[PATCH v2 4/4] wifi: ath12k: fix dest ring-buffer corruption when ring is full
Johan Hovold
johan at kernel.org
Fri Jun 6 02:19:16 PDT 2025
On Fri, Jun 06, 2025 at 03:27:04PM +0800, Miaoqing Pan wrote:
> On 6/4/2025 10:45 PM, Johan Hovold wrote:
> > Add the missing memory barriers to make sure that destination ring
> > descriptors are read before updating the tail pointer (and passing
> > ownership to the device) to avoid memory corruption on weakly ordered
> > architectures like aarch64 when the ring is full.
> > @@ -2184,6 +2187,10 @@ void ath12k_hal_srng_access_end(struct ath12k_base *ab, struct hal_srng *srng)
> > srng->u.src_ring.hp);
> > } else {
> > srng->u.dst_ring.last_hp = *srng->u.dst_ring.hp_addr;
> > + /* Make sure descriptor is read before updating the
> > + * tail pointer.
> > + */
> > + mb();
>
> Is rmb() sufficient, since MMIO write already includes wmb()?
No, rmb() only orders reads against later reads.
[ The wmb() itself orders reads against later writes on aarch64, but
that's not generally guaranteed and hence should not be relied on in
driver code. ]
> > ath12k_hif_write32(ab,
> > (unsigned long)srng->u.dst_ring.tp_addr -
> > (unsigned long)ab->mem,
Johan
More information about the ath12k
mailing list