From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0AFFF23EA84 for ; Thu, 21 May 2026 07:35:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.45 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779348934; cv=none; b=qbx62uRyFpb7dd/+MBsX8EaYb/c7x4G2XdisISc3PchOXrJAGNUVyr5dVz2TbmyYUdVcSHv3kEzy5md4VR3PACrajW6u1lFtIwcyFWHZPU5yo//3cxFZVmwgaER6QRzlZVsxqnOOptN1aiCxSNQRhgPlgD6HF3MUVzANlYIH5Rs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779348934; c=relaxed/simple; bh=R3voIaLtl2BRlPPKHEPBQ78/UAuVNbWj0w+ZXJI+bb4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BtUmPlDj0xba8fToKe+0tWYKKnqV4Hdwu44ytDnx+iOkgijomCLwC3pF2FmZEF9QFD4qt5/asF5Lfyz//g4xTPOb3EtPH8DvDr5mebZ6skOJccKJm+EGGIyfL42vg14tMGZRCgLBWmoAnKrvo9Dy46jnhKlGOUJErojq7giFMdo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=HdhxFlHb; arc=none smtp.client-ip=209.85.216.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="HdhxFlHb" Received: by mail-pj1-f45.google.com with SMTP id 98e67ed59e1d1-368f25ff4c4so3022103a91.2 for ; Thu, 21 May 2026 00:35:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779348932; x=1779953732; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3NPvLu4dxOkoKdNg46+oSXq3CipWU7w/mHnMaydoddU=; b=HdhxFlHb31qKSbw27ge6zqBrW4qTzLoC4CW/JbK43OvWrcjicwns75bxemt9fj+IgV GGvCY7l3A6EhurN+LbhTOAtMK7RaSlK6SsfaDLlHelN+suwbL31p8I9m6H2lOY8QqRe1 WWzefx+wcraTGqStv8XGslVhzVn7tm+yn3dIOZw4JkSrs0djgV8x3GgU42tQ/8Fh6+tk PS6BtHs44rp5K8YPbDSZXg9vgXmskDFp58+n8YqSo/Y8Zc2dVcNd5/CT+70aYvF78QGQ Axp05AWf5gP333QI8+3w7BCJS2E10u+SYavOSkQGoOC/K6hfMhkBqtOjBcjrbygtUED+ 66OA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779348932; x=1779953732; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=3NPvLu4dxOkoKdNg46+oSXq3CipWU7w/mHnMaydoddU=; b=pOMHDjAhLQj43W6r+Sik0fH3zhir7YxKbYBZkFViE3qpwAIvJRnKADL3ajsSVg2mEx n8SErzxHEqr1KSVpJv9SxLCH+hqmgsyI1xgFVsCDJHta37bJmlWBzPhqHBVLd2niVsui mRR5D0cjKvCYYuWaDAoyDMPuMPlrnHQfFYa2MxlUX+S+XI0xaxK80EKDua6701C0V9QM Lt+SFX12J1AX+P0RMeUjKSaP+uONnXwmN/ZFe8Rv/4qALrR2kpmst+UjjiUf6feD49Om fltn+xShY/rTiP6PoeV/Bc9oSB75SDyEdLRUu/JbuBqZwQGQcEQ34/w9xoYewUvIUGkv WJlg== X-Forwarded-Encrypted: i=1; AFNElJ8qUjHgYu+IiMfPLAofPeTpoHgIseFvQoBbkVscAeEWKQI5l77or99lxelEucjfIAYKKniXRI+gi67sY84=@vger.kernel.org X-Gm-Message-State: AOJu0Yzv7qSPB2PUg6wrWTskHSswbxHrkmxoWdSr/jvSXFYGXRBIfrX0 eKZop/WEePTH4m/47F58M8dH0pPNbsMbtaZv/MrE+yuAyN3rvkwfwyGSj18m5A== X-Gm-Gg: Acq92OFfvcxkbZcWSySe+PLiDUjQvXaT7huiYsvh3Bk4T97kNiDWymbUuwm1e3qYlsq NNIikGkP3gxMZ70LP+5qb9/iyaQ4fT2MedXfDxBY2aXxDeY0TxrTN8X9gb8TOR02mtBTGvFgwdn pJ9t5J68BSLzmH1m+1cEc1ApF+2yvxtYZzym6IskHc84he+/YdRWRS3p0tgwQ2V/qCACv9zVFup yLubDKcWmnZVAdPVxNN4bkvhu6Gl3rxbtPxd6lLKlTiTdnQnb486KHguSiZrmNQ1wIXQDtkUalY JjGfBTLGDKFjy01tZLTOBx8fhqkd16vEu1f/7HcvZZSD2wJCXGy+UXtDtMNK8vCO2QY4BmkaPxq Ig4W1FVu18HNSdrN3azb09FTqBgK+oAA+FTDNdr+66ykA/jpEWUgipDC2Qk10m8xIowhRwTX9kL cpVBZ51F9SAwnX4KV85pXpw9OQ04hG3P4= X-Received: by 2002:a17:90b:3c08:b0:35d:a3b4:2f0d with SMTP id 98e67ed59e1d1-36a45137990mr1777189a91.6.1779348932255; Thu, 21 May 2026 00:35:32 -0700 (PDT) Received: from rockpi-5b ([45.112.0.230]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-36a45c5decesm783833a91.1.2026.05.21.00.35.