From: Anand Moon <linux.amoon@gmail.com>
To: Neil Armstrong <neil.armstrong@linaro.org>,
Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
Maxime Ripard <mripard@kernel.org>,
Thomas Zimmermann <tzimmermann@suse.de>,
David Airlie <airlied@gmail.com>, Simona Vetter <simona@ffwll.ch>,
Kevin Hilman <khilman@baylibre.com>,
Jerome Brunet <jbrunet@baylibre.com>,
Martin Blumenstingl <martin.blumenstingl@googlemail.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Hans Verkuil <hverkuil@kernel.org>,
Maxime Jourdan <mjourdan@baylibre.com>,
dri-devel@lists.freedesktop.org (open list:DRM DRIVERS FOR
AMLOGIC SOCS),
linux-amlogic@lists.infradead.org (open list:DRM DRIVERS FOR
AMLOGIC SOCS),
linux-arm-kernel@lists.infradead.org (moderated list:ARM/Amlogic
Meson SoC support), linux-kernel@vger.kernel.org (open list),
linux-media@vger.kernel.org (open list:MESON VIDEO DECODER
DRIVER FOR AMLOGIC SOCS),
linux-staging@lists.linux.dev (open list:STAGING SUBSYSTEM)
Cc: Anand Moon <linux.amoon@gmail.com>
Subject: [PATCH v6 0/8] media: meson: Fix memory leak in error path in vdec
Date: Sat, 30 May 2026 15:12:46 +0530 [thread overview]
Message-ID: <20260530094326.11892-1-linux.amoon@gmail.com> (raw)
v6: Changes
The previous approach had some technical issues, so this new version
takes a slightly different approach, I have fixed the DMA warnings
found during basic testing.
I have donse basic testing on the Odroid N2+ and found that
the clocks are not enabling for decoder.
It also seems some Mali GPU configurations are still missing.
You can reproduce the test case using:
mpv --hwdec=v4l2m2m Big_Buck_Bunny_1080_10s_30MB.mp4
Please let me know your feedback so we can discuss and address these
points!
Thanks
-Anand
V5: Changes
[v5] https://lore.kernel.org/all/20260525095216.12078-2-linux.amoon@gmail.com/
Following chamges try to fix the memory leak reported by Sashiko
New issues:
- [High] The newly added error path in `vdec_start_streaming()` leaks
`sess->priv` when `kthread_run()` fails.
Pre-existing issues:
- [Critical] Race condition between hardware power-on and `core->cur_sess`
initialization leads to a NULL pointer dereference in the IRQ handler.
- [High] Returning buffers for both source and destination queues upon
single-queue failure orphans active queue buffers.
- [High] Concurrent sessions can bypass the hardware exclusivity check,
leading to simultaneous hardware programming.
--
V4: Changes:
v4: https://lore.kernel.org/all/20260521073449.10057-2-linux.amoon@gmail.com/
Following chamges try to fix the memory leak reported by Sashiko
Pre-existing issues:
- [Critical] The `sess->esparser_queue_work` work item is not canceled
before freeing the session context, leading to a potential Use-After-Free
vulnerability.
- [High] The patch attempts to fix a memory leak reported by kmemleak,
but misdiagnoses the root cause and leaves the primary memory leak
(the V4L2 control handler) unresolved.
- [High] The driver does not verify if `kthread_run()` returns an `ERR_PTR`,
leading to a kernel panic when `kthread_stop()` is called.
