CVE-2026-46272

In the Linux kernel, the following vulnerability has been resolved:

coresight: tmc-etr: Fix race condition between sysfs and perf mode

When trying to run perf and sysfs mode simultaneously, the WARN ON() in tmc etr enable hw() is triggered sometimes:

WARNING: CPU: 42 PID: 3911571 at drivers/hwtracing/coresight/coresight-tmc-etr.c:1060 tmc etr enable hw+0xc0/0xd8 [coresight tmc] [..snip..] Call trace: tmc etr enable hw+0xc0/0xd8 [coresight tmc] (P) tmc enable etr sink+0x11c/0x250 [coresight tmc] (L) tmc enable etr sink+0x11c/0x250 [coresight tmc] coresight enable path+0x1c8/0x218 [coresight] coresight enable sysfs+0xa4/0x228 [coresight] enable source store+0x58/0xa8 [coresight] dev attr store+0x20/0x40 sysfs kf write+0x4c/0x68 kernfs fop write iter+0x120/0x1b8 vfs write+0x2c8/0x388 ksys write+0x74/0x108 arm64 sys write+0x24/0x38 el0 svc common.constprop.0+0x64/0x148 do el0 svc+0x24/0x38 el0 svc+0x3c/0x130 el0t 64 sync handler+0xc8/0xd0 el0t 64 sync+0x1ac/0x1b0 ---[ end trace 0000000000000000 ]---

Since the enablement of sysfs mode is separeted into two critical regions, one for sysfs buffer allocation and another for hardware enablement, it's possible to race with the perf mode. Fix this by double check whether the perf mode's been used before enabling the hardware in sysfs mode.

mode: [sysfs mode] [perf mode] tmc etr get sysfs buffer() spin lock(&drvdata->spinlock) [sysfs buffer allocation] spin unlock(&drvdata->spinlock) spin lock(&drvdata->spinlock) tmc etr enable hw() drvdata->etr buf = etr perf->etr buf spin unlock(&drvdata->spinlock) spin lock(&drvdata->spinlock) tmc etr enable hw() WARN ON(drvdata->etr buf) // WARN sicne etr buf initialized at the perf side spin unlock(&drvdata->spinlock)

With this fix, we retain the check for CS MODE PERF in get etr sysfs buf. This ensures we verify whether the perf mode's already running before we actually allocate the buffer. Then we can save the time of allocating/freeing the sysfs buffer if race with the perf mode.