diff mbox series

[1/2] ASoC: SOF: Refactor rx function for fuzzing

Message ID 20230608221822.2825786-1-cujomalainey@chromium.org (mailing list archive)
State Accepted
Commit 12c41c779fad54714ce4901757374f6006a88644
Headers show
Series [1/2] ASoC: SOF: Refactor rx function for fuzzing | expand

Commit Message

Curtis Malainey June 8, 2023, 10:18 p.m. UTC 
From: Curtis Malainey <cujomalainey@chromium.org>

Refactor the function so reading the data is done outside the work
function so fuzzing can pass data directly into the work callbacks.

Also expose the inner function outside the module so we can call it from
the injector.

Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Péter Ujfalusi <peter.ujfalusi@linux.intel.com>
---
 sound/soc/sof/ipc3-priv.h |  2 ++
 sound/soc/sof/ipc3.c      | 63 ++++++++++++++++++++++++---------------
 2 files changed, 41 insertions(+), 24 deletions(-)

Comments

Mark Brown June 9, 2023, 12:03 p.m. UTC | #1 
On Thu, 08 Jun 2023 15:18:15 -0700, cujomalainey@chromium.org wrote:
> Refactor the function so reading the data is done outside the work
> function so fuzzing can pass data directly into the work callbacks.
> 
> Also expose the inner function outside the module so we can call it from
> the injector.
> 
> 
> [...]

Applied to

   https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next

Thanks!

[1/2] ASoC: SOF: Refactor rx function for fuzzing
      commit: 12c41c779fad54714ce4901757374f6006a88644
[2/2] ASoC: SOF: Add IPC3 Kernel Injector
      commit: 70dad53ddff0778c4920a1ee9eb1cfea539d4e91

All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24 hours) and sent to Linus during
the next merge window (or sooner if it is a bug fix), however if
problems are discovered then the patch may be dropped or reverted.

You may get further e-mails resulting from automated or manual testing
and review of the tree, please engage with people reporting problems and
send followup patches addressing any issues that are reported if needed.

If any updates are required or you are submitting further changes they
should be sent as incremental updates against current git, existing
patches will not be replaced.

Please add any relevant lists and maintainers to the CCs when replying
to this mail.

Thanks,
Mark
diff mbox series

Patch

diff --git a/sound/soc/sof/ipc3-priv.h b/sound/soc/sof/ipc3-priv.h
index f5044202f3c5a..0bbca418e67e6 100644
--- a/sound/soc/sof/ipc3-priv.h
+++ b/sound/soc/sof/ipc3-priv.h
@@ -28,6 +28,8 @@  int sof_ipc3_validate_fw_version(struct snd_sof_dev *sdev);
 /* dtrace position update */
 int ipc3_dtrace_posn_update(struct snd_sof_dev *sdev,
 			    struct sof_ipc_dma_trace_posn *posn);
+/* RX handler backend */
+void sof_ipc3_do_rx_work(struct snd_sof_dev *sdev, struct sof_ipc_cmd_hdr *hdr, void *msg_buf);
 
 /* dtrace platform callback wrappers */
 static inline int sof_dtrace_host_init(struct snd_sof_dev *sdev,
diff --git a/sound/soc/sof/ipc3.c b/sound/soc/sof/ipc3.c
index c677677420939..ec1ac0fb2d9f8 100644
--- a/sound/soc/sof/ipc3.c
+++ b/sound/soc/sof/ipc3.c
@@ -954,31 +954,21 @@  static void ipc3_trace_message(struct snd_sof_dev *sdev, void *msg_buf)
 	}
 }
 
-/* DSP firmware has sent host a message  */
-static void sof_ipc3_rx_msg(struct snd_sof_dev *sdev)
+void sof_ipc3_do_rx_work(struct snd_sof_dev *sdev, struct sof_ipc_cmd_hdr *hdr, void *msg_buf)
 {
 	ipc3_rx_callback rx_callback = NULL;
-	struct sof_ipc_cmd_hdr hdr;
-	void *msg_buf;
 	u32 cmd;
 	int err;
 
-	/* read back header */
-	err = snd_sof_ipc_msg_data(sdev, NULL, &hdr, sizeof(hdr));
-	if (err < 0) {
-		dev_warn(sdev->dev, "failed to read IPC header: %d\n", err);
-		return;
-	}
+	ipc3_log_header(sdev->dev, "ipc rx", hdr->cmd);
 
-	if (hdr.size < sizeof(hdr) || hdr.size > SOF_IPC_MSG_MAX_SIZE) {
+	if (hdr->size < sizeof(hdr) || hdr->size > SOF_IPC_MSG_MAX_SIZE) {
 		dev_err(sdev->dev, "The received message size is invalid: %u\n",
-			hdr.size);
+			hdr->size);
 		return;
 	}
 
-	ipc3_log_header(sdev->dev, "ipc rx", hdr.cmd);
-
-	cmd = hdr.cmd & SOF_GLB_TYPE_MASK;
+	cmd = hdr->cmd & SOF_GLB_TYPE_MASK;
 
 	/* check message type */
 	switch (cmd) {
@@ -1016,6 +1006,36 @@  static void sof_ipc3_rx_msg(struct snd_sof_dev *sdev)
 		break;
 	}
 
+	/* Call local handler for the message */
+	if (rx_callback)
+		rx_callback(sdev, msg_buf);
+
+	/* Notify registered clients */
+	sof_client_ipc_rx_dispatcher(sdev, msg_buf);
+
+	ipc3_log_header(sdev->dev, "ipc rx done", hdr->cmd);
+}
+EXPORT_SYMBOL(sof_ipc3_do_rx_work);
+
+/* DSP firmware has sent host a message  */
+static void sof_ipc3_rx_msg(struct snd_sof_dev *sdev)
+{
+	struct sof_ipc_cmd_hdr hdr;
+	void *msg_buf;
+	int err;
+
+	/* read back header */
+	err = snd_sof_ipc_msg_data(sdev, NULL, &hdr, sizeof(hdr));
+	if (err < 0) {
+		dev_warn(sdev->dev, "failed to read IPC header: %d\n", err);
+		return;
+	}
+
+	if (hdr.size < sizeof(hdr)) {
+		dev_err(sdev->dev, "The received message size is invalid\n");
+		return;
+	}
+
 	/* read the full message */
 	msg_buf = kmalloc(hdr.size, GFP_KERNEL);
 	if (!msg_buf)
@@ -1024,18 +1044,13 @@  static void sof_ipc3_rx_msg(struct snd_sof_dev *sdev)
 	err = snd_sof_ipc_msg_data(sdev, NULL, msg_buf, hdr.size);
 	if (err < 0) {
 		dev_err(sdev->dev, "%s: Failed to read message: %d\n", __func__, err);
-	} else {
-		/* Call local handler for the message */
-		if (rx_callback)
-			rx_callback(sdev, msg_buf);
-
-		/* Notify registered clients */
-		sof_client_ipc_rx_dispatcher(sdev, msg_buf);
+		kfree(msg_buf);
+		return;
 	}
 
-	kfree(msg_buf);
+	sof_ipc3_do_rx_work(sdev, &hdr, msg_buf);
 
-	ipc3_log_header(sdev->dev, "ipc rx done", hdr.cmd);
+	kfree(msg_buf);
 }
 
 static int sof_ipc3_set_core_state(struct snd_sof_dev *sdev, int core_idx, bool on)