Hi,
By mistake a developer managed to create a 'corrupted' IPC4 firmware image which loaded fine to the DSP and after boot it sent an IPC reply before we would have received the FW_READY message. It turned out that the image was an IPC3 firmware and the IPC reply was the IPC3 FW_READY notification message which got understood as an IPC4 reply message due to the difference between the two IPC mechanism.
This caused a NULL pointer dereference since the reply memory will be allocated after the FW_READY message.
To make sure this will not bite again, skip any spurious reply messages before the FW_READY.
Regards, Peter --- Peter Ujfalusi (3): ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot ASoC: SOF: Intel: mtl: Do not process IPC reply before firmware boot
sound/soc/sof/intel/cnl.c | 37 +++++++++++++++++++++------------ sound/soc/sof/intel/hda-ipc.c | 39 ++++++++++++++++++++++------------- sound/soc/sof/intel/mtl.c | 20 +++++++++++------- 3 files changed, 62 insertions(+), 34 deletions(-)