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 May 2026 00:35:31 -0700 (PDT) From: Anand Moon To: Neil Armstrong , Mauro Carvalho Chehab , Greg Kroah-Hartman , Kevin Hilman , Jerome Brunet , Martin Blumenstingl , Hans Verkuil , Maxime Jourdan , linux-media@vger.kernel.org (open list:MESON VIDEO DECODER DRIVER FOR AMLOGIC SOCS), linux-amlogic@lists.infradead.org (open list:MESON VIDEO DECODER DRIVER FOR AMLOGIC SOCS), linux-staging@lists.linux.dev (open list:STAGING SUBSYSTEM), linux-arm-kernel@lists.infradead.org (moderated list:ARM/Amlogic Meson SoC support), linux-kernel@vger.kernel.org (open list) Cc: Anand Moon , Nicolas Dufresne , Sashiko Subject: [PATCH v4 2/3] media: meson: vdec: Add error handling for recycle thread creation Date: Thu, 21 May 2026 13:04:12 +0530 Message-ID: <20260521073449.10057-3-linux.amoon@gmail.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20260521073449.10057-1-linux.amoon@gmail.com> References: <20260521073449.10057-1-linux.amoon@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Add proper error handling for kthread_run() in vdec_start_streaming(). If thread creation fails and returns an ERR_PTR, record the error, reset sess->recycle_thread to NULL, and unwind resources via err_cleanup. This prevents later calls to kthread_stop() in vdec_stop_streaming() from dereferencing an ERR_PTR and causing a kernel panic. Fix this by adding the label and invoking vdec_poweroff() to prevent hardware power leaks. Additionally, reorder the error path to properly mirror the allocation sequence clear the streamon status flags before emptying the M2M buffers to avoid race conditions, and ensure DMA buffers are released gracefully relative to the hardware state lifecycle. Cc: Nicolas Dufresne Reported-by: Sashiko Closes: https://lore.kernel.org/all/20260520045905.6ACBA1F000E9@smtp.kernel.org/#t Fixes: 3e7f51bd9607 ("media: meson: add v4l2 m2m video decoder driver") Signed-off-by: Anand Moon --- v4: new patch [Severity: High] This isn't a bug introduced by this patch, but does the driver verify if kthread_run() returns an ERR_PTR when starting the recycle thread? If thread creation fails in vdec_start_streaming() and returns an ERR_PTR, could a later call to kthread_stop(sess->recycle_thread) in vdec_stop_streaming() attempt to dereference that ERR_PTR and cause a kernel panic? --- drivers/staging/media/meson/vdec/vdec.