mei: amthif: discard not read messages

commit 9d04ee11db7bf0d848266cbfd7db336097a0e239 upstream. When a message is received and amthif client is not in reading state the message is ignored and left dangling in the queue. This may happen after one of the amthif host connections is closed w/o completing the reading. Another client will pick up a wrong message on next read attempt which will lead to link reset. To prevent this the driver has to properly discard the message when amthif client is not in reading state. Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

mei: amthif: discard not read messages
commit 9d04ee11db7bf0d848266cbfd7db336097a0e239 upstream. When a message is received and amthif client is not in reading state the message is ignored and left dangling in the queue. This may happen after one of the amthif host connections is closed w/o completing the reading. Another client will pick up a wrong message on next read attempt which will lead to link reset. To prevent this the driver has to properly discard the message when amthif client is not in reading state. Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alexander Usyskin · Greg Kroah-Hartman
1 parent 2826506a7f
Showing 3 changed files with 5 additions and 2 deletions Side-by-side Diff
drivers/misc/mei/amthif.c
drivers/misc/mei/interrupt.c
drivers/misc/mei/mei_dev.h
@@ -417,8 +417,10 @@
  
 	dev = cl->dev;
  
-	if (dev->iamthif_state != MEI_IAMTHIF_READING)
+	if (dev->iamthif_state != MEI_IAMTHIF_READING) {
+		mei_irq_discard_msg(dev, mei_hdr);
 		return 0;
+	}
  
 	ret = mei_cl_irq_read_msg(cl, mei_hdr, cmpl_list);
 	if (ret)
@@ -76,7 +76,6 @@
  * @dev: mei device
  * @hdr: message header
  */
-static inline
 void mei_irq_discard_msg(struct mei_device *dev, struct mei_msg_hdr *hdr)
 {
 	/*
@@ -782,6 +782,8 @@
  
 bool mei_write_is_idle(struct mei_device *dev);
  
+void mei_irq_discard_msg(struct mei_device *dev, struct mei_msg_hdr *hdr);
+
 #if IS_ENABLED(CONFIG_DEBUG_FS)
 int mei_dbgfs_register(struct mei_device *dev, const char *name);
 void mei_dbgfs_deregister(struct mei_device *dev);
...	...	@@ -417,8 +417,10 @@
417	417
418	418	dev = cl->dev;
419	419
420		- if (dev->iamthif_state != MEI_IAMTHIF_READING)
	420	+ if (dev->iamthif_state != MEI_IAMTHIF_READING) {
	421	+ mei_irq_discard_msg(dev, mei_hdr);
421	422	return 0;
	423	+ }
422	424
423	425	ret = mei_cl_irq_read_msg(cl, mei_hdr, cmpl_list);
424	426	if (ret)
...	...	@@ -76,7 +76,6 @@
76	76	* @dev: mei device
77	77	* @hdr: message header
78	78	*/
79		-static inline
80	79	void mei_irq_discard_msg(struct mei_device dev, struct mei_msg_hdr hdr)
81	80	{
82	81	/*
...	...	@@ -782,6 +782,8 @@
782	782
783	783	bool mei_write_is_idle(struct mei_device *dev);
784	784
	785	+void mei_irq_discard_msg(struct mei_device dev, struct mei_msg_hdr hdr);
	786	+
785	787	#if IS_ENABLED(CONFIG_DEBUG_FS)
786	788	int mei_dbgfs_register(struct mei_device dev, const char name);
787	789	void mei_dbgfs_deregister(struct mei_device *dev);