Re: [PATCH] bus: mhi: ep: Update read pointer only after buffer is written

From: Jeff Hugo
Date: Wed Apr 09 2025 - 10:46:54 EST

Next message: Rafael J. Wysocki: "Re: [PATCH v1 0/2] cpuidle: teo: Refine handling of short idle intervals"
Previous message: Peter Zijlstra: "Re: [PATCH RFC 5/5] objtool: Improve code generation readability"
In reply to: Krishna Chaitanya Chundru: "Re: [PATCH] bus: mhi: ep: Update read pointer only after buffer is written"
Next in thread: Manivannan Sadhasivam: "Re: [PATCH] bus: mhi: ep: Update read pointer only after buffer is written"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/9/2025 4:47 AM, Sumit Kumar wrote:

Inside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated
before the buffer is written, potentially causing race conditions where
the host sees an updated read pointer before the buffer is actually
written. Updating rd_offset prematurely can lead to the host accessing
an uninitialized or incomplete element, resulting in data corruption.

Invoke the buffer write before updating rd_offset to ensure the element
is fully written before signaling its availability.

Fixes: bbdcba57a1a2 ("bus: mhi: ep: Add support for ring management")
cc: stable@xxxxxxxxxxxxxxx
Co-developed-by: Youssef Samir <quic_yabdulra@xxxxxxxxxxx>
Signed-off-by: Youssef Samir <quic_yabdulra@xxxxxxxxxxx>
Signed-off-by: Sumit Kumar <quic_sumk@xxxxxxxxxxx>

Reviewed-by: Jeff Hugo <jeff.hugo@xxxxxxxxxxxxxxxx>

Next message: Rafael J. Wysocki: "Re: [PATCH v1 0/2] cpuidle: teo: Refine handling of short idle intervals"
Previous message: Peter Zijlstra: "Re: [PATCH RFC 5/5] objtool: Improve code generation readability"
In reply to: Krishna Chaitanya Chundru: "Re: [PATCH] bus: mhi: ep: Update read pointer only after buffer is written"
Next in thread: Manivannan Sadhasivam: "Re: [PATCH] bus: mhi: ep: Update read pointer only after buffer is written"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]