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/drivers/staging/media/meson/vdec/vdec.c b/drivers/staging/media/meson/vdec/vdec.c index 9244fb09eb36..8615a935e86d 100644 --- a/drivers/staging/media/meson/vdec/vdec.c +++ b/drivers/staging/media/meson/vdec/vdec.c @@ -337,29 +337,37 @@ static int vdec_start_streaming(struct vb2_queue *q, unsigned int count) sess->sequence_cap = 0; sess->sequence_out = 0; - if (vdec_codec_needs_recycle(sess)) + if (vdec_codec_needs_recycle(sess)) { sess->recycle_thread = kthread_run(vdec_recycle_thread, sess, "vdec_recycle"); + if (IS_ERR(sess->recycle_thread)) { + ret = PTR_ERR(sess->recycle_thread); + sess->recycle_thread = NULL; + goto err_cleanup; + } + } sess->status = STATUS_INIT; core->cur_sess = sess; schedule_work(&sess->esparser_queue_work); return 0; +err_cleanup: + vdec_poweroff(sess); vififo_free: dma_free_coherent(sess->core->dev, sess->vififo_size, sess->vififo_vaddr, sess->vififo_paddr); bufs_done: - while ((buf = v4l2_m2m_src_buf_remove(sess->m2m_ctx))) - v4l2_m2m_buf_done(buf, VB2_BUF_STATE_QUEUED); - while ((buf = v4l2_m2m_dst_buf_remove(sess->m2m_ctx))) - v4l2_m2m_buf_done(buf, VB2_BUF_STATE_QUEUED); - if (q->type == V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE) sess->streamon_out = 0; else sess->streamon_cap = 0; + while ((buf = v4l2_m2m_src_buf_remove(sess->m2m_ctx))) + v4l2_m2m_buf_done(buf, VB2_BUF_STATE_QUEUED); + while ((buf = v4l2_m2m_dst_buf_remove(sess->m2m_ctx))) + v4l2_m2m_buf_done(buf, VB2_BUF_STATE_QUEUED); + return ret; } -- 2.50.1 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 34D14CD4F3C for ; Thu, 21 May 2026 07:35:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=kyIBYqPtDLkKrL0O4THyJVnL8cwoiEdoVvcy4jKYJlI=; b=wyXgGgd1cZks6f I/R6DEzbmkR9xfx6qRKUm4FbzZKY2pNThVZRZTFnGqn5VZ9IHfripgToB0Xf4TMfP1IOxc5Oy7wO+ YSJnPjcY1vYuJe77lKlZWCa2FnelWHb2JsnGxuN+CR5CL0UWJW9tvvEZAv4IBAW1Ybei/RkQQHcCG qV3mO6e0qii5Tek7Uv15GQ18b+SvkDeB/G7yXemJm+aOmkzPb0PKHmJyUDm1LjEdi2SYrs5kB47w5 LI+Eh1uBIriccd01kbKx1d+zVlNDU7B1Onf0MYkFYdRp+TxJpQMnWCfEr4jPtu9TQ6xgRnaBxVssH PAAH2dr3HyR7SEsXFTHQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.99.1 #2 (Red Hat Linux)) id 1wPxwO-00000006yfv-1k8v; Thu, 21 May 2026 07:35:36 +0000 Received: from mail-pj1-x102e.google.com ([2607:f8b0:4864:20::102e]) by bombadil.infradead.org with esmtps (Exim 4.99.1 #2 (Red Hat Linux)) id 1wPxwK-00000006yeO-4B0x for linux-amlogic@lists.infradead.org; Thu, 21 May 2026 07:35:34 +0000 Received: by mail-pj1-x102e.google.com with SMTP id 98e67ed59e1d1-36a3dd2e66eso410821a91.0 for ; Thu, 21 May 2026 00:35:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779348932; x=1779953732; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3NPvLu4dxOkoKdNg46+oSXq3CipWU7w/mHnMaydoddU=; b=BgX67+lsWX9y6QSM/Glnd9A48IA1AA10F44G0QkuLUzWKoX7iacX5pyT4eWGpUeUtI ohnaWprfFgZtSCekRdCc/rPSrlBMMDpnTUA/Pb80znAD2l77Q9/MDnTOhLL8CTSNH86k j13dnssXpo7uRKFxuKwolDp6xctvU8rBCucATZC3rmkKF8K4S6avllmd0ThUSlZzu0jG 5M1AJvjd9uTO2WodkmW7MOpcw8Jkr5S2t+SxYiCsSLI+hbVMm2fg8sRnn/PrIj0Uvv9Q ndAe8mCwvJkLYo5/bZfpthEliFAfH4/06BT95jtnycPVs2fyLrIf3EWvKT3BalYzObfX xlew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779348932; x=1779953732; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=3NPvLu4dxOkoKdNg46+oSXq3CipWU7w/mHnMaydoddU=; b=b6WcOPf70lgA3gWsV3+Ui43mLJQxTqW7YBtEicTyooLZgF8DQIm6KdYPtFs18SDpsi F6aUFe2+Hwyw1MwkAHVfios+blY4qbH9IoLFZaZUxABjFUB7JE2x/OqxQb1oqQEIn+7x 5+pbgXKxJD1UtV1hsS3thHxO4BWn2JZX+zIyo1IDki1L1jtQ2nsq2QcH9cQNeyDEwQWK rF9QeEX+dT8Uf4hW64XxDifwgXAdKfiW45sApdCj/Lq/PmKNrIEUOcioJVstBFCGlzS2 3AHlCBDkHjs0eR/R33N6W8uIMtqeESopaNsLgnzJvuo21WXekDZiNXjLwx7M96ddai2Y pxQg== X-Forwarded-Encrypted: i=1; AFNElJ/l95ZLHrgVnPuj5UgSlQn17HEHuwWuWG2FjNEC8rL5NeuGDI6inWvcN6Zj+dI3hQpUi/zP8C6WZyT4iFKV@lists.infradead.org X-Gm-Message-State: AOJu0YwMUkplStn8DMDWPrXCgL5UUiOX49r+UG2qftckGiktprp3ljpG z6GUgz5DWYfW+ALhyrxWjeZ4Zpy4+z3FwyH/0bdzW0j+zbJGhODSV9iQ X-Gm-Gg: Acq92OE7e8h4RPAe01VCcu8FC49+KeheuLyaYJGymilbjGjhw8em90LS1CHbu/J3pWL aMY8agpnfvdtOt9X8roPp8pX7AyJyWCtpoSw/xAaEfUXPPFDQ6H9kBtAoOOlFQ3iebOmD5/pmlZ JfUw0zyfaCRiWwMpG/4urU0f/N4/JRKUJqUL8pEmXeVHLWSST9n8wE0Z4LTtnHHRR6i7nzvwgLj /j0ti5uTQLfim32iRLAGI6g0H4L8D5SoMoLdyC/tS5w+ua9wdiNyitq/7L0KdlHQyeqBSv6qKBc DQrAtJQZuEq5C1m41RiFqzVbR2mCisOUkFkiL2NYoEiv+Jve+CSJTQma8sic9SDkzGSePGNZn6b KB02gjeCZG5maRJNi+ltR0A5NGW7QqQmUS30rJVn456xsjh+q4RQTML/SKYwqkaJgf9sTmc7DWJ BmHaaSW8ZpgMnjedzduohe/pVafbGEHlk= X-Received: by 2002:a17:90b:3c08:b0:35d:a3b4:2f0d with SMTP id 98e67ed59e1d1-36a45137990mr1777189a91.6.1779348932255; Thu, 21 May 2026 00:35:32 -0700 (PDT) Received: from rockpi-5b ([45.112.0.230]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-36a45c5decesm783833a91.1.2026.05.21.00.35.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 May 2026 00:35:31 -0700 (PDT) From: Anand Moon To: Neil Armstrong , Mauro Carvalho Chehab , Greg Kroah-Hartman , Kevin Hilman , Jerome Brunet , Martin Blumenstingl , Hans Verkuil , Maxime Jourdan , linux-media@vger.kernel.org (open list:MESON VIDEO DECODER DRIVER FOR AMLOGIC SOCS), linux-amlogic@lists.infradead.org (open list:MESON VIDEO DECODER DRIVER FOR AMLOGIC SOCS), linux-staging@lists.linux.dev (open list:STAGING SUBSYSTEM), linux-arm-kernel@lists.infradead.org (moderated list:ARM/Amlogic Meson SoC support), linux-kernel@vger.kernel.org (open list) Subject: [PATCH v4 2/3] media: meson: vdec: Add error handling for recycle thread creation Date: Thu, 21 May 2026 13:04:12 +0530 Message-ID: <20260521073449.10057-3-linux.amoon@gmail.