From c1c890fc91dc3c7ce694746456696fbb82184bf6 Mon Sep 17 00:00:00 2001 From: Tomasz Leman Date: Tue, 10 Jun 2025 17:00:29 +0200 Subject: [PATCH 1/5] audio: copier: fix memory leak in copier_dai_free This patch addresses a memory leak issue in the `copier_dai_free` function within the `copier_dai.c` file. The leak occurred because the `multi_endpoint_buffer` was freed using `buffer_free`, which only releases the memory allocated for its members and not the `comp_buffer` structure itself. This patch adds a call to `rfree` for `multi_endpoint_buffer` and sets it to NULL after freeing, ensuring that the entire buffer structure is properly released. Signed-off-by: Tomasz Leman --- src/audio/copier/copier_dai.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/audio/copier/copier_dai.c b/src/audio/copier/copier_dai.c index c9740b8f9f4f..4d15c455ec41 100644 --- a/src/audio/copier/copier_dai.c +++ b/src/audio/copier/copier_dai.c @@ -385,8 +385,11 @@ __cold void copier_dai_free(struct copier_data *cd) rfree(cd->dd[i]); } /* only dai have multi endpoint case */ - if (cd->multi_endpoint_buffer) + if (cd->multi_endpoint_buffer) { buffer_free(cd->multi_endpoint_buffer); + rfree(cd->multi_endpoint_buffer); + cd->multi_endpoint_buffer = NULL; + } } int copier_dai_prepare(struct comp_dev *dev, struct copier_data *cd) From 7e70394cf14d12e03ab1630537f234bd2d963442 Mon Sep 17 00:00:00 2001 From: Tomasz Leman Date: Tue, 10 Jun 2025 17:17:27 +0200 Subject: [PATCH 2/5] ipc3: fix memory leak in ipc_buffer_new This patch resolves a memory leak issue in the `ipc_buffer_new` function within the `helper.c` file of the IPC3. When memory allocation for `ipc_comp_dev` fails, the `buffer` object is freed using `buffer_free`, which releases only the memory allocated for its members and not the `comp_buffer` structure itself. This patch adds an `rfree` call to ensure the complete release of the `buffer` structure, preventing potential memory leaks. Signed-off-by: Tomasz Leman --- src/ipc/ipc3/helper.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ipc/ipc3/helper.c b/src/ipc/ipc3/helper.c index 6eb708a55b91..219c267113dc 100644 --- a/src/ipc/ipc3/helper.c +++ b/src/ipc/ipc3/helper.c @@ -495,6 +495,7 @@ int ipc_buffer_new(struct ipc *ipc, const struct sof_ipc_buffer *desc) sizeof(struct ipc_comp_dev)); if (!ibd) { buffer_free(buffer); + rfree(buffer); return -ENOMEM; } ibd->cb = buffer; From 98a1151cbff0a19ef6c0ab5b59ae86fba5de3ab2 Mon Sep 17 00:00:00 2001 From: Tomasz Leman Date: Tue, 10 Jun 2025 17:23:07 +0200 Subject: [PATCH 3/5] audio: fix memory leak in chain_dma buffer handling This patch addresses memory leak issues in the `chain_dma.c` file, specifically in the `chain_release` and `chain_task_init` functions. The leak occurs due to incomplete freeing of the `dma_buffer` using `buffer_free`, which only releases memory allocated for its members and not the `comp_buffer` structure itself. This patch adds calls to `rfree` after `buffer_free` to ensure the complete release of the `dma_buffer` structure and sets the pointer to NULL post-freeing to prevent dangling references. Signed-off-by: Tomasz Leman --- src/audio/chain_dma.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/audio/chain_dma.c b/src/audio/chain_dma.c index 3f865752c30c..6cc020e93846 100644 --- a/src/audio/chain_dma.c +++ b/src/audio/chain_dma.c @@ -398,6 +398,7 @@ __cold static void chain_release(struct comp_dev *dev) if (cd->dma_buffer) { buffer_free(cd->dma_buffer); + rfree(cd->dma_buffer); cd->dma_buffer = NULL; } } @@ -621,6 +622,7 @@ __cold static int chain_task_init(struct comp_dev *dev, uint8_t host_dma_id, uin ret = chain_init(dev, buff_addr, buff_size); if (ret < 0) { buffer_free(cd->dma_buffer); + rfree(cd->dma_buffer); cd->dma_buffer = NULL; goto error; } From d6d8e98c348938446279aeceafddb6187ea54a54 Mon Sep 17 00:00:00 2001 From: Tomasz Leman Date: Tue, 10 Jun 2025 17:33:21 +0200 Subject: [PATCH 4/5] audio: resolve buffer memory leaks in legacy reset functions This patch fixes memory leak issues in the `dai_common_reset` and `host_common_reset` functions within the legacy audio components (`dai-legacy.c` and `host-legacy.c`). The leak was caused by using `buffer_free` to release the `dma_buffer`, which only frees the memory allocated for its members but does not release the `comp_buffer` structure itself. This patch adds `rfree` calls after `buffer_free` to ensure complete deallocation of the `dma_buffer` structure, before setting the pointer to NULL. Signed-off-by: Tomasz Leman --- src/audio/dai-legacy.c | 1 + src/audio/host-legacy.c | 1 + 2 files changed, 2 insertions(+) diff --git a/src/audio/dai-legacy.c b/src/audio/dai-legacy.c index b212bb9ebdac..b148792bb942 100644 --- a/src/audio/dai-legacy.c +++ b/src/audio/dai-legacy.c @@ -714,6 +714,7 @@ void dai_common_reset(struct dai_data *dd, struct comp_dev *dev) if (dd->dma_buffer) { buffer_free(dd->dma_buffer); + rfree(dd->dma_buffer); dd->dma_buffer = NULL; } diff --git a/src/audio/host-legacy.c b/src/audio/host-legacy.c index e8d62e17301d..9713d5702fc3 100644 --- a/src/audio/host-legacy.c +++ b/src/audio/host-legacy.c @@ -911,6 +911,7 @@ void host_common_reset(struct host_data *hd, uint16_t state) /* free DMA buffer */ if (hd->dma_buffer) { buffer_free(hd->dma_buffer); + rfree(hd->dma_buffer); hd->dma_buffer = NULL; } From bfcaba58c04bcafce6e0cc9c9b7d7abff7102376 Mon Sep 17 00:00:00 2001 From: Tomasz Leman Date: Tue, 10 Jun 2025 17:41:10 +0200 Subject: [PATCH 5/5] audio: complete dma_buffer deallocation in Zephyr components This patch enhances the memory management in the `dai-zephyr.c` and `host-zephyr.c` files by ensuring full deallocation of the `dma_buffer` in error handling and reset functions. It adds `rfree` calls following `buffer_free` to completely release the `dma_buffer` structure before setting the pointer to NULL. This modification prevents memory leaks by guaranteeing that both the internal buffer memory and the `comp_buffer` structure are freed. Signed-off-by: Tomasz Leman --- src/audio/dai-zephyr.c | 2 ++ src/audio/host-zephyr.c | 1 + 2 files changed, 3 insertions(+) diff --git a/src/audio/dai-zephyr.c b/src/audio/dai-zephyr.c index c36a89a9c57b..58423db3a6d1 100644 --- a/src/audio/dai-zephyr.c +++ b/src/audio/dai-zephyr.c @@ -1105,6 +1105,7 @@ int dai_common_params(struct dai_data *dd, struct comp_dev *dev, */ if (err < 0) { buffer_free(dd->dma_buffer); + rfree(dd->dma_buffer); dd->dma_buffer = NULL; dma_sg_free(&config->elem_array); rfree(dd->z_config); @@ -1246,6 +1247,7 @@ void dai_common_reset(struct dai_data *dd, struct comp_dev *dev) if (dd->dma_buffer) { buffer_free(dd->dma_buffer); + rfree(dd->dma_buffer); dd->dma_buffer = NULL; } diff --git a/src/audio/host-zephyr.c b/src/audio/host-zephyr.c index c9ada6b62165..755cd1b5422c 100644 --- a/src/audio/host-zephyr.c +++ b/src/audio/host-zephyr.c @@ -1131,6 +1131,7 @@ void host_common_reset(struct host_data *hd, uint16_t state) /* free DMA buffer */ if (hd->dma_buffer) { buffer_free(hd->dma_buffer); + rfree(hd->dma_buffer); hd->dma_buffer = NULL; }