Re: [PATCH] ASoC: qcom: q6apm-dai: Allocate an extra page for PCM buffers

From: Srinivas Kandagatla

Date: Thu May 14 2026 - 06:57:25 EST

On 5/14/26 9:22 AM, Dmitry Baryshkov wrote:
> On Thu, May 14, 2026 at 09:06:07AM +0000, Srinivas Kandagatla wrote:
>> Some Old DSP firmware versions use 32-bit address arithmetic and size for
>> validating the PCM buffer address range. If a buffer is allocated near
>> the top of the 32-bit address space, arithmetic calculations involving
>> the end address can overflow and fail checks.
>
> Should we limit the workaround to those platforms only?
I would love to do that, but I have no idea which platforms or firmware
versions have this bug.


--srini
>
>>
>> Work around this by increasing the preallocated PCM buffer size by one
>> page. The DSP is still passed the usable buffer size, excluding the extra
>> page, which prevents the firmware from seeing an end address that crosses
>> the 32-bit boundary.
>>
>> This was not hit before because PCM buffer allocation and DSP-side
>> mapping happened at different points, and the size mapped on the DSP was
>> usually nperiods * period_size. Therefore the mapped size was unlikely to
>> match the full preallocated buffer size exactly, although the issue was
>> still possible. With early buffer mapping on the DSP, the full
>> preallocated buffer is mapped during PCM creation, making the failure
>> reproducible at boot.
>>
>> Fixes: 8ea6e25c8536 ("ASoC: qcom: q6apm: Add support for early buffer mapping on DSP")
>> Cc: Stable@xxxxxxxxxxxxxxx
>> Reported-by: Jens Glathe <jens.glathe@xxxxxxxxxxxxxxxxxxxxxx>
>> Closes: https://lore.kernel.org/all/7f10abbd-fb78-4c3a-ab90-7ca78239891a@xxxxxxxxxxxxxxxxxxxxxx/
>> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@xxxxxxxxxxxxxxxx>
>> ---
>> sound/soc/qcom/qdsp6/q6apm-dai.c | 7 ++++++-
>> 1 file changed, 6 insertions(+), 1 deletion(-)
>>
>> diff --git a/sound/soc/qcom/qdsp6/q6apm-dai.c b/sound/soc/qcom/qdsp6/q6apm-dai.c
>> index ede19fdea6e9..3a1be41df096 100644
>> --- a/sound/soc/qcom/qdsp6/q6apm-dai.c
>> +++ b/sound/soc/qcom/qdsp6/q6apm-dai.c
>> @@ -497,7 +497,12 @@ static int q6apm_dai_pcm_new(struct snd_soc_component *component, struct snd_soc
>> {
>> struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0);
>> struct snd_pcm *pcm = rtd->pcm;
>> - int size = BUFFER_BYTES_MAX;
>> + /*
>> + * Allocate one extra page as a workaround for a DSP bug where 32-bit
>> + * address arithmetic can overflow when the buffer is placed near the
>> + * end of the addressable range.
>> + */
>> + int size = BUFFER_BYTES_MAX + PAGE_SIZE;
>> int graph_id, ret;
>> struct snd_pcm_substream *substream;
>>
>> --
>> 2.47.3
>>
>