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20260521073449.10057-1-linux.amoon@gmail.com> References: <20260521073449.10057-1-linux.amoon@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.9.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20260521_003533_037660_1BBE97F2 X-CRM114-Status: GOOD ( 16.66 ) X-BeenThere: linux-amlogic@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sashiko , Nicolas Dufresne Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-amlogic" Errors-To: linux-amlogic-bounces+linux-amlogic=archiver.kernel.org@lists.infradead.org Add proper error handling for kthread_run() in vdec_start_streaming(). If thread creation fails and returns an ERR_PTR, record the error, reset sess->recycle_thread to NULL, and unwind resources via err_cleanup. This prevents later calls to kthread_stop() in vdec_stop_streaming() from dereferencing an ERR_PTR and causing a kernel panic. Fix this by adding the label and invoking vdec_poweroff() to prevent hardware power leaks. Additionally, reorder the error path to properly mirror the allocation sequence clear the streamon status flags before emptying the M2M buffers to avoid race conditions, and ensure DMA buffers are released gracefully relative to the hardware state lifecycle. Cc: Nicolas Dufresne Reported-by: Sashiko Closes: https://lore.kernel.org/all/20260520045905.6ACBA1F000E9@smtp.kernel.org/#t Fixes: 3e7f51bd9607 ("media: meson: add v4l2 m2m video decoder driver") Signed-off-by: Anand Moon --- v4: new patch [Severity: High] This isn't a bug introduced by this patch, but does the driver verify if kthread_run() returns an ERR_PTR when starting the recycle thread? If thread creation fails in vdec_start_streaming() and returns an ERR_PTR, could a later call to kthread_stop(sess->recycle_thread) in vdec_stop_streaming() attempt to dereference that ERR_PTR and cause a kernel panic? --- drivers/staging/media/meson/vdec/vdec.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/drivers/staging/media/meson/vdec/vdec.c b/drivers/staging/media/meson/vdec/vdec.c index 9244fb09eb36..8615a935e86d 100644 --- a/drivers/staging/media/meson/vdec/vdec.c +++ b/drivers/staging/media/meson/vdec/vdec.c @@ -337,29 +337,37 @@ static int vdec_start_streaming(struct vb2_queue *q, unsigned int count) sess->sequence_cap = 0; sess->sequence_out = 0; - if (vdec_codec_needs_recycle(sess)) + if (vdec_codec_needs_recycle(sess)) { sess->recycle_thread = kthread_run(vdec_recycle_thread, sess, "vdec_recycle"); + if (IS_ERR(sess->recycle_thread)) { + ret = PTR_ERR(sess->recycle_thread); + sess->recycle_thread = NULL; + goto err_cleanup; + } + } sess->status = STATUS_INIT; core->cur_sess = sess; schedule_work(&sess->esparser_queue_work); return 0; +err_cleanup: + vdec_poweroff(sess); vififo_free: dma_free_coherent(sess->core->dev, sess->vififo_size, sess->vififo_vaddr, sess->vififo_paddr); bufs_done: - while ((buf = v4l2_m2m_src_buf_remove(sess->m2m_ctx))) - v4l2_m2m_buf_done(buf, VB2_BUF_STATE_QUEUED); - while ((buf = v4l2_m2m_dst_buf_remove(sess->m2m_ctx))) - v4l2_m2m_buf_done(buf, VB2_BUF_STATE_QUEUED); - if (q->type == V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE) sess->streamon_out = 0; else sess->streamon_cap = 0; + while ((buf = v4l2_m2m_src_buf_remove(sess->m2m_ctx))) + v4l2_m2m_buf_done(buf, VB2_BUF_STATE_QUEUED); + while ((buf = v4l2_m2m_dst_buf_remove(sess->m2m_ctx))) + v4l2_m2m_buf_done(buf, VB2_BUF_STATE_QUEUED); + return ret; } -- 2.50.1 _______________________________________________ linux-amlogic mailing list linux-amlogic@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-amlogic From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C21E5CD4F5E for ; Thu, 21 May 2026 07:35:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date :Subject:To:From:Reply-To:Content-Type:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=3NPvLu4dxOkoKdNg46+oSXq3CipWU7w/mHnMaydoddU=; b=PDgdcMTjXtzKZj t12+8cK84FKZOVetMGWu3DS0J+5R5RCjFci90usRhDcZ6oOQk09c3ujJZqDi5pdIixQNJD7z3WcJF uisZH2ohyAL8+7N5FipEoibvrU2Qe0uu4JDHzuB+LdowhnFp5/jy9jZjWXHbczggvjYPIUhdP6fGw ov9MSC6+JXHhL5rB3NPVQzd/d4cUD71CnewWO8X0MQlQBwy0WSqhF9rNwCLrHf4srE8vMmhlxcvhg xxlvLnCRGhqnBOm2PmZ3F1j/PWulKGZhwPaXq+zfyXtH9s2tpcZLyD1VfZG7WdSJzZdNvBOFpw1o0 88xMOw+4xXu5k0lusmTQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.99.1 #2 (Red Hat Linux)) id 1wPxwO-00000006yg3-2Gn3; Thu, 21 May 2026 07:35:36 +0000 Received: from mail-pj1-x1030.google.com ([2607:f8b0:4864:20::1030]) by bombadil.infradead.org with esmtps (Exim 4.99.1 #2 (Red Hat Linux)) id 1wPxwL-00000006yeN-1AXg for linux-arm-kernel@lists.infradead.org; Thu, 21 May 2026 07:35:34 +0000 Received: by mail-pj1-x1030.google.com with SMTP id 98e67ed59e1d1-366be8040a9so2419341a91.3 for ; Thu, 21 May 2026 00:35:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779348932; x=1779953732; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3NPvLu4dxOkoKdNg46+oSXq3CipWU7w/mHnMaydoddU=; b=BgX67+lsWX9y6QSM/Glnd9A48IA1AA10F44G0QkuLUzWKoX7iacX5pyT4eWGpUeUtI ohnaWprfFgZtSCekRdCc/rPSrlBMMDpnTUA/Pb80znAD2l77Q9/MDnTOhLL8CTSNH86k j13dnssXpo7uRKFxuKwolDp6xctvU8rBCucATZC3rmkKF8K4S6avllmd0ThUSlZzu0jG 5M1AJvjd9uTO2WodkmW7MOpcw8Jkr5S2t+SxYiCsSLI+hbVMm2fg8sRnn/PrIj0Uvv9Q ndAe8mCwvJkLYo5/bZfpthEliFAfH4/06BT95jtnycPVs2fyLrIf3EWvKT3BalYzObfX xlew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779348932; x=1779953732; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=3NPvLu4dxOkoKdNg46+oSXq3CipWU7w/mHnMaydoddU=; b=LQGoClNHiZnvZnBoyPJKO/kmLOq4RhF9O6BizpRC8yVjS4CXzKHbKuD88PV7RsfxLs