-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DMA trace output can contain repeated trace data blocks #1
Milestone
Comments
it is fixed by b51fefb |
This issue is fixed by #71 |
This was referenced Nov 2, 2018
libinyang
added a commit
to libinyang/sof
that referenced
this issue
Nov 12, 2018
If the channel is not running, we should remove the task of dma work. This patch fixes the coverity issue below: static uint64_t dw_dma_work(void *data, uint64_t delay) 1063{ 1064 struct dma_id *dma_id = (struct dma_id *)data; 1065 struct dma *dma = dma_id->dma; 1066 struct dma_pdata p = dma_get_drvdata(dma); 1. var_decl: Declaring variable next without initializer. 1067 struct dma_sg_elem next; 1068 int i = dma_id->channel; 1069 1070 tracev_dma("wrk"); 1071 1072 / skip if channel is not running */ 2. Condition p->chan[i].status != 5, taking true branch. 1073 if (p->chan[i].status != COMP_STATE_ACTIVE) { 1074 trace_dma_error("eDs"); 3. Jumping to label out. 1075 goto out; 1076 } 1077 1078 dw_dma_process_block(&p->chan[i], &next); 1079 1080out: CID 324979 (thesofproject#1 of 1): Uninitialized scalar variable (UNINIT) 4. uninit_use: Using uninitialized value next.size. 1081 return next.size == DMA_RELOAD_END ? 0 : p->chan[i].timer_delay; Signed-off-by: Libin Yang <libin.yang@intel.com>
libinyang
added a commit
to libinyang/sof
that referenced
this issue
Nov 13, 2018
When host stop fails, it should return the errno. This patch fixes the coverity the below coverity check issue: static int host_trigger(struct comp_dev *dev, int cmd) 273{ 274 struct host_data *hd = comp_get_drvdata(dev); 275 int ret = 0; 276 277 trace_host("trg"); 278 279 ret = comp_set_state(dev, cmd); 280 if (ret < 0) 281 goto out; 282 283 switch (cmd) { 284 case COMP_TRIGGER_STOP: CID 324978 (thesofproject#1 of 1): Unused value (UNUSED_VALUE) returned_value: Assigning value from host_stop(dev) to ret here, but that stored value is overwritten before it can be used. 285 ret = host_stop(dev); 286 /* fall through / 287 case COMP_TRIGGER_XRUN: 288/ TODO: add attribute to dma interface and do run-time if() here */ 289#if defined CONFIG_DMA_GW value_overwrite: Overwriting previous write to ret with value from dma_stop(hd->dma, hd->chan). 290 ret = dma_stop(hd->dma, hd->chan); 291#endif Signed-off-by: Libin Yang <libin.yang@intel.com>
lgirdwood
pushed a commit
that referenced
this issue
Dec 5, 2022
Update READY_IPC value based on changes regarding MU reset. READY_IPC value comes from: - clear GP pending interrupt #0 and #1 from MU's xSR register; - enable GP #0 and #1 for Host -> DSP and DSP -> Host message notification from MU's xCR register; - now interrupt host to tell it we are done booting by setting GIRn bit in MU's xCR register. So, "00 00 00 c0 00 00 04 c0" is the MU's xSR and xCR registers: xSR: c0000000 and xCR: c0040000 Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
perahgren
pushed a commit
that referenced
this issue
Dec 6, 2022
Update READY_IPC value based on changes regarding MU reset. READY_IPC value comes from: - clear GP pending interrupt #0 and #1 from MU's xSR register; - enable GP #0 and #1 for Host -> DSP and DSP -> Host message notification from MU's xCR register; - now interrupt host to tell it we are done booting by setting GIRn bit in MU's xCR register. So, "00 00 00 c0 00 00 04 c0" is the MU's xSR and xCR registers: xSR: c0000000 and xCR: c0040000 Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
dbaluta
pushed a commit
that referenced
this issue
Dec 9, 2022
