-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] DSP crash in copier_ipcgtw_create() after Zephyr 26th Nov update #9687
Comments
kv2019i
added
bug
Something isn't working as expected
PTL
Intel Panther Lake platform
labels
Nov 27, 2024
Backtrace parsed shows following: comp_new_ipc4
Code analysis did not reveal any obvious problems and how the attached item could be NULL. It does seem this is not a new bug however, but changes in Zephyr upstream for PTL to make the zero address invalid, may just allow to trap stores with a NULL base address (on other platforms these do not trigger a fault). |
kv2019i
changed the title
[BUG] DSP crash after Zephyr 26th Nov update
[BUG] DSP crash in copier_ipcgtw_create() after Zephyr 26th Nov update
Nov 27, 2024
Next fix: #9691 |
tmleman
added a commit
to tmleman/sof
that referenced
this issue
Nov 28, 2024
This patch addresses a potential NULL pointer dereference issue in the `devicelist_reset` function within the Key Phrase Buffer (KPB) component. The issue was exposed by a recent change in Zephyr's MMU mapping for Intel ADSP ACE30, which now catches NULL pointer accesses. The `devicelist_reset` function previously iterated over the entire `DEVICE_LIST_SIZE` when clearing items and zeroing pointers, which could lead to dereferencing NULL pointers. The fix involves iterating only up to `devlist->count` to ensure that only valid pointers are accessed. This change prevents potential NULL pointer dereference and ensures the stability of the KPB component. Link: thesofproject#9687 Signed-off-by: Tomasz Leman <tomasz.m.leman@intel.com>
tmleman
added a commit
to tmleman/sof
that referenced
this issue
Nov 28, 2024
This patch addresses a NULL dereference issue in the SOF firmware that was exposed by a recent change in Zephyr's MMU mapping for Intel ADSP ACE30. The change prevents mapping of the 0x0 address, which helps catch NULL pointer accesses. The issue was identified during testing, where an exception occurred due to uninitialized buffer lists in the `comp_dev` structure. The `list_init` function is called in `comp_new()` (for both IPC3 and IPC4), but a NULL dereference can happen in the component `ops->create()` function, which is called before the list is initialized. One affected component is IPC4 `copier_ipcgtw`. To fix this, the `bsink_list` and `bsource_list` are now initialized in the `comp_alloc` function. This ensures that the lists point to themselves before any use, preventing NULL dereference and subsequent exceptions. Link: thesofproject#9687 Signed-off-by: Tomasz Leman <tomasz.m.leman@intel.com>
tmleman
added a commit
to tmleman/sof
that referenced
this issue
Nov 28, 2024
This patch addresses a NULL dereference issue in the SOF firmware that was exposed by a recent change in Zephyr's MMU mapping for Intel ADSP ACE30. The change prevents mapping of the 0x0 address, which helps catch NULL pointer accesses. The issue was identified during testing, where an exception occurred due to uninitialized buffer lists in the `comp_dev` structure. The `list_init` function is called in `comp_new()` (for both IPC3 and IPC4), but a NULL dereference can happen in the component `ops->create()` function, which is called before the list is initialized. One affected component is IPC4 `copier_ipcgtw`. To fix this, the `bsink_list` and `bsource_list` are now initialized in the `comp_alloc` function. This ensures that the lists point to themselves before any use, preventing NULL dereference and subsequent exceptions. Link: thesofproject#9687 Signed-off-by: Tomasz Leman <tomasz.m.leman@intel.com> (cherry picked from commit 5f5588c)
tmleman
added a commit
to tmleman/sof
that referenced
this issue
Nov 28, 2024
This patch addresses a potential NULL pointer dereference issue in the `devicelist_reset` function within the Key Phrase Buffer (KPB) component. The issue was exposed by a recent change in Zephyr's MMU mapping for Intel ADSP ACE30, which now catches NULL pointer accesses. The `devicelist_reset` function previously iterated over the entire `DEVICE_LIST_SIZE` when clearing items and zeroing pointers, which could lead to dereferencing NULL pointers. The fix involves iterating only up to `devlist->count` to ensure that only valid pointers are accessed. This change prevents potential NULL pointer dereference and ensures the stability of the KPB component. Link: thesofproject#9687 Signed-off-by: Tomasz Leman <tomasz.m.leman@intel.com>
kv2019i
pushed a commit
that referenced
this issue
Dec 3, 2024
This patch addresses a NULL dereference issue in the SOF firmware that was exposed by a recent change in Zephyr's MMU mapping for Intel ADSP ACE30. The change prevents mapping of the 0x0 address, which helps catch NULL pointer accesses. The issue was identified during testing, where an exception occurred due to uninitialized buffer lists in the `comp_dev` structure. The `list_init` function is called in `comp_new()` (for both IPC3 and IPC4), but a NULL dereference can happen in the component `ops->create()` function, which is called before the list is initialized. One affected component is IPC4 `copier_ipcgtw`. To fix this, the `bsink_list` and `bsource_list` are now initialized in the `comp_alloc` function. This ensures that the lists point to themselves before any use, preventing NULL dereference and subsequent exceptions. Link: #9687 Signed-off-by: Tomasz Leman <tomasz.m.leman@intel.com>
lgirdwood
pushed a commit
that referenced
this issue
Dec 3, 2024
This patch addresses a potential NULL pointer dereference issue in the `devicelist_reset` function within the Key Phrase Buffer (KPB) component. The issue was exposed by a recent change in Zephyr's MMU mapping for Intel ADSP ACE30, which now catches NULL pointer accesses. The `devicelist_reset` function previously iterated over the entire `DEVICE_LIST_SIZE` when clearing items and zeroing pointers, which could lead to dereferencing NULL pointers. The fix involves iterating only up to `devlist->count` to ensure that only valid pointers are accessed. This change prevents potential NULL pointer dereference and ensures the stability of the KPB component. Link: #9687 Signed-off-by: Tomasz Leman <tomasz.m.leman@intel.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
DSP panic seen with Zephyr update in #9671 . This pull-request without the Zephyr update didn't trigger issue, so must be related to the Zephyr version update.
To Reproduce
Tests triggered by CI
Reproduction Rate
100%
Expected behavior
No DSP crash
Impact
Blocking Zephyr updates as a test in PR testing is failing.
Environment
Screenshots or console output
The text was updated successfully, but these errors were encountered: