZgWQD1rJZrf9Z mje9+IDnmMsQlApotVigFk9tsvGh7c72cOLGDogsZNo/apxTdM0fPeAL2cjSp/QVpzPu nTr6G41qVF6wD0rSqkgViPn/dPOoE0nRoBzs/4MAXmcu1Qhlj4ZmAVF0mLvDaAw++IaW 7DqH++PqqXwfcsg/WIqo/utJiiBmMs9L9PEEpcPML2odKTGlPGMEKqjoYhVqaiGScvu6 I9tA== X-Forwarded-Encrypted: i=1; AJvYcCXpaGJZtXd+CnH08+gaGB+HPYzgJlWcN9cUjvBd+hP6XvuOrNmDh9X95dbzcLWp5TjiuWKL8ZDDFP1LU0s=@vger.kernel.org X-Gm-Message-State: AOJu0YwN+L8JgLR8cXR5xs8jGbEtNpmNm3DXQGB3Vt1l4XfD+2K00wIZ ajb+Hld+ZOM9rse7+Dcx1eaUGMrH9D2xS/geR8dKZWeUNPA1bQyGEK/I X-Gm-Gg: ASbGncu7snBRJiBO6wN8hAS3Z04YUXo4X+A8x6Jg72bhv8V9Y7S+2+p9GqcbOgtokTL buTmCLE2SvWnVR5PQ33Oa3fmW+6a3oqNil9SOxxupCcrKFKVUVgABVzAZBNYlJ9OidkygySRgfn sVxhxClILVjzBZsf67se9NozIvqeUlgm9cBLWEziMdTKCp0EypCttYq6nKvMV4zjEkXaZQ/Cyw4 AFD6IuU/zK4zr1KRhK0QxXqV2TpLv8ZXJQEdsDlbrYSzeDnrqa/aSy78Q2m2sBENvu5ace0DVFR 7i9GCNGVJwKJnZ50lwZhFqOUEF+ap4QZy9m53Cl551Rnp9Y6OiRzz571oCxxGVj+2/jGdnJNOpu 7rG6MliuWkTkSJsc40ySgBZTbIXKsLBvMztf132mOYWzs/uCqvM7BXGLsccYJaY0bvqkXESTyNb WUqYRxCTnJpJEy30iUJY27ILaGdPRdrVNuzv0rqLcqkggr+rgR+nRJR7w1iL4dlG2KzjKxcdhJy CaOqtt7XZrOZo4v57fsNX98 X-Google-Smtp-Source: AGHT+IFuVB+OPt8sF01Uh6d7xMc9CZaiz4OHSBYz4E7xn1OnH2Ffn63x7dRG/05JN4//aaaMjYq71A== X-Received: by 2002:a17:902:d54d:b0:295:615d:f1d2 with SMTP id d9443c01a7336-29b6bf5deb5mr6487245ad.48.1763684649751; Thu, 20 Nov 2025 16:24:09 -0800 (PST) Received: from visitorckw-work01.c.googlers.com.com (14.250.194.35.bc.googleusercontent.com. [35.194.250.14]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-bd75e4ca0casm3630383a12.10.2025.11.20.16.24.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 16:24:09 -0800 (PST) From: Kuan-Wei Chiu To: suzuki.poulose@arm.com Cc: mike.leach@linaro.org, james.clark@linaro.org, alexander.shishkin@linux.intel.com, pratikp@codeaurora.org, mathieu.poirier@linaro.org, gregkh@linuxfoundation.org, jserv@ccns.ncku.edu.tw, marscheng@google.com, ericchancf@google.com, milesjiang@google.com, nickpan@google.com, coresight@lists.linaro.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Kuan-Wei Chiu Subject: [PATCH] coresight: etm3x: Fix buffer overwrite in cntr_val_show() Date: Fri, 21 Nov 2025 00:23:50 +0000 Message-ID: <20251121002350.1166758-1-visitorckw@gmail.com> X-Mailer: git-send-email 2.52.0.rc2.455.g230fcf2819-goog Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The cntr_val_show() function is meant to display the values of all available counters. However, the sprintf() call inside the loop was always writing to the beginning of the buffer, causing the output of previous iterations to be overwritten. As a result, only the value of the last counter was actually returned to the user. Fix this by using the return value of sprintf() to calculate the correct offset into the buffer for the next write, ensuring that all counter values are appended sequentially. Fixes: a939fc5a71ad ("coresight-etm: add CoreSight ETM/PTM driver") Signed-off-by: Kuan-Wei Chiu --- Build tested only. I do not have the hardware to run the etm3x driver, so I would be grateful if someone could verify this on actual hardware. I noticed this issue while browsing the coresight code after attending a technical talk on the subject. This code dates back to the initial driver submission over 10 years ago, so I was surprised it hadn't been caught earlier. Although I cannot perform runtime testing, the logic error seems obvious to me, so I still decided to submit this patch. drivers/hwtracing/coresight/coresight-etm3x-sysfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/hwtracing/coresight/coresight-etm3x-sysfs.c b/drivers/= hwtracing/coresight/coresight-etm3x-sysfs.c index 762109307b86..312033e74b7a 100644 --- a/drivers/hwtracing/coresight/coresight-etm3x-sysfs.c +++ b/drivers/hwtracing/coresight/coresight-etm3x-sysfs.c @@ -725,7 +725,7 @@ static ssize_t cntr_val_show(struct device *dev, if (!coresight_get_mode(drvdata->csdev)) { spin_lock(&drvdata->spinlock); for (i =3D 0; i < drvdata->nr_cntr; i++) - ret +=3D sprintf(buf, "counter %d: %x\n", + ret +=3D sprintf(buf + ret, "counter %d: %x\n", i, config->cntr_val[i]); spin_unlock(&drvdata->spinlock); return ret; @@ -733,7 +733,7 @@ static ssize_t cntr_val_show(struct device *dev, =20 for (i =3D 0; i < drvdata->nr_cntr; i++) { val =3D etm_readl(drvdata, ETMCNTVRn(i)); - ret +=3D sprintf(buf, "counter %d: %x\n", i, val); + ret +=3D sprintf(buf + ret, "counter %d: %x\n", i, val); } =20 return ret; --=20 2.52.0.rc2.455.g230fcf2819-goog