Update READY_IPC value based on changes regarding MU reset. READY_IPC value comes from: - clear GP pending interrupt #0 and #1 from MU's xSR register; - enable GP #0 and #1 for Host -> DSP and DSP -> Host message notification from MU's xCR register; - now interrupt host to tell it we are done booting by setting GIRn bit in MU's xCR register. So, "00 00 00 c0 00 00 04 c0" is the MU's xSR and xCR registers: xSR: c0000000 and xCR: c0040000 Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> (cherry picked from commit 6131901)
dbaluta
pushed a commit
that referenced
this issue
Dec 9, 2022
Update READY_IPC value based on changes regarding MU reset. READY_IPC value comes from: - clear GP pending interrupt #0 and #1 from MU's xSR register; - enable GP #0 and #1 for Host -> DSP and DSP -> Host message notification from MU's xCR register; - now interrupt host to tell it we are done booting by setting GIRn bit in MU's xCR register. So, "00 00 00 c0 00 00 04 c0" is the MU's xSR and xCR registers: xSR: c0000000 and xCR: c0040000 Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> (cherry picked from commit 6131901)
kv2019i
added a commit
to kv2019i/sof
that referenced
this issue
Jan 26, 2023
Multiple pipelines had incorrect num_audio_formats leading to invalid format structures ending up to topology. Example FW trace: [ 1601.624195] sof-audio-pci-intel-tgl 0000:00:1f.3: Get input audio formats for copier.module.8.2 [ 1601.624197] sof-audio-pci-intel-tgl 0000:00:1f.3: #0: 48000KHz, 32bit (ch_map 0xffffff10 ch_cfg 1 interleaving_style 0 fmt_cfg 0x2002) [ 1601.624201] sof-audio-pci-intel-tgl 0000:00:1f.3: thesofproject#1: 0KHz, 0bit (ch_map 0x0 ch_cfg 0 interleaving_style 0 fmt_cfg 0x0) Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
kv2019i
added a commit
that referenced
this issue
Jan 26, 2023
Multiple pipelines had incorrect num_audio_formats leading to invalid format structures ending up to topology. Example FW trace: [ 1601.624195] sof-audio-pci-intel-tgl 0000:00:1f.3: Get input audio formats for copier.module.8.2 [ 1601.624197] sof-audio-pci-intel-tgl 0000:00:1f.3: #0: 48000KHz, 32bit (ch_map 0xffffff10 ch_cfg 1 interleaving_style 0 fmt_cfg 0x2002) [ 1601.624201] sof-audio-pci-intel-tgl 0000:00:1f.3: #1: 0KHz, 0bit (ch_map 0x0 ch_cfg 0 interleaving_style 0 fmt_cfg 0x0) Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
keqiaozhang
pushed a commit
to keqiaozhang/sof
that referenced
this issue
Mar 7, 2023
Initial commit of rimage tool
lgirdwood
pushed a commit
that referenced
this issue
Feb 28, 2024
As discussed in the alternative approach zephyrproject-rtos/zephyr#68494, k_panic() in POSIX mode has various shortcomings that do not provide a useful trace. Useless pointers to signal handlers or other cleanup routines are printed instead. Leverage our already existing k_sys_fatal_error_handler() and dereference a NULL pointer there when in POSIX mode. This "fails fast" and provides a complete and relevant stack trace in CI when fuzzing or when using some other static analyzer. Example of how fuzzing failure #8832 would have looked like in CI results thanks to this commit: ``` ./build-fuzz/zephyr/zephyr.exe: Running 1 inputs 1 time(s) each. Running: ./rballoc_align_fuzz_crash *** Booting Zephyr OS build zephyr-v3.5.0-3971-ge07de4e0a167 *** [00:00:00.000,000] <inf> main: SOF on native_posix [00:00:00.000,000] <inf> main: SOF initialized @ WEST_TOPDIR/sof/zephyr/lib/alloc.c:391 [00:00:00.000,000] <err> os: >>> ZEPHYR FATAL ERROR 4: Kernel panic [00:00:00.000,000] <err> os: Current thread: 0x891f8a0 (unknown) [00:00:00.000,000] <err> zephyr: Halting emulation AddressSanitizer:DEADLYSIGNAL ================================================================= ==1784402==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000 ==1784402==The signal is caused by a WRITE memory access. ==1784402==Hint: address points to the zero page. #0 0x829a77d in k_sys_fatal_error_handler zephyr/wrapper.c:352:19 #1 0x829b8c0 in rballoc_align zephyr/lib/alloc.c:391:3 #2 0x8281438 in buffer_alloc src/audio/buffer.c:58:16 #3 0x826a60a in buffer_new src/ipc/ipc-helper.c:48:11 #4 0x8262107 in ipc_buffer_new src/ipc/ipc3/helper.c:459:11 #5 0x825944d in ipc_glb_tplg_buffer_new src/ipc/ipc3/handler.c:1305:8 #6 0x8257036 in ipc_cmd src/ipc/ipc3/handler.c:1651:9 #7 0x8272e59 in ipc_platform_do_cmd src/platform/posix/ipc.c:162:2 #8 0x826a2ac in ipc_do_cmd src/ipc/ipc-common.c:328:9 #9 0x829b0ab in task_run zephyr/include/rtos/task.h:94:9 #10 0x829abd8 in edf_work_handler zephyr/edf_schedule.c:32:16 #11 0x83560f7 in work_queue_main zephyr/kernel/work.c:688:3 #12 0x82244c2 in z_thread_entry zephyr/lib/os/thread_entry.c:48:2 ``` Signed-off-by: Marc Herbert <marc.herbert@intel.com>
jsarha
pushed a commit
to jsarha/sof
that referenced
this issue
Oct 16, 2024
The fuzzer engine has produced crash caused by NULL pointer read that originated from ipc_stream_pcm_free(). The crash happens when the pipeline of the found comp_dev does not have a source_comp and pipeline_reset() is called for it. This commit simply adds a test for such a situation and bails out if it is found. Here is the call stack from the situation: #0 0x81e9317 in dev_comp_pipe_id sof/sof/src/include/sof/audio/component.h:646:25 thesofproject#1 0x81e8015 in pipeline_comp_reset sof/sof/src/audio/pipeline/pipeline-graph.c:326:22 thesofproject#2 0x81e7d1d in pipeline_reset sof/sof/src/audio/pipeline/pipeline-graph.c:393:8 thesofproject#3 0x820d7ea in ipc_stream_pcm_free sof/sof/src/ipc/ipc3/handler.c:398:8 thesofproject#4 0x8208969 in ipc_cmd sof/sof/src/ipc/ipc3/handler.c:1689:9 thesofproject#5 0x81cbed8 in ipc_platform_do_cmd sof/sof/src/platform/posix/ipc.c:162:2 thesofproject#6 0x81d10db in ipc_do_cmd sof/sof/src/ipc/ipc-common.c:330:9 thesofproject#7 0x81f87e9 in task_run sof/sof/zephyr/include/rtos/task.h:94:9 thesofproject#8 0x81f8308 in edf_work_handler sof/sof/zephyr/edf_schedule.c:31:16 thesofproject#9 0x82b4b32 in work_queue_main sof/zephyr/kernel/work.c:668:3 thesofproject#10 0x8193ec2 in z_thread_entry sof/zephyr/lib/os/thread_entry.c:36:2 thesofproject#11 0x815f639 in __asan::AsanThread::ThreadStart(unsigned long long) /src/llvm-project/compiler-rt/lib/asan/asan_thread.cpp:277:25 Signed-off-by: Jyri Sarha <jyri.sarha@linux.intel.com>
jsarha
pushed a commit
to jsarha/sof
that referenced
this issue
Oct 17, 2024
The fuzzer engine has produced crash caused by NULL pointer read that originated from ipc_stream_pcm_free(). The crash happens when the pipeline of the found comp_dev does not have a source_comp and pipeline_reset() is called for it. This commit simply adds a test for such a situation and bails out if it is found. Here is the call stack from the situation: #0 0x81e9317 in dev_comp_pipe_id sof/sof/src/include/sof/audio/component.h:646:25 thesofproject#1 0x81e8015 in pipeline_comp_reset sof/sof/src/audio/pipeline/pipeline-graph.c:326:22 thesofproject#2 0x81e7d1d in pipeline_reset sof/sof/src/audio/pipeline/pipeline-graph.c:393:8 thesofproject#3 0x820d7ea in ipc_stream_pcm_free sof/sof/src/ipc/ipc3/handler.c:398:8 thesofproject#4 0x8208969 in ipc_cmd sof/sof/src/ipc/ipc3/handler.c:1689:9 thesofproject#5 0x81cbed8 in ipc_platform_do_cmd sof/sof/src/platform/posix/ipc.c:162:2 thesofproject#6 0x81d10db in ipc_do_cmd sof/sof/src/ipc/ipc-common.c:330:9 thesofproject#7 0x81f87e9 in task_run sof/sof/zephyr/include/rtos/task.h:94:9 thesofproject#8 0x81f8308 in edf_work_handler sof/sof/zephyr/edf_schedule.c:31:16 thesofproject#9 0x82b4b32 in work_queue_main sof/zephyr/kernel/work.c:668:3 thesofproject#10 0x8193ec2 in z_thread_entry sof/zephyr/lib/os/thread_entry.c:36:2 thesofproject#11 0x815f639 in __asan::AsanThread::ThreadStart(unsigned long long) /src/llvm-project/compiler-rt/lib/asan/asan_thread.cpp:277:25 Signed-off-by: Jyri Sarha <jyri.sarha@linux.intel.com>
