Skip to content

ipc: Fix ipc_msg_send() with payload already prepared#10717

Merged
kv2019i merged 1 commit intothesofproject:mainfrom
ujfalusi:peter/pr/fix_msg_send_with_payload
Apr 24, 2026
Merged

ipc: Fix ipc_msg_send() with payload already prepared#10717
kv2019i merged 1 commit intothesofproject:mainfrom
ujfalusi:peter/pr/fix_msg_send_with_payload

Conversation

@ujfalusi
Copy link
Copy Markdown
Contributor

@ujfalusi ujfalusi commented Apr 23, 2026

If the msg->tx_size/data have been prepared by caller and it calls the function with NULL as data: ipc_msg_send(msg, NULL, false);

then we try to copy from NULL to the msg->tx_data because msg->tx_data != data is true.

The callers could be fixed as well, but the ipc_msg_send() should handle this.

Copilot AI review requested due to automatic review settings April 23, 2026 08:09
Copilot AI reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes ipc_msg_send() so callers can pre-populate msg->tx_data/tx_size and safely call ipc_msg_send(msg, NULL, ...) without triggering a copy attempt from a NULL pointer.

Changes:

  • Guard the payload copy in ipc_msg_send() with data != NULL to avoid memcpy_s() from NULL.
  • Preserve the “no-copy” path for cases where the payload is already prepared in msg->tx_data.

@ujfalusi ujfalusi force-pushed the peter/pr/fix_msg_send_with_payload branch from 69a7486 to b057205 Compare April 23, 2026 11:58
@ujfalusi
Copy link
Copy Markdown
Contributor Author

ujfalusi commented Apr 23, 2026

Changes since v1:

  • update ipc_msg_send_direct() as well

Note: this causes only firmware crash in debug build as assert() is NOP otherwise.

kv2019i
kv2019i reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@kv2019i kv2019i left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo on commit, good otherwise.

Comment thread src/ipc/ipc-common.c
@ujfalusi
ipc: Fix IPC message sending with payload already prepared
92607c7 
If the msg->tx_size/data have been prepared by caller and it calls the
function with NULL as data: ipc_msg_send(msg, NULL, false);

then we try to copy from NULL to the msg->tx_data because
msg->tx_data != data is true.

The callers could be fixed as well, but the ipc_msg_send() and
ipc_msg_send_direct() should handle this.

Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
@ujfalusi ujfalusi force-pushed the peter/pr/fix_msg_send_with_payload branch from b057205 to 92607c7 Compare April 24, 2026 05:39
@ujfalusi
Copy link
Copy Markdown
Contributor Author

ujfalusi commented Apr 24, 2026

Changes since v2:

  • typo fixed in commit message

@kv2019i kv2019i merged commit eaad9b8 into thesofproject:main Apr 24, 2026
40 of 41 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@singalsu singalsu singalsu approved these changes

@kv2019i kv2019i kv2019i approved these changes

@tmleman tmleman tmleman approved these changes

@bardliao bardliao Awaiting requested review from bardliao bardliao is a code owner

@pblaszko pblaszko Awaiting requested review from pblaszko pblaszko is a code owner

@lgirdwood lgirdwood Awaiting requested review from lgirdwood

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ujfalusi @singalsu @kv2019i @tmleman