[BUG] Firmware panic in FIR EQ fir_cmd_set_data() assert

[singalsu]

Describe the bug The memcpy_s() in the function has incorrect destination size and halts the firmware when a suitable size blob (series of multiple) is received. I found this bug with beamformer FIR and fixed it already there. I'll make a PR shortly for EQ.

[   92.638131] sof-audio-pci 0000:00:0e.0: large ipc size 744, control size 180
[   92.638150] sof-audio-pci 0000:00:0e.0: ipc tx: 0x50030000: GLB_COMP_MSG: SET_DATA
[   92.638265] sof-audio-pci 0000:00:0e.0: ipc tx succeeded: 0x50030000: GLB_COMP_MSG: SET_DATA
[   92.638284] sof-audio-pci 0000:00:0e.0: ipc tx: 0x50030000: GLB_COMP_MSG: SET_DATA
[   92.638337] sof-audio-pci 0000:00:0e.0: error : DSP panic!
[   92.638346] sof-audio-pci 0000:00:0e.0: panic: dsp_oops_offset 788480 offset 788480
[   92.638352] sof-audio-pci 0000:00:0e.0: status: fw entered - code 00000005
[   92.638398] sof-audio-pci 0000:00:0e.0: error: assertion failed
[   92.638403] sof-audio-pci 0000:00:0e.0: error: trace point 00004000
[   92.638407] sof-audio-pci 0000:00:0e.0: error: panic at src/audio/eq_fir/eq_fir.c:590
[   92.638412] sof-audio-pci 0000:00:0e.0: error: DSP Firmware Oops
[   92.638418] sof-audio-pci 0000:00:0e.0: EXCCAUSE 0x0000003f EXCVADDR 0x00000000 PS       0x00060d25 SAR     0x00000000
[   92.638422] sof-audio-pci 0000:00:0e.0: EPC1     0x00000000 EPC2     0xbe023e2d EPC3     0x00000000 EPC4    0x00000000
[   92.638427] sof-audio-pci 0000:00:0e.0: EPC5     0x00000000 EPC6     0x00000000 EPC7     0x00000000 DEPC    0x00000000
[   92.638432] sof-audio-pci 0000:00:0e.0: EPS2     0x00060b20 EPS3     0x00000000 EPS4     0x00000000 EPS5    0x00000000
[   92.638437] sof-audio-pci 0000:00:0e.0: EPS6     0x00000000 EPS7     0x00000000 INTENABL 0x00000000 INTERRU 0x00000222
[   92.638441] sof-audio-pci 0000:00:0e.0: stack dump from 0xbe04f730
[   92.638449] sof-audio-pci 0000:00:0e.0: 0xbe04f730: 000b8819 00000000 00000000 00000000
[   92.638455] sof-audio-pci 0000:00:0e.0: 0xbe04f734: 00000063 00000000 0000024e 00000000
[   92.638460] sof-audio-pci 0000:00:0e.0: 0xbe04f738: 23d21f00 300f76b7 78a95828 ffff9017
[   92.638466] sof-audio-pci 0000:00:0e.0: 0xbe04f73c: 78a96028 ffff9017 78a95828 ffff9017
[   92.638471] sof-audio-pci 0000:00:0e.0: 0xbe04f740: 799b6000 ffff9017 b7abf74b ffffffff
[   92.638477] sof-audio-pci 0000:00:0e.0: 0xbe04f744: b7abf830 ffffffff 23d21f00 300f76b7
[   92.638483] sof-audio-pci 0000:00:0e.0: 0xbe04f748: b7a8a406 ffffffff b7abf8b0 ffffffff
[   92.638488] sof-audio-pci 0000:00:0e.0: 0xbe04f74c: b8400205 ffffffff 00000000 00000000
[   92.638493] sof-audio-pci 0000:00:0e.0: error: waking up any trace sleepers
[   92.638541] sof-audio-pci 0000:00:0e.0: error: trace IO error
[   93.140948] sof-audio-pci 0000:00:0e.0: error: ipc timed out for 0x50030000 size 384

To Reproduce Send a blob with 4x filters of length 64 (attached - I modified the mid boost FIR example this way) with sof-ctl to FIR EQ and then start playback.

Reproduction Rate 100%

Expected behavior Start playback with EQ blob applied.

Impact Showstopper, though FIR does not currently have critical usage. This also only can happen with long enough blobs to be split into parts.

Environment 1) Branch name and commit hash of the 2 repositories: sof (firmware/topology) and linux (kernel driver).

• Kernel: {SHA}
• SOF: {SHA} 2) Name of the topology file
• Topology: {FILE} 3) Name of the platform(s) on which the bug is observed.
• Platform: {PLATFORM}

Screenshots or console output If applicable, add a screenshot (drag-and-drop an image), or console logs (cut-and-paste text and put a code fence (```) before and after, to help explain the issue.

Please also include the relevant sections from the firmware log and kernel log in the report (and attach the full logs for complete reference). Kernel log is taken from dmesg and firmware log from sof-logger. See https://thesofproject.github.io/latest/developer_guides/debugability/logger/index.html

eq_fir_mid_long.txt

[singalsu]

I just created PR #2930.

[slawblauciak]

PR merged. Closing.