Skip to content

ipc: Fix ipc_msg_send() with payload already prepared#10717

Open
ujfalusi wants to merge 1 commit intothesofproject:mainfrom
ujfalusi:peter/pr/fix_msg_send_with_payload
Open

ipc: Fix ipc_msg_send() with payload already prepared#10717
ujfalusi wants to merge 1 commit intothesofproject:mainfrom
ujfalusi:peter/pr/fix_msg_send_with_payload

Conversation

@ujfalusi
Copy link
Copy Markdown
Contributor

@ujfalusi ujfalusi commented Apr 23, 2026

If the msg->tx_size/data have been prepared by caller and it calls the function with NULL as data: ipc_msg_send(msg, NULL, false);

then we try to copy from NULL to the msg->tx_data because msg->tx_data != data is true.

The callers could be fixed as well, but the ipc_msg_send() should handle this.

Copilot AI review requested due to automatic review settings April 23, 2026 08:09
Copilot AI reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes ipc_msg_send() so callers can pre-populate msg->tx_data/tx_size and safely call ipc_msg_send(msg, NULL, ...) without triggering a copy attempt from a NULL pointer.

Changes:

  • Guard the payload copy in ipc_msg_send() with data != NULL to avoid memcpy_s() from NULL.
  • Preserve the “no-copy” path for cases where the payload is already prepared in msg->tx_data.

@ujfalusi
ipc: Fix IPC messagte sending with payload already prepared
b057205 
If the msg->tx_size/data have been prepared by caller and it calls the
function with NULL as data: ipc_msg_send(msg, NULL, false);

then we try to copy from NULL to the msg->tx_data because
msg->tx_data != data is true.

The callers could be fixed as well, but the ipc_msg_send() and
ipc_msg_send_direct() should handle this.

Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
@ujfalusi ujfalusi force-pushed the peter/pr/fix_msg_send_with_payload branch from 69a7486 to b057205 Compare April 23, 2026 11:58
@ujfalusi
Copy link
Copy Markdown
Contributor Author

ujfalusi commented Apr 23, 2026

Changes since v1:

  • update ipc_msg_send_direct() as well

Note: this causes only firmware crash in debug build as assert() is NOP otherwise.

kv2019i
kv2019i reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@kv2019i kv2019i left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo on commit, good otherwise.

Comment thread src/ipc/ipc-common.c
@@ -205,7 +205,7 @@ __cold void ipc_msg_send_direct(struct ipc_msg *msg, void *data)
key = k_spin_lock(&ipc->lock);
Copy link
Copy Markdown
Collaborator

@kv2019i kv2019i Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

messagegate sending or message sending?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kv2019i kv2019i kv2019i left review comments

Copilot code review Copilot Copilot left review comments

@singalsu singalsu singalsu approved these changes

@tmleman tmleman tmleman approved these changes

@bardliao bardliao Awaiting requested review from bardliao bardliao is a code owner

@pblaszko pblaszko Awaiting requested review from pblaszko pblaszko is a code owner

@lgirdwood lgirdwood Awaiting requested review from lgirdwood

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ujfalusi @singalsu @kv2019i @tmleman