Check the size of ADSP payload before accessing it.
CRs-Fixed: 2380694
Change-Id: Icdc19a85b39a397ba6d7177f42ece4626b901832
Signed-off-by: Vignesh Kulothungan <vigneshk@codeaurora.org>
Check if payload data is atleast the minimum expected size
before accessing the data in it.
Change-Id: Ia1295ca5ad5d002122e416fae53588681da687ea
Signed-off-by: Karthikeyan Mani <kmani@codeaurora.org>
Check size of payload array before access in qdsp_mvm_callback.
Change-Id: I81d945f963cfb4a3cb26155700b82880d891ec5e
Signed-off-by: Vatsal Bucha <vbucha@codeaurora.org>
Check if payload data is big enough before accessing
the data in it.
Change-Id: I939f205a8cebf6ef4859f81fae5429bca013d540
Signed-off-by: Karthikeyan Mani <kmani@codeaurora.org>
Payload size validity is not checked before using it in array index.
Check payload size to avoid out-of-boundary memory.
Change-Id: Ic0b06bb331fc1753ff7543bb218ab12d6a4a3ca8
Signed-off-by: kunleiz <kunleiz@codeaurora.org>
Payload size is not checked before payload access. Check it
to avoid out-of-boundary memory access.
Change-Id: Iaa39ee4ea5489bb5579e7b7d5dfada12d88c5809
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
Payload length must exceed structure size. Otherwise, it may
lead to out-of-boundary memory access.
Change-Id: I090de5116ab04a4ca2b9c485e17617fe9e861ad5
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
Check buffer size in qdsp_cvs_callback before access in
ul_pkt.
Change-Id: Ic19994b46086709231656ec747d2df988b7a512f
Signed-off-by: Vatsal Bucha <vbucha@codeaurora.org>
Validate buffer index obtained from ADSP token before using it.
CRs-Fixed: 2372302
Change-Id: I5c3b1634bd08b516844638dd67f726a882edfc17
Signed-off-by: Vignesh Kulothungan <vigneshk@codeaurora.org>
Token from DSP might be invalid for array index. Validate the
token before being used as array index.
Change-Id: I9f47e1328d75d9f9acf7e85ddb452019b6eced0a
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
Channel_mapping array size varies for different commands.
Add check for num_channels before calling q6asm_map_channels.
Change-Id: Iccbcfe82f716fc0ffe0a26b1779dcaa1c3cb805b
Signed-off-by: Rohit kumar <rohitkr@codeaurora.org>
If session id is invalid then dtmf voice info will also
be invalid.
Add check to return error if session id is invalid.
CRs-Fixed: 2306771
Change-Id: I362340f9f666c95949eaa94d0ced4cb3a1b9abab
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
Add mutex lock in rtac_open and rtac_release
to avoid usage count discrepancies leading
to multiple calls to unmap memory resulting in
null pointer dereference.
CRs-Fixed: 2271712
Change-Id: Ie6da28837c352030b8d7e377d68a70cf04e7072a
Signed-off-by: Tanya Dixit <tdixit@codeaurora.org>
APPS crashes randomly due to invalid memory allocation
in q6asm_audio_client_buf_free_contiguous.
Added check to return error if memory allocation size is 0.
Change-Id: I40f49aa147d513b29b56224a5ee77ccbb2dcc110
CRs-Fixed: 2285272
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
The ADSP asm session ids are managed by the kernel driver. It's all right
for native use cases. But for virtualization use cases, there's no way to
synchronize the session ids' status among virtual machines. Playing back
in one virtual machine is probably failed, because the session id may had
been occupied by a use case in another virtual machine.
The patch allowed audio capture stream and loopback stream to try all
available session ids in case of session id conflict error, to support
concurrent playback from multiple virtual machines.
Change-Id: I01b4da65f3e5716dd14c20c614b53f3c45dd9ea3
Signed-off-by: Erin Yan <xinyey@codeaurora.org>
Correct the config control indices for TX DAIs of MI2S interface.
Change-Id: Ie8bf646a0c1fbd30abdb34703ae1f90ed9b484e8
Signed-off-by: Satish Babu Patakokila <sbpata@codeaurora.org>
q6lsm_pack_params requires param hdr size
to be filled and sent as argument.
Change is to update size with param_hdr_v3 struct size.
Change-Id: Id2380f3ceb887e1fc73b7f5f8e28ac93029082e4
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
Add mutex lock protection to synchronize rtac
calibration set and get api calls.
Change-Id: Ieb2d01642ecefff6405bb59554157c304b4b651d
Signed-off-by: Ramprasad Katkam <katkam@codeaurora.org>
Fix offset address to use set parameter structure while
copying data from user instead of get parameter structure
for AFE_PORT_CMD_SET_PARAM_V3 case.
CRs-Fixed: 2256728
Change-Id: I61e41f366f365734a47080b79179fbe3021ee8a7
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
During unmap of rtac block in ASM, mem_map_handle
address is set to zero instead of the value. Set the
map handle value to zero to avoid issue in freeing the
ion memory.
CRs-Fixed: 2254339
Change-Id: I6584be029d4c8dde235e722149c758df0db9916e
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
Return error only if apr_send_pkt() function
return code is less than 0.
CRs-Fixed: 2262017
Change-Id: I98903c6c275f360d32c3af523352071d92d1ef85
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
For multi COPP feature it could only allow POPPs with same app_type
to connect single COPP. But it's possible to connect different POPPs
with different app_type to single COPP, to achieve this, it should
skip the app_type check when create copp_idx.
Change-Id: Ic8d7c63d317baba09768d08bc723a6b097322f63
Signed-off-by: Cong Tang <congt@codeaurora.org>
Private data pointer may not be initialized before
access it in adsp_stream_cmd_put. NULL check for prtd
avoids the issue.
CRs-Fixed: 2252497
Change-Id: Ibd888be601d5b42ed4f4644ed22596a26b61f8fe
Signed-off-by: Vatsal Bucha <vbucha@codeaurora.org>
Allow msm-pcm-voice-v2 driver to enable Rx DTMF detection and
route the DTMF detection event from QDSP6 to a registered
mixer event callback.
Change-Id: I9ffb714d1ec5dd0f4e2c229830d7170324b295bb
Signed-off-by: Timothy Sham <tsham@codeaurora.org>
The ADSP asm session ids are managed by the kernel driver. It's all right
for native use cases. But for virtualization use cases, there's no way to
synchronize the session ids' status among virtual machines. Playing back
in one virtual machine is probably failed, because the session id may had
been occupied by a use case in another virtual machine.
The patch allowed audio playback stream to try all available session ids
in case of session id conflict error, to support concurrent playback from
multiple virtual machines.
Change-Id: If98d05898cec3f05d80c750ec8a014add3b1f34c
Signed-off-by: Han Lu <hanlu@codeaurora.org>
Add hostless front end DAI to trigger backend
configuration of BT backend dai required for
configuring BT ABR statistics. Add mixer ctrls
to independently configure TX and RX sample
rates to allow BT RX and TX backends.
Change-Id: Iac3cd5317db2653a87f106d43cfc7fe90e4f4875
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
Buffer from mixer ctl or ADSP is composed of payload size and
actual payload. On a 32 bit platform, we could have an overflow
if payload size is below UINT_MAX while payload size + sizeof(struct)
is over UINT_MAX. Allocated memory size would be less than expected.
Check payload size against limit before memory allocation.
Change-Id: I0bf19ca7b8c93083177a21ad726122dc20f45551
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
