Hi,
By mistake a developer managed to create a 'corrupted' IPC4 firmware image which
loaded fine to the DSP and after boot it sent an IPC reply before we would have
received the FW_READY message.
It turned out that the image was an IPC3 firmware and the IPC reply was the IPC3
FW_READY notification message which got understood as an IPC4 reply message due
to the difference between the two IPC mechanism.
This caused a NULL pointer dereference since the reply memory will be allocated
after the FW_READY message.
To make sure this will not bite again, skip any spurious reply messages before
the FW_READY.
Regards,
Peter
---
Peter Ujfalusi (3):
ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot
ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware
boot
ASoC: SOF: Intel: mtl: Do not process IPC reply before firmware boot
sound/soc/sof/intel/cnl.c | 37 +++++++++++++++++++++------------
sound/soc/sof/intel/hda-ipc.c | 39 ++++++++++++++++++++++-------------
sound/soc/sof/intel/mtl.c | 20 +++++++++++-------
3 files changed, 62 insertions(+), 34 deletions(-)
--
2.37.0