mMQ6DXuEy2/CZtmeznIZql0wsK9GEPPA41ZAYqvxxtwiRvfSRnlUEs8RHX6f4VEpGY8x N2VTP/EbATGrlmM4f/1+JdbjhbAy0y1M9rRMGOZdCgfzW9cMWAB68mjoBhdOaUol4Qru XbU0Tzk2gC/Eoq8l37mASQ20tenaNiU1EPYXD4M1pIx4eiM2IVIh7cruhjfLKu0nNuGE Dl9ZgjGHifi2cm+pT8fFdzatO0GtDS6ml+0/Frn4LYj5UFtbTZeZ2d3OpYIOvpsCcUZB pB2g== X-Forwarded-Encrypted: i=1; AFNElJ+LxNDx8bct+j+nYN8qhhRgs1Jyfurlw2v2I+RbDFc6r0R/KRBodQYul4f/DugJt88g7PLzOESob6wrCVuISOHZ@lists.infradead.org X-Gm-Message-State: AOJu0Yyq5xK8h7d/2bxgVwSCVaV6aHvsToDCSjvnPe64gXrDgaqOUuC3 XHmfAk312R/kyryJxru1///SMcJUyXGrZReCfv4E/3BrICtTk/Ig5fN4 X-Gm-Gg: Acq92OEtdcYZG89JWMjecZPG5l0s7+TStvkXDL8AG/H/qeVbiUN2jd9coG9tTMMBoQu aDiuLK+fQaXwXyOsIQYhtPRLTA7bMDcXkgmLp1F9qv5spFPneL53s4SKBzlAJzK6GVcOM66LxCX aEoMSEZHh+lGYEz/isXiNNnOSP6w5Ou0NGZG9N62Bm8ykpi/CPBlanx3yNsHmjW0RjnIxELVY0P tQUwnDNCe4uktJzKgSOJJNxD4x2pPef9oxkt2AV0ayKxTAdwO7rJkO7dsKHQmkwLfKuGfjCIwPJ jyEi17ZaBfnQiIXBjtSPA0DExmncCaaC5/fIQYh8xkDSnOid2o8sXfZPS3paoKycE8XB6e45Di0 fbCPAzH2VkNmVEM+TJJJlpFKnvdK/wCf8jj2DLeEiE8PNcjdqHoz/FZsE58Y65H70AtBgYVLPos s6og8/SyrT3y3mv81eatCHNPkDY0gZ5tE= X-Received: by 2002:a17:90b:3c08:b0:35d:a3b4:2f0d with SMTP id 98e67ed59e1d1-36a45137990mr1777189a91.6.1779348932255; Thu, 21 May 2026 00:35:32 -0700 (PDT) Received: from rockpi-5b ([45.112.0.230]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-36a45c5decesm783833a91.1.2026.05.21.00.35.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 May 2026 00:35:31 -0700 (PDT) From: Anand Moon To: Neil Armstrong , Mauro Carvalho Chehab , Greg Kroah-Hartman , Kevin Hilman , Jerome Brunet , Martin Blumenstingl , Hans Verkuil , Maxime Jourdan , linux-media@vger.kernel.org (open list:MESON VIDEO DECODER DRIVER FOR AMLOGIC SOCS), linux-amlogic@lists.infradead.org (open list:MESON VIDEO DECODER DRIVER FOR AMLOGIC SOCS), linux-staging@lists.linux.dev (open list:STAGING SUBSYSTEM), linux-arm-kernel@lists.infradead.org (moderated list:ARM/Amlogic Meson SoC support), linux-kernel@vger.kernel.org (open list) Subject: [PATCH v4 2/3] media: meson: vdec: Add error handling for recycle thread creation Date: Thu, 21 May 2026 13:04:12 +0530 Message-ID: <20260521073449.10057-3-linux.amoon@gmail.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20260521073449.10057-1-linux.amoon@gmail.com> References: <20260521073449.10057-1-linux.amoon@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.9.