Skip to content

audio: drc: register IPC-time blob validator#10943

Open
singalsu wants to merge 1 commit into
thesofproject:mainfrom
singalsu:model_handler_validator_drc
Open

audio: drc: register IPC-time blob validator#10943
singalsu wants to merge 1 commit into
thesofproject:mainfrom
singalsu:model_handler_validator_drc

Conversation

@singalsu

Copy link
Copy Markdown
Collaborator

Hook a drc blob validator into the model handler so a corrupted run-time configuration update is rejected before it can replace the working blob. Playback or capture then continues with the previously set parameters instead of being interrupted by a bad IPC.

The DRC configuration is a fixed-size struct sof_drc_config, so the validator requires the IPC payload size to match exactly and the self-declared config->size to agree with it. The same size check is also reused at prepare time when the initial blob is fetched.

Comment thread src/audio/drc/drc.c Outdated
@singalsu singalsu force-pushed the model_handler_validator_drc branch from 20c85b6 to e0ff5f6 Compare June 29, 2026 16:16
@singalsu singalsu marked this pull request as ready for review June 29, 2026 16:21
@singalsu singalsu requested a review from a team as a code owner June 29, 2026 16:21
Copilot AI review requested due to automatic review settings June 29, 2026 16:21

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds an IPC-time validator for the DRC configuration blob so malformed run-time updates are rejected before they can replace the currently active configuration, and reuses the same validation at prepare() time when initially loading the blob.

Changes:

  • Introduce a drc_validator() that enforces exact payload size matching struct sof_drc_config and verifies config->size consistency.
  • Apply the validator to the initial configuration fetch in drc_prepare().
  • Register/unregister the validator on the data-blob handler in drc_prepare()/drc_reset() to prevent corrupted IPC updates from being accepted during streaming.

Comment thread src/audio/drc/drc.c
Comment thread src/audio/drc/drc.c

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

Comment thread src/audio/drc/drc.c Outdated
Comment thread src/audio/drc/drc.c Outdated
Hook a drc blob validator into the model handler so a corrupted
run-time configuration update is rejected before it can replace the
working blob. Playback or capture then continues with the previously
set parameters instead of being interrupted by a bad IPC.

The DRC configuration is a fixed-size struct sof_drc_config, so the
validator requires the IPC payload size to match exactly and the
self-declared config->size to agree with it. It is installed in
drc_init() when the model handler is created, so every blob swap is
covered - including any received while the component is in READY - and
the redundant size check that drc_prepare() used to run on the initial
blob is dropped.

Signed-off-by: Seppo Ingalsuo <seppo.ingalsuo@linux.intel.com>
@singalsu singalsu force-pushed the model_handler_validator_drc branch from d282b64 to 3f08b13 Compare July 1, 2026 13:10
@singalsu singalsu requested a review from Copilot July 1, 2026 13:15

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

Comment thread src/audio/drc/drc.c
Comment on lines +142 to +154
static int drc_validator(struct comp_dev *dev, void *new_data, uint32_t new_data_size)
{
struct sof_drc_config *config = new_data;

if (new_data_size != sizeof(struct sof_drc_config) ||
new_data_size != config->size) {
comp_err(dev, "invalid configuration blob, size %u, expected %zu",
new_data_size, sizeof(struct sof_drc_config));
return -EINVAL;
}

return 0;
}

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I asked an expert: "Not valid as stated — the code is already safe thanks to C's || short-circuit. If new_data_size < sizeof(struct sof_drc_config) (the reviewer's "size < 4" case), the first sub-expression is true and evaluation stops right there — config->size is never dereferenced. config->size is only read when new_data_size == sizeof(struct sof_drc_config), i.e. when the payload is guaranteed to hold a full sof_drc_config. So there is no out-of-bounds read."

So, I'll keep this as-is.

Comment thread src/audio/drc/drc.c
Comment on lines 374 to +376
cd->config = comp_get_data_blob(cd->model_handler, &data_size, NULL);
/* the blob is dereferenced as a struct sof_drc_config below and in
* drc_setup(), so require it to be at least that large
*/
if (cd->config && data_size >= sizeof(struct sof_drc_config)) {

if (cd->config) {

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My expert buddy's response: "The commit body was updated in the last push and no longer says "reused at prepare time" — that sentence was removed together with the explicit validator call. An extra validator call in drc_prepare() would be dead code because the handler is created empty in drc_init() and the validator is installed on the very next line, before any comp_data_blob_set() can run. There is no path through which an unvalidated blob can reach cd->model_handler, so comp_get_data_blob() in prepare can only return NULL or a previously validated pointer."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants