CVE-2026-46272

In the Linux kernel, the following vulnerability has been resolved:

coresight: tmc-etr: Fix race condition between sysfs and perf mode

When trying to run perf and sysfs mode simultaneously, the WARNON() in tmcetrenablehw() is triggered sometimes:

WARNING: CPU: 42 PID: 3911571 at drivers/hwtracing/coresight/coresight-tmc-etr.c:1060 tmcetrenablehw+0xc0/0xd8 [coresighttmc] [..snip..] Call trace: tmcetrenablehw+0xc0/0xd8 [coresighttmc] (P) tmcenableetrsink+0x11c/0x250 [coresighttmc] (L) tmcenableetrsink+0x11c/0x250 [coresighttmc] coresightenablepath+0x1c8/0x218 [coresight] coresightenablesysfs+0xa4/0x228 [coresight] enablesourcestore+0x58/0xa8 [coresight] devattrstore+0x20/0x40 sysfskfwrite+0x4c/0x68 kernfsfopwriteiter+0x120/0x1b8 vfswrite+0x2c8/0x388 ksys_write+0x74/0x108 __arm64syswrite+0x24/0x38 el0svccommon.constprop.0+0x64/0x148 doel0svc+0x24/0x38 el0svc+0x3c/0x130 el0t64synchandler+0xc8/0xd0 el0t64sync+0x1ac/0x1b0 ---[ end trace 0000000000000000 ]---

Since the enablement of sysfs mode is separeted into two critical regions, one for sysfs buffer allocation and another for hardware enablement, it's possible to race with the perf mode. Fix this by double check whether the perf mode's been used before enabling the hardware in sysfs mode.

mode: [sysfs mode] [perf mode] tmcetrgetsysfsbuffer() spinlock(&drvdata->spinlock) [sysfs buffer allocation] spinunlock(&drvdata->spinlock) spinlock(&drvdata->spinlock) tmcetrenablehw() drvdata->etrbuf = etrperf->etrbuf spinunlock(&drvdata->spinlock) spinlock(&drvdata->spinlock) tmcetrenablehw() WARNON(drvdata->etrbuf) // WARN sicne etrbuf initialized at the perf side spinunlock(&drvdata->spinlock)

With this fix, we retain the check for CSMODEPERF in getetrsysfs_buf. This ensures we verify whether the perf mode's already running before we actually allocate the buffer. Then we can save the time of allocating/freeing the sysfs buffer if race with the perf mode.