jsarha
pushed a commit
to jsarha/sof
that referenced
this issue
Oct 18, 2024
The fuzzer engine has produced crash caused by NULL pointer read that originated from ipc3 ipc_stream_pcm_free(). The crash happens when the pipeline of the found comp_dev does not have a source_comp and pipeline_reset() is called for it. This commit adds check to pipeline_comp_test() for this situation and bails out if it is found. Here is the call stack from the situation: #0 0x81e9317 in dev_comp_pipe_id sof/sof/src/include/sof/audio/component.h:646:25 thesofproject#1 0x81e8015 in pipeline_comp_reset sof/sof/src/audio/pipeline/pipeline-graph.c:326:22 thesofproject#2 0x81e7d1d in pipeline_reset sof/sof/src/audio/pipeline/pipeline-graph.c:393:8 thesofproject#3 0x820d7ea in ipc_stream_pcm_free sof/sof/src/ipc/ipc3/handler.c:398:8 thesofproject#4 0x8208969 in ipc_cmd sof/sof/src/ipc/ipc3/handler.c:1689:9 thesofproject#5 0x81cbed8 in ipc_platform_do_cmd sof/sof/src/platform/posix/ipc.c:162:2 thesofproject#6 0x81d10db in ipc_do_cmd sof/sof/src/ipc/ipc-common.c:330:9 thesofproject#7 0x81f87e9 in task_run sof/sof/zephyr/include/rtos/task.h:94:9 thesofproject#8 0x81f8308 in edf_work_handler sof/sof/zephyr/edf_schedule.c:31:16 thesofproject#9 0x82b4b32 in work_queue_main sof/zephyr/kernel/work.c:668:3 thesofproject#10 0x8193ec2 in z_thread_entry sof/zephyr/lib/os/thread_entry.c:36:2 thesofproject#11 0x815f639 in __asan::AsanThread::ThreadStart(unsigned long long) /src/llvm-project/compiler-rt/lib/asan/asan_thread.cpp:277:25 Signed-off-by: Jyri Sarha <jyri.sarha@linux.intel.com>
lgirdwood
pushed a commit
that referenced
this issue
Oct 21, 2024
The fuzzer engine has produced crash caused by NULL pointer read that originated from ipc3 ipc_stream_pcm_free(). The crash happens when the pipeline of the found comp_dev does not have a source_comp and pipeline_reset() is called for it. This commit adds check to pipeline_comp_test() for this situation and bails out if it is found. Here is the call stack from the situation: #0 0x81e9317 in dev_comp_pipe_id sof/sof/src/include/sof/audio/component.h:646:25 #1 0x81e8015 in pipeline_comp_reset sof/sof/src/audio/pipeline/pipeline-graph.c:326:22 #2 0x81e7d1d in pipeline_reset sof/sof/src/audio/pipeline/pipeline-graph.c:393:8 #3 0x820d7ea in ipc_stream_pcm_free sof/sof/src/ipc/ipc3/handler.c:398:8 #4 0x8208969 in ipc_cmd sof/sof/src/ipc/ipc3/handler.c:1689:9 #5 0x81cbed8 in ipc_platform_do_cmd sof/sof/src/platform/posix/ipc.c:162:2 #6 0x81d10db in ipc_do_cmd sof/sof/src/ipc/ipc-common.c:330:9 #7 0x81f87e9 in task_run sof/sof/zephyr/include/rtos/task.h:94:9 #8 0x81f8308 in edf_work_handler sof/sof/zephyr/edf_schedule.c:31:16 #9 0x82b4b32 in work_queue_main sof/zephyr/kernel/work.c:668:3 #10 0x8193ec2 in z_thread_entry sof/zephyr/lib/os/thread_entry.c:36:2 #11 0x815f639 in __asan::AsanThread::ThreadStart(unsigned long long) /src/llvm-project/compiler-rt/lib/asan/asan_thread.cpp:277:25 Signed-off-by: Jyri Sarha <jyri.sarha@linux.intel.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The DMA trace data read by rmbox can contain repeated blocks of trace data.
The text was updated successfully, but these errors were encountered: