From 8d8173b38bff5a0c7075632a66d8fd4859f5ee0c Mon Sep 17 00:00:00 2001 From: Daniel Baluta Date: Thu, 16 Oct 2025 17:09:49 +0300 Subject: [PATCH 1/2] module_adapter: generic: Introduce mod_generic_init Factor out resource initialization so that it can be reused. While at it get rid of md variable. Signed-off-by: Daniel Baluta (cherry picked from commit 548f0e69695a80aa84a4081d573f61e5d998dfbd) --- src/audio/module_adapter/module/generic.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/src/audio/module_adapter/module/generic.c b/src/audio/module_adapter/module/generic.c index f95299f952d8..b79bfcc280e7 100644 --- a/src/audio/module_adapter/module/generic.c +++ b/src/audio/module_adapter/module/generic.c @@ -71,10 +71,20 @@ int module_load_config(struct comp_dev *dev, const void *cfg, size_t size) return ret; } +static void mod_resource_init(struct processing_module *mod) +{ + struct module_data *md = &mod->priv; + /* Init memory list */ + list_init(&md->resources.res_list); + list_init(&md->resources.free_cont_list); + list_init(&md->resources.cont_chunk_list); + md->resources.heap_usage = 0; + md->resources.heap_high_water_mark = 0; +} + int module_init(struct processing_module *mod) { int ret; - struct module_data *md = &mod->priv; struct comp_dev *dev = mod->dev; const struct module_interface *const interface = dev->drv->adapter_ops; @@ -99,14 +109,9 @@ int module_init(struct processing_module *mod) return -EIO; } - /* Init memory list */ - list_init(&md->resources.res_list); - list_init(&md->resources.free_cont_list); - list_init(&md->resources.cont_chunk_list); - md->resources.heap_usage = 0; - md->resources.heap_high_water_mark = 0; + mod_resource_init(mod); #if CONFIG_MODULE_MEMORY_API_DEBUG && defined(__ZEPHYR__) - md->resources.rsrc_mngr = k_current_get(); + mod->priv.resources.rsrc_mngr = k_current_get(); #endif /* Now we can proceed with module specific initialization */ ret = interface->init(mod); @@ -117,7 +122,7 @@ int module_init(struct processing_module *mod) comp_dbg(dev, "done"); #if CONFIG_IPC_MAJOR_3 - md->state = MODULE_INITIALIZED; + mod->priv.state = MODULE_INITIALIZED; #endif return 0; From 7f093fb63e59e7cbd2127d5628c42612d80975eb Mon Sep 17 00:00:00 2001 From: Daniel Baluta Date: Sun, 12 Oct 2025 20:56:16 +0300 Subject: [PATCH 2/2] module_adapter: generic: Fix use after free Remove any containers from the free container list so that we don't keep pointers to containers that are no longer used and will be freed when container chunks are released below. Leaving those nodes in the free container list would cause use-after-free on subsequent allocations. While at it, make sure all resource lists are reset. Signed-off-by: Daniel Baluta (cherry picked from commit 259c32ba66f1389b6ec4e53fbefa4e565024c4bb) --- src/audio/module_adapter/module/generic.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/audio/module_adapter/module/generic.c b/src/audio/module_adapter/module/generic.c index b79bfcc280e7..8d75fe62e2bc 100644 --- a/src/audio/module_adapter/module/generic.c +++ b/src/audio/module_adapter/module/generic.c @@ -577,6 +577,13 @@ void mod_free_all(struct processing_module *mod) list_item_del(&container->list); } + list_for_item_safe(list, _list, &res->free_cont_list) { + struct module_resource *container = + container_of(list, struct module_resource, list); + + list_item_del(&container->list); + } + list_for_item_safe(list, _list, &res->cont_chunk_list) { struct container_chunk *chunk = container_of(list, struct container_chunk, chunk_list); @@ -584,6 +591,9 @@ void mod_free_all(struct processing_module *mod) list_item_del(&chunk->chunk_list); rfree(chunk); } + + /* Make sure resource lists and accounting are reset */ + mod_resource_init(mod); } EXPORT_SYMBOL(mod_free_all);