On 4/9/2025 4:47 AM, Sumit Kumar wrote:
Inside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated before the buffer is written, potentially causing race conditions where the host sees an updated read pointer before the buffer is actually written. Updating rd_offset prematurely can lead to the host accessing an uninitialized or incomplete element, resulting in data corruption.
Invoke the buffer write before updating rd_offset to ensure the element is fully written before signaling its availability.
Fixes: bbdcba57a1a2 ("bus: mhi: ep: Add support for ring management") cc: stable@vger.kernel.org Co-developed-by: Youssef Samir quic_yabdulra@quicinc.com Signed-off-by: Youssef Samir quic_yabdulra@quicinc.com Signed-off-by: Sumit Kumar quic_sumk@quicinc.com
Reviewed-by: Jeff Hugo jeff.hugo@oss.qualcomm.com