[BUG REPORT] firmware: arm_scmi: Shared Memory Overwritten in SCMI Mailbox Communication

Sudeep Holla sudeep.holla at arm.com
Fri Mar 8 01:53:11 PST 2024 

On Fri, Mar 08, 2024 at 08:33:17AM +0000, Cristian Marussi wrote:
> On Fri, Mar 08, 2024 at 11:46:07AM +0530, Shivnandan Kumar wrote:
> > On 12/13/2023 11:32 AM, Xinglong Yang wrote:
> > > The shared memory is overwritten happened in some condition and the detail are
> > > as follows:
> > > Based on mailbox transportation. The thread A is waiting for response and The
> > > thread B is waiting the mark_txdone() to submit the next message. When the thread
> > > A is timed out because that the callee do not reply promptly and then caller begins
> > > to tx_tick() for the next message(for thread B). At the same time, the shared memory
> > > is written by the callee(response for thread A) and set channel free. After the callee
> > > has written the shared memory. The caller written the shared memory again for
> > > thread B. In such case the shared memory written by callee is overwritten by caller.
> > > Later, the caller received the completion IRQ for Thread A(BUT has been overwritten
> > > by Thread B's tx->buffer). The caller checks the shared memory discover that the buffer
> > > is error. Which case triggers a chain of errors.
> > >
> > > The part of error logs are as follows:
> > > [    19.135368] arm-scmi firmware:scmi: timed out in resp(caller: xxx)
> > > [    19.508536] arm-scmi firmware:scmi: Invalid message type:0 for 301 - HDR:0x%X state:1
> > >
> > > Because the same token ID are received twice by caller, the second IRQ with the same token
> > > will be treated as invalid message and abandoned.
> > >
> > > Regards,
> > > Xinglong
> > >
> > > _______________________________________________
> > > linux-arm-kernel mailing list
> > > linux-arm-kernel at lists.infradead.org
> > > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
> >
> >
> > hi Xinglong,
> >
>
> Hi Shivnandan,
>
> > I encountered the same issue recently.
> > Is any fix identified/merged for this in a separate thread?

I assume you are running neither latest upstream nor the latest stable
trees(v5.15+)

>
> This fix has beem merged back to 5.15 stable.
>
> https://lore.kernel.org/linux-arm-kernel/20231220172112.763539-1-cristian.marussi@arm.com/

--
Regards,
Sudeep

More information about the linux-arm-kernel mailing list