kernel/linux.git/sound/soc/sof/ipc3.c, branch v6.12.80

ASoC: SOF: Intel: clarify Copyright information

2024-05-06T14:59:35+00:00

For some reason a number of files included the "All rights reserved" statement. Good old copy-paste made sure this mistake proliferated. Remove the "All rights reserved" in all Intel-copyright to align with internal guidance. Reviewed-by: Cezary Rojewski Signed-off-by: Pierre-Louis Bossart Reviewed-by: Bard Liao Reviewed-by: Péter Ujfalusi Link: https://lore.kernel.org/r/20240503140359.259762-2-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown

ASoC: SOF: IPC3: fix message bounds on ipc ops

2024-02-13T13:28:45+00:00

commit 74ad8ed65121 ("ASoC: SOF: ipc3: Implement rx_msg IPC ops") introduced a new allocation before the upper bounds check in do_rx_work. As a result A DSP can cause bad allocations if spewing garbage. Fixes: 74ad8ed65121 ("ASoC: SOF: ipc3: Implement rx_msg IPC ops") Reported-by: Tim Van Patten Cc: stable@vger.kernel.org Signed-off-by: Curtis Malainey Reviewed-by: Péter Ujfalusi Reviewed-by: Daniel Baluta Reviewed-by: Pierre-Louis Bossart Signed-off-by: Peter Ujfalusi Link: https://msgid.link/r/20240213123834.4827-1-peter.ujfalusi@linux.intel.com Signed-off-by: Mark Brown

ASoC: SOF: ipc3: Use devm_kmemdup to replace devm_kmalloc + memcpy

2023-08-14T18:44:39+00:00

Use the helper function devm_kmemdup() rather than duplicating its implementation, which helps to enhance code readability. Signed-off-by: Li Zetao Reviewed-by: Luca Ceresoli Link: https://lore.kernel.org/r/20230810114738.2103792-3-lizetao1@huawei.com Signed-off-by: Mark Brown

ASoC: Merge up fixes

2023-08-09T23:19:02+00:00

For the benefit of CI

ASoC: SOF: Fix incorrect use of sizeof in sof_ipc3_do_rx_work()

2023-08-07T18:44:54+00:00

Here hdr is a pointer, and we should measure the size of struct sof_ipc_cmd_hdr. Fixes: 12c41c779fad ("ASoC: SOF: Refactor rx function for fuzzing") Signed-off-by: Xia Fukun Reviewed-by: Curtis Malainey Link: https://lore.kernel.org/r/20230807075118.128122-1-xiafukun@huawei.com Signed-off-by: Mark Brown

ASoC: SOF: ipc3: add checks to prevent static analysis warnings

2023-07-31T22:22:13+00:00

make KCFLAGS='-fanalyzer' sound/soc/sof/ reports an issue with memcpy: sound/soc/sof/ipc3.c: In function ‘ipc3_wait_tx_done’: sound/soc/sof/ipc3.c:309:33: error: use of NULL ‘reply_data’ where non-null expected [CWE-476] [-Werror=analyzer-null-argument] 309 | memcpy(reply_data, msg->reply_data, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 310 | msg->reply_size); The finding is legit with this call: return sof_ipc3_tx_msg(sdev, &pm_ctx, sizeof(pm_ctx), NULL, 0, false); Static analysis has no way of knowing that the reply will be zero-sized. Add a check to only do the memcpy if the reply size is not zero and the destination pointer is not NULL. Signed-off-by: Pierre-Louis Bossart Reviewed-by: Rander Wang Reviewed-by: Daniel Baluta Reviewed-by: Yaochun Hung Link: https://lore.kernel.org/r/20230731213748.440285-3-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown

ASoC: SOF: ipc3: Dump IPC message payload

2023-06-16T11:53:51+00:00

Dump the IPC message payload if BIT(11) of sof_debug is set and the message contains more data than just a header. The header size differs between TX and RX and in case of set_get_data, the header is always the reply header for the message regardless if it is TX or RX. The use of printk(KERN_DEBUG "..."); is on purpose to keep the dmesg output tidy. Reviewed-by: Bard Liao Signed-off-by: Peter Ujfalusi Signed-off-by: Pierre-Louis Bossart Link: https://lore.kernel.org/r/20230616100039.378150-6-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown

ASoC: SOF: Refactor rx function for fuzzing

2023-06-09T09:44:39+00:00

Refactor the function so reading the data is done outside the work function so fuzzing can pass data directly into the work callbacks. Also expose the inner function outside the module so we can call it from the injector. Signed-off-by: Curtis Malainey Reviewed-by: Ranjani Sridharan Reviewed-by: Pierre-Louis Bossart Reviewed-by: Péter Ujfalusi Link: https://lore.kernel.org/r/20230608221822.2825786-1-cujomalainey@chromium.org Signed-off-by: Mark Brown

ASoC: SOF: Use no_reply calls for TX

2023-04-20T11:51:45+00:00

Convert all existing calls that pass "NULL, 0" for reply data to the new no_reply calls. Also convert any calls that pass in data but don't actually parse the result. Signed-off-by: Curtis Malainey Signed-off-by: Pierre-Louis Bossart Reviewed-by: Bard Liao Reviewed-by: Péter Ujfalusi Reviewed-by: Ranjani Sridharan Link: https://lore.kernel.org/r/20230419194057.42205-3-pierre-louis.bossart@linux.intel.com Signed-off-by: Mark Brown

ASoC: SOF: ipc3: Check for upper size limit for the received message

2023-03-07T13:57:55+00:00

The sof_ipc3_rx_msg() checks for minimum size of a new rx message but it is missing the check for upper limit. Corrupted or compromised firmware might be able to take advantage of this to cause out of bounds reads outside of the message area. Reported-by: Curtis Malainey Signed-off-by: Peter Ujfalusi Reviewed-by: Pierre-Louis Bossart Reviewed-by: Curtis Malainey Signed-off-by: Peter Ujfalusi Link: https://lore.kernel.org/r/20230307114917.5124-1-peter.ujfalusi@linux.intel.com Signed-off-by: Mark Brown