[BUG REPORT] firmware: arm_scmi: Shared Memory Overwritten in SCMI Mailbox Communication
Shivnandan Kumar
quic_kshivnan at quicinc.com
Thu Mar 7 22:16:07 PST 2024
On 12/13/2023 11:32 AM, Xinglong Yang wrote:
> The shared memory is overwritten happened in some condition and the detail are
> as follows:
> Based on mailbox transportation. The thread A is waiting for response and The
> thread B is waiting the mark_txdone() to submit the next message. When the thread
> A is timed out because that the callee do not reply promptly and then caller begins
> to tx_tick() for the next message(for thread B). At the same time, the shared memory
> is written by the callee(response for thread A) and set channel free. After the callee
> has written the shared memory. The caller written the shared memory again for
> thread B. In such case the shared memory written by callee is overwritten by caller.
> Later, the caller received the completion IRQ for Thread A(BUT has been overwritten
> by Thread B's tx->buffer). The caller checks the shared memory discover that the buffer
> is error. Which case triggers a chain of errors.
>
> The part of error logs are as follows:
> [ 19.135368] arm-scmi firmware:scmi: timed out in resp(caller: xxx)
> [ 19.508536] arm-scmi firmware:scmi: Invalid message type:0 for 301 - HDR:0x%X state:1
>
> Because the same token ID are received twice by caller, the second IRQ with the same token
> will be treated as invalid message and abandoned.
>
> Regards,
> Xinglong
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
hi Xinglong,
I encountered the same issue recently.
Is any fix identified/merged for this in a separate thread?
Thanks,
Shivnandan
More information about the linux-arm-kernel
mailing list