audio: tdfb: register IPC-time blob validator#10944
Conversation
746ca74 to
62ae3c2
Compare
There was a problem hiding this comment.
Pull request overview
This PR adds an IPC-time configuration blob validator to the TDFB (time-domain fixed beamformer) component so malformed or stream-mismatching runtime updates are rejected before they can replace the currently working configuration, preventing out-of-bounds walks during coefficient setup.
Changes:
- Added
tdfb_validator()/tdfb_validate_config()to byte-bound walk the FIR sections and validate trailer layout againstconfig->size. - Enforced stream/channel compatibility checks during validation using cached source/sink channel counts.
- Removed now-redundant structural/sanity checks from
tdfb_init_coef()and installed/uninstalled the validator inprepare()/reset().
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| src/audio/tdfb/tdfb.c | Adds a new blob validator, integrates it into prepare/reset and runtime update handling, and removes redundant in-setup validation. |
| src/audio/tdfb/tdfb_comp.h | Caches source/sink channel counts in component state for use by the validator. |
62ae3c2 to
a224f33
Compare
| * microphone entries. | ||
| */ | ||
| input_channel_select = (int16_t *)p; | ||
| expected = ((size_t)config->num_filters * 3 + |
There was a problem hiding this comment.
low priority and can be a follow up - maybe #define N_ARRAYS_PER_FILTER 3 - you have one more * 3 below, and there's no comment explaining it there
There was a problem hiding this comment.
I added the define for it, it's a good add. The magical value of 3 isn't very clear from the code.
Hook a tdfb blob validator into the model handler so a corrupted or mismatching run-time configuration update is rejected before it can replace the working blob. Capture then continues with the previously set filters instead of being interrupted by bad re-configuration. The TDFB blob is variable size and the per-filter walk in tdfb_init_coef() was not bounded against the IPC payload, so a bad length field could push tdfb_filter_seek() past the buffer. The new validator walks every FIR section and the trailing arrays with byte-bounded steps, requires the layout to exactly match config->size, and rejects blobs whose channels or filter_index values do not fit the running stream. The stream channel counts are cached in tdfb_comp_data so the validator can consult them, and the validator is re-run at prepare time once those counts are known. A malformed initial blob is discarded so the runtime path cannot dereference it. With ingress fully validated, the redundant sanity checks inside tdfb_init_coef() are dropped. Signed-off-by: Seppo Ingalsuo <seppo.ingalsuo@linux.intel.com>
a224f33 to
057fb9a
Compare
|
The latest push addressed the review comments. I also moved the blob validator register to init() due to feedback for other similar PRs. |
| filter_angles = (struct sof_tdfb_angle *)(p + ((size_t)config->num_filters * 3 + | ||
| (size_t)config->beam_off_defined * config->num_filters) * sizeof(int16_t)); |
Hook a tdfb blob validator into the model handler so a corrupted or mismatching run-time configuration update is rejected before it can replace the working blob. Capture then continues with the previously set filters instead of being interrupted by bad re-configuration.
The TDFB blob is variable size and the per-filter walk in tdfb_init_coef() was not bounded against the IPC payload, so a bad length field could push tdfb_filter_seek() past the buffer. The validator now walks every FIR section and the trailing arrays with byte-bounded steps, requires the total layout to exactly match config->size, and rejects blobs whose num_output_channels or input_channel_select[] entries do not fit the channel counts of the running stream. The same walk is reused at prepare time on the initial topology blob. With ingress fully validated, the redundant sanity checks inside tdfb_init_coef() are dropped.