From: Anand Moon <linux.amoon@gmail.com>
To: Neil Armstrong <neil.armstrong@linaro.org>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Kevin Hilman <khilman@baylibre.com>,
Jerome Brunet <jbrunet@baylibre.com>,
Martin Blumenstingl <martin.blumenstingl@googlemail.com>,
Hans Verkuil <hverkuil@kernel.org>,
Maxime Jourdan <mjourdan@baylibre.com>,
linux-media@vger.kernel.org (open list:MESON VIDEO DECODER
DRIVER FOR AMLOGIC SOCS),
linux-amlogic@lists.infradead.org (open list:MESON VIDEO DECODER
DRIVER FOR AMLOGIC SOCS),
linux-staging@lists.linux.dev (open list:STAGING SUBSYSTEM),
linux-arm-kernel@lists.infradead.org (moderated list:ARM/Amlogic
Meson SoC support), linux-kernel@vger.kernel.org (open list)
Cc: Sashiko <sashiko-bot@kernel.org>
Subject: [PATCH v4 0/3] media: meson: Fix memory leak in error path in
Date: Thu, 21 May 2026 13:04:10 +0530 [thread overview]
Message-ID: <20260521073449.10057-1-linux.amoon@gmail.com> (raw)
Following chamges try to fix the memory leak reported by Sashiko
Pre-existing issues:
- [Critical] The `sess->esparser_queue_work` work item is not canceled
before freeing the session context, leading to a potential Use-After-Free
vulnerability.
- [High] The patch attempts to fix a memory leak reported by kmemleak,
but misdiagnoses the root cause and leaves the primary memory leak
(the V4L2 control handler) unresolved.
- [High] The driver does not verify if `kthread_run()` returns an `ERR_PTR`,
leading to a kernel panic when `kthread_stop()` is called.
Reported-by: Sashiko <sashiko-bot@kernel.org>
Closes: https://lore.kernel.org/all/20260520045905.6ACBA1F000E9@smtp.kernel.org/#t
Thanks
-Anand
Anand Moon (3):
media: meson: vdec: Fix memory leak in error path of vdec_open
media: meson: vdec: Add error handling for recycle thread creation
media: meson: vdec: Cancel esparser work in error and stop paths
drivers/staging/media/meson/vdec/vdec.c | 27 +++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
base-commit: 8bc67e4db64aa72732c474b44ea8622062c903f0
--
2.50.1
WARNING: multiple messages have this Message-ID (diff)
From: Anand Moon <linux.amoon@gmail.com>
To: Neil Armstrong <neil.armstrong@linaro.org>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Kevin Hilman <khilman@baylibre.com>,
Jerome Brunet <jbrunet@baylibre.com>,
Martin Blumenstingl <martin.blumenstingl@googlemail.com>,
Hans Verkuil <hverkuil@kernel.org>,
Maxime Jourdan <mjourdan@baylibre.com>,
linux-media@vger.kernel.org (open list:MESON VIDEO DECODER
DRIVER FOR AMLOGIC SOCS),
linux-amlogic@lists.infradead.org (open list:MESON VIDEO DECODER
DRIVER FOR AMLOGIC SOCS),
linux-staging@lists.linux.dev (open list:STAGING SUBSYSTEM),
linux-arm-kernel@lists.infradead.org (moderated list:ARM/Amlogic
Meson SoC support), linux-kernel@vger.kernel.org (open list)
Cc: Anand Moon <linux.amoon@gmail.com>, Sashiko <sashiko-bot@kernel.org>
Subject: [PATCH v4 0/3] media: meson: Fix memory leak in error path in
Date: Thu, 21 May 2026 13:04:10 +0530 [thread overview]
Message-ID: <20260521073449.10057-1-linux.amoon@gmail.com> (raw)
Following chamges try to fix the memory leak reported by Sashiko
Pre-existing issues:
- [Critical] The `sess->esparser_queue_work` work item is not canceled
before freeing the session context, leading to a potential Use-After-Free
vulnerability.
- [High] The patch attempts to fix a memory leak reported by kmemleak,
but misdiagnoses the root cause and leaves the primary memory leak
(the V4L2 control handler) unresolved.
- [High] The driver does not verify if `kthread_run()` returns an `ERR_PTR`,
leading to a kernel panic when `kthread_stop()` is called.
Reported-by: Sashiko <sashiko-bot@kernel.org>
Closes: https://lore.kernel.org/all/20260520045905.6ACBA1F000E9@smtp.kernel.org/#t
Thanks
-Anand
Anand Moon (3):
media: meson: vdec: Fix memory leak in error path of vdec_open
media: meson: vdec: Add error handling for recycle thread creation
media: meson: vdec: Cancel esparser work in error and stop paths
drivers/staging/media/meson/vdec/vdec.c | 27 +++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
base-commit: 8bc67e4db64aa72732c474b44ea8622062c903f0
--
2.50.1
WARNING: multiple messages have this Message-ID (diff)
From: Anand Moon <linux.amoon@gmail.com>
To: Neil Armstrong <neil.armstrong@linaro.org>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Kevin Hilman <khilman@baylibre.com>,
Jerome Brunet <jbrunet@baylibre.com>,
Martin Blumenstingl <martin.blumenstingl@googlemail.com>,
Hans Verkuil <hverkuil@kernel.org>,
Maxime Jourdan <mjourdan@baylibre.com>,
linux-media@vger.kernel.org (open list:MESON VIDEO DECODER
DRIVER FOR AMLOGIC SOCS),
linux-amlogic@lists.infradead.org (open list:MESON VIDEO DECODER
DRIVER FOR AMLOGIC SOCS),
linux-staging@lists.linux.dev (open list:STAGING SUBSYSTEM),
linux-arm-kernel@lists.infradead.org (moderated list:ARM/Amlogic
Meson SoC support), linux-kernel@vger.kernel.org (open list)
Cc: Sashiko <sashiko-bot@kernel.org>
Subject: [PATCH v4 0/3] media: meson: Fix memory leak in error path in
Date: Thu, 21 May 2026 13:04:10 +0530 [thread overview]
Message-ID: <20260521073449.10057-1-linux.amoon@gmail.com> (raw)
Following chamges try to fix the memory leak reported by Sashiko
Pre-existing issues:
- [Critical] The `sess->esparser_queue_work` work item is not canceled
before freeing the session context, leading to a potential Use-After-Free
vulnerability.
- [High] The patch attempts to fix a memory leak reported by kmemleak,
but misdiagnoses the root cause and leaves the primary memory leak
(the V4L2 control handler) unresolved.
- [High] The driver does not verify if `kthread_run()` returns an `ERR_PTR`,
leading to a kernel panic when `kthread_stop()` is called.
Reported-by: Sashiko <sashiko-bot@kernel.org>
Closes: https://lore.kernel.org/all/20260520045905.6ACBA1F000E9@smtp.kernel.org/#t
Thanks
-Anand
Anand Moon (3):
media: meson: vdec: Fix memory leak in error path of vdec_open
media: meson: vdec: Add error handling for recycle thread creation
media: meson: vdec: Cancel esparser work in error and stop paths
drivers/staging/media/meson/vdec/vdec.c | 27 +++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
base-commit: 8bc67e4db64aa72732c474b44ea8622062c903f0
--
2.50.1
_______________________________________________
linux-amlogic mailing list
linux-amlogic@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-amlogic
next reply other threads:[~2026-05-21 7:35 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-21 7:34 Anand Moon [this message]
2026-05-21 7:34 ` [PATCH v4 0/3] media: meson: Fix memory leak in error path in Anand Moon
2026-05-21 7:34 ` Anand Moon
2026-05-21 7:34 ` [PATCH v4 1/3] media: meson: vdec: Fix memory leak in error path of vdec_open Anand Moon
2026-05-21 7:34 ` Anand Moon
2026-05-21 7:34 ` Anand Moon
2026-05-21 8:09 ` sashiko-bot
2026-05-21 17:42 ` Anand Moon
2026-05-21 7:34 ` [PATCH v4 2/3] media: meson: vdec: Add error handling for recycle thread creation Anand Moon
2026-05-21 7:34 ` Anand Moon
2026-05-21 7:34 ` Anand Moon
2026-05-21 9:09 ` sashiko-bot
2026-05-21 7:34 ` [PATCH v4 3/3] media: meson: vdec: Cancel esparser work in error and stop paths Anand Moon
2026-05-21 7:34 ` Anand Moon
2026-05-21 7:34 ` Anand Moon
2026-05-21 9:59 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260521073449.10057-1-linux.amoon@gmail.com \
--to=linux.amoon@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=hverkuil@kernel.org \
--cc=jbrunet@baylibre.com \
--cc=khilman@baylibre.com \
--cc=linux-amlogic@lists.infradead.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=martin.blumenstingl@googlemail.com \
--cc=mchehab@kernel.org \
--cc=mjourdan@baylibre.com \
--cc=neil.armstrong@linaro.org \
--cc=sashiko-bot@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.