From mboxrd@z Thu Jan  1 00:00:00 1970
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Subject: Re: [Sound-open-firmware] [PATCH v4 04/14] ASoC: SOF:
 Add support for IPC IO between DSP and Host
Date: Thu, 14 Feb 2019 08:56:42 -0600
Message-ID: <f44964a2-9339-6cd8-c30e-c139316dc7ad@linux.intel.com>
References: <20190213220734.10471-1-pierre-louis.bossart@linux.intel.com>
 <20190213220734.10471-5-pierre-louis.bossart@linux.intel.com>
 <s5hef8aziwh.wl-tiwai@suse.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <alsa-devel-bounces@alsa-project.org>
In-Reply-To: <s5hef8aziwh.wl-tiwai@suse.de>
Content-Language: en-US
List-Unsubscribe: <http://mailman.alsa-project.org/mailman/options/alsa-devel>,
 <mailto:alsa-devel-request@alsa-project.org?subject=unsubscribe>
List-Archive: <http://mailman.alsa-project.org/pipermail/alsa-devel/>
List-Post: <mailto:alsa-devel@alsa-project.org>
List-Help: <mailto:alsa-devel-request@alsa-project.org?subject=help>
List-Subscribe: <http://mailman.alsa-project.org/mailman/listinfo/alsa-devel>,
 <mailto:alsa-devel-request@alsa-project.org?subject=subscribe>
Errors-To: alsa-devel-bounces@alsa-project.org
Sender: alsa-devel-bounces@alsa-project.org
To: Takashi Iwai <tiwai@suse.de>
Cc: Daniel Baluta <daniel.baluta@gmail.com>, andriy.shevchenko@intel.com, alsa-devel@alsa-project.org, liam.r.girdwood@linux.intel.com, vkoul@kernel.org, broonie@kernel.org, sound-open-firmware@alsa-project.org, Alan Cox <alan@linux.intel.com>
List-Id: alsa-devel@alsa-project.org

On 2/14/19 5:52 AM, Takashi Iwai wrote:
> On Wed, 13 Feb 2019 23:07:24 +0100,
> Pierre-Louis Bossart wrote:
>> +/* wait for IPC message reply */
>> +static int tx_wait_done(struct snd_sof_ipc *ipc, struct snd_sof_ipc_msg *msg,
>> +			void *reply_data)
>> +{
>> +	struct snd_sof_dev *sdev = ipc->sdev;
>> +	struct sof_ipc_cmd_hdr *hdr = (struct sof_ipc_cmd_hdr *)msg->msg_data;
>> +	int ret;
>> +
>> +	/* wait for DSP IPC completion */
>> +	ret = wait_event_timeout(msg->waitq, msg->ipc_complete,
>> +				 msecs_to_jiffies(IPC_TIMEOUT_MS));
>> +
>> +	/*
>> +	 * ipc_lock is used to protect ipc message list shared by user
>> +	 * contexts and a workqueue. There is no need to save interrupt
>> +	 * status with spin_lock_irqsave.
>> +	 */
>> +	spin_lock_irq(&sdev->ipc_lock);
>> +
>> +	if (ret == 0) {
>> +		dev_err(sdev->dev, "error: ipc timed out for 0x%x size 0x%x\n",
>> +			hdr->cmd, hdr->size);
>> +		snd_sof_dsp_dbg_dump(ipc->sdev, SOF_DBG_REGS | SOF_DBG_MBOX);
>> +		snd_sof_trace_notify_for_error(ipc->sdev);
>> +		ret = -ETIMEDOUT;
>> +	} else {
>> +		/* copy the data returned from DSP */
>> +		ret = snd_sof_dsp_get_reply(sdev, msg);
>> +		if (msg->reply_size)
>> +			memcpy(reply_data, msg->reply_data, msg->reply_size);
> 
> I'd add a sanity check here for avoiding a buffer overflow.
> The reply buffer seems to be allocated in PAGE_SIZE.  Will it be more
> than that?

Good point, we'll check all the info returned by the DSP and see if they 
need to be range-checked or size-checked.

> 
> 
>> +/* find original TX message from DSP reply */
>> +static struct snd_sof_ipc_msg *sof_ipc_reply_find_msg(struct snd_sof_ipc *ipc,
>> +						      u32 header)
>> +{
>> +	struct snd_sof_dev *sdev = ipc->sdev;
>> +	struct snd_sof_ipc_msg *msg;
>> +
>> +	header = SOF_IPC_MESSAGE_ID(header);
>> +
>> +	list_for_each_entry(msg, &ipc->reply_list, list) {
>> +		if (SOF_IPC_MESSAGE_ID(msg->header) == header)
>> +			return msg;
>> +	}
> 
> Is it safe to traverse the list without lock here?
> There seems no lock in this and relevant code.

will double-check and add a note. We tried to state when a lock is 
needed and when it's not but this one was missed.