Re: [PATCH v4] mailbox: Make mbox_send_message() return error code when tx fails

[Sudeep Holla]

On Tue, Apr 21, 2026 at 10:46:52AM +0000, Joonwon Kang wrote:
> When the mailbox controller failed transmitting message, the error code
> was only passed to the client's tx done handler and not to
> mbox_send_message() in blocking mode. For this reason, the function could
> return a false success. This commit resolves the issue by introducing the
> tx status and checking it before mbox_send_message() returns.
>
`tx_complete` and `tx_status` are per-channel, not per-message. Although
`mbox_send_message()` can queue multiple messages, all blocking callers wait
on the same completion, so a completion is not associated with the thread or
message that triggered it.

This creates two issues:

1. Concurrent blocking senders can consume each other’s completions. When
   message A completes, `tx_tick()` may submit message B, then set
   `chan->tx_status` and complete the shared completion. Any waiter may wake,
   including B’s sender, which can return while B is still in flight. It
   happens even w/o this change but with possibly wrong return value after
   this change.

2. `tx_status` can be stale or overwritten. Since it is a single channel field
   written just before `complete()`, a second(possibly fast) `tx_tick()` can
   update it before the first awakened sender reads it. Because `msg_submit()`
   happens before status publication, the next message can complete before the
   previous status is observed if the controller re-enters `tx_tick()` for the
   same channel.

We need to see if there are other issue that needs fixing before you can
propagate the tx error code. Let me know if I am missing something.

-- 
Regards,
Sudeep