[PATCH 3/3] rpmsg: glink: smem: Use modulo for FIFO tail wrap-around in rx_advance

Next message: Loic Poulain: "Re: [PATCH v8 2/2] phy: qcom-mipi-csi2: Add a CSI2 MIPI DPHY driver"
Previous message: Ulf Hansson: "Re: [PATCH] pmdomain: sunxi: support power domain flags for pck600"
In reply to: Dmitry Baryshkov: "Re: [PATCH 2/3] rpmsg: glink: smem: Add WARN_ON_ONCE for FIFO index invariants"
Next in thread: Dmitry Baryshkov: "Re: [PATCH 3/3] rpmsg: glink: smem: Use modulo for FIFO tail wrap-around in rx_advance"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chunkai Deng

Date: Wed Jun 03 2026 - 06:16:47 EST

glink_smem_rx_advance() wraps the tail index with a single subtraction,
which only corrects for one full wrap. The advance count is derived from
remote-supplied packet fields (up to sizeof(glink_msg) + 0xffff bytes);
if such a count reaches or exceeds pipe->native.length, the tail remains
outside [0, length) after the subtraction and the next FIFO access uses
an out-of-bounds offset.

Use modulo so the tail is always normalised back into [0, length),
keeping it consistent with the index bounds enforced by the WARN_ON_ONCE
checks added to the FIFO helpers.

Signed-off-by: Chunkai Deng <chunkai.deng@xxxxxxxxxxxxxxxx>
---
drivers/rpmsg/qcom_glink_smem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/rpmsg/qcom_glink_smem.c b/drivers/rpmsg/qcom_glink_smem.c
index 42ad315d7910..4f143921b719 100644
--- a/drivers/rpmsg/qcom_glink_smem.c
+++ b/drivers/rpmsg/qcom_glink_smem.c
@@ -129,7 +129,7 @@ static void glink_smem_rx_advance(struct qcom_glink_pipe *np,

tail += count;
if (tail >= pipe->native.length)
- tail -= pipe->native.length;
+ tail %= pipe->native.length;

*pipe->tail = cpu_to_le32(tail);
}

--
2.34.1