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20260521_003533_326245_BB1AF983 X-CRM114-Status: GOOD ( 18.35 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sashiko , Nicolas Dufresne Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Add proper error handling for kthread_run() in vdec_start_streaming(). If thread creation fails and returns an ERR_PTR, record the error, reset sess->recycle_thread to NULL, and unwind resources via err_cleanup. This prevents later calls to kthread_stop() in vdec_stop_streaming() from dereferencing an ERR_PTR and causing a kernel panic. Fix this by adding the label and invoking vdec_poweroff() to prevent hardware power leaks. Additionally, reorder the error path to properly mirror the allocation sequence clear the streamon status flags before emptying the M2M buffers to avoid race conditions, and ensure DMA buffers are released gracefully relative to the hardware state lifecycle. Cc: Nicolas Dufresne Reported-by: Sashiko Closes: https://lore.kernel.org/all/20260520045905.6ACBA1F000E9@smtp.kernel.org/#t Fixes: 3e7f51bd9607 ("media: meson: add v4l2 m2m video decoder driver") Signed-off-by: Anand Moon --- v4: new patch [Severity: High] This isn't a bug introduced by this patch, but does the driver verify if kthread_run() returns an ERR_PTR when starting the recycle thread? If thread creation fails in vdec_start_streaming() and returns an ERR_PTR, could a later call to kthread_stop(sess->recycle_thread) in vdec_stop_streaming() attempt to dereference that ERR_PTR and cause a kernel panic? --- drivers/staging/media/meson/vdec/vdec.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/drivers/staging/media/meson/vdec/vdec.c b/drivers/staging/media/meson/vdec/vdec.c index 9244fb09eb36..8615a935e86d 100644 --- a/drivers/staging/media/meson/vdec/vdec.c +++ b/drivers/staging/media/meson/vdec/vdec.c @@ -337,29 +337,37 @@ static int vdec_start_streaming(struct vb2_queue *q, unsigned int count) sess->sequence_cap = 0; sess->sequence_out = 0; - if (vdec_codec_needs_recycle(sess)) + if (vdec_codec_needs_recycle(sess)) { sess->recycle_thread = kthread_run(vdec_recycle_thread, sess, "vdec_recycle"); + if (IS_ERR(sess->recycle_thread)) { + ret = PTR_ERR(sess->recycle_thread); + sess->recycle_thread = NULL; + goto err_cleanup; + } + } sess->status = STATUS_INIT; core->cur_sess = sess; schedule_work(&sess->esparser_queue_work); return 0; +err_cleanup: + vdec_poweroff(sess); vififo_free: dma_free_coherent(sess->core->dev, sess->vififo_size, sess->vififo_vaddr, sess->vififo_paddr); bufs_done: - while ((buf = v4l2_m2m_src_buf_remove(sess->m2m_ctx))) - v4l2_m2m_buf_done(buf, VB2_BUF_STATE_QUEUED); - while ((buf = v4l2_m2m_dst_buf_remove(sess->m2m_ctx))) - v4l2_m2m_buf_done(buf, VB2_BUF_STATE_QUEUED); - if (q->type == V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE) sess->streamon_out = 0; else sess->streamon_cap = 0; + while ((buf = v4l2_m2m_src_buf_remove(sess->m2m_ctx))) + v4l2_m2m_buf_done(buf, VB2_BUF_STATE_QUEUED); + while ((buf = v4l2_m2m_dst_buf_remove(sess->m2m_ctx))) + v4l2_m2m_buf_done(buf, VB2_BUF_STATE_QUEUED); + return ret; } -- 2.50.1