[BUG REPORT] firmware: arm_scmi: Shared Memory Overwritten in SCMI Mailbox Communication
Xinglong Yang
xinglong.yang at cixtech.com
Tue Dec 12 22:02:18 PST 2023
The shared memory is overwritten happened in some condition and the detail are
as follows:
Based on mailbox transportation. The thread A is waiting for response and The
thread B is waiting the mark_txdone() to submit the next message. When the thread
A is timed out because that the callee do not reply promptly and then caller begins
to tx_tick() for the next message(for thread B). At the same time, the shared memory
is written by the callee(response for thread A) and set channel free. After the callee
has written the shared memory. The caller written the shared memory again for
thread B. In such case the shared memory written by callee is overwritten by caller.
Later, the caller received the completion IRQ for Thread A(BUT has been overwritten
by Thread B's tx->buffer). The caller checks the shared memory discover that the buffer
is error. Which case triggers a chain of errors.
The part of error logs are as follows:
[ 19.135368] arm-scmi firmware:scmi: timed out in resp(caller: xxx)
[ 19.508536] arm-scmi firmware:scmi: Invalid message type:0 for 301 - HDR:0x%X state:1
Because the same token ID are received twice by caller, the second IRQ with the same token
will be treated as invalid message and abandoned.
Regards,
Xinglong
More information about the linux-arm-kernel
mailing list