Thanks
-Anand
Anand Moon (8):
media: meson: vdec: Fix memory leaks and lifetime of m2m device
media: meson: vdec: Fix concurrent STREAMON / STREAMOFF race
conditions
media: meson: vdec: Handle kthread failure and free codec state
media: meson: vdec: Condition buffer flushing on queue type in
start_streaming
media: meson: vdec: Cancel esparser work during teardown
media: meson: vdec: Configure DMA mask and segment size in probe
media: meson: vdec: Fix NULL pointer dereference in ISR handlers
gpu: drm: meson: Fix DMA max segment size for DMABUF imports
drivers/gpu/drm/meson/meson_drv.c | 2 +
drivers/staging/media/meson/vdec/vdec.c | 179 +++++++++++++++++-------
drivers/staging/media/meson/vdec/vdec.h | 4 +-
3 files changed, 136 insertions(+), 49 deletions(-)
base-commit: f5e5d3509bffb95c6648eb9795f7f236852ae62d
--
2.50.1
WARNING: multiple messages have this Message-ID (diff)
From: Anand Moon <linux.amoon@gmail.com>
To: Neil Armstrong <neil.armstrong@linaro.org>,
Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
Maxime Ripard <mripard@kernel.org>,
Thomas Zimmermann <tzimmermann@suse.de>,
David Airlie <airlied@gmail.com>, Simona Vetter <simona@ffwll.ch>,
Kevin Hilman <khilman@baylibre.com>,
Jerome Brunet <jbrunet@baylibre.com>,
Martin Blumenstingl <martin.blumenstingl@googlemail.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Hans Verkuil <hverkuil@kernel.org>,
Maxime Jourdan <mjourdan@baylibre.com>,
dri-devel@lists.freedesktop.org (open list:DRM DRIVERS FOR
AMLOGIC SOCS),
linux-amlogic@lists.infradead.org (open list:DRM DRIVERS FOR
AMLOGIC SOCS),
linux-arm-kernel@lists.infradead.org (moderated list:ARM/Amlogic
Meson SoC support), linux-kernel@vger.kernel.org (open list),
linux-media@vger.kernel.org (open list:MESON VIDEO DECODER
DRIVER FOR AMLOGIC SOCS),
linux-staging@lists.linux.dev (open list:STAGING SUBSYSTEM)
Subject: [PATCH v6 0/8] media: meson: Fix memory leak in error path in vdec
Date: Sat, 30 May 2026 15:12:46 +0530 [thread overview]
Message-ID: <20260530094326.11892-1-linux.amoon@gmail.com> (raw)
v6: Changes
The previous approach had some technical issues, so this new version
takes a slightly different approach, I have fixed the DMA warnings
found during basic testing.
I have donse basic testing on the Odroid N2+ and found that
the clocks are not enabling for decoder.
It also seems some Mali GPU configurations are still missing.
You can reproduce the test case using:
mpv --hwdec=v4l2m2m Big_Buck_Bunny_1080_10s_30MB.mp4
Please let me know your feedback so we can discuss and address these
points!
Thanks
-Anand
V5: Changes
[v5] https://lore.kernel.org/all/20260525095216.12078-2-linux.amoon@gmail.com/
Following chamges try to fix the memory leak reported by Sashiko
New issues:
- [High] The newly added error path in `vdec_start_streaming()` leaks
`sess->priv` when `kthread_run()` fails.
Pre-existing issues:
- [Critical] Race condition between hardware power-on and `core->cur_sess`
initialization leads to a NULL pointer dereference in the IRQ handler.
- [High] Returning buffers for both source and destination queues upon
single-queue failure orphans active queue buffers.
- [High] Concurrent sessions can bypass the hardware exclusivity check,
leading to simultaneous hardware programming.
--
V4: Changes:
v4: https://lore.kernel.org/all/20260521073449.10057-2-linux.amoon@gmail.com/
Following chamges try to fix the memory leak reported by Sashiko
Pre-existing issues:
- [Critical] The `sess->esparser_queue_work` work item is not canceled
before freeing the session context, leading to a potential Use-After-Free
vulnerability.
- [High] The patch attempts to fix a memory leak reported by kmemleak,
but misdiagnoses the root cause and leaves the primary memory leak
(the V4L2 control handler) unresolved.
- [High] The driver does not verify if `kthread_run()` returns an `ERR_PTR`,
leading to a kernel panic when `kthread_stop()` is called.
Thanks
-Anand
Anand Moon (8):
media: meson: vdec: Fix memory leaks and lifetime of m2m device
media: meson: vdec: Fix concurrent STREAMON / STREAMOFF race
conditions
media: meson: vdec: Handle kthread failure and free codec state
media: meson: vdec: Condition buffer flushing on queue type in
start_streaming
media: meson: vdec: Cancel esparser work during teardown
media: meson: vdec: Configure DMA mask and segment size in probe
media: meson: vdec: Fix NULL pointer dereference in ISR handlers
gpu: drm: meson: Fix DMA max segment size for DMABUF imports
drivers/gpu/drm/meson/meson_drv.c | 2 +
drivers/staging/media/meson/vdec/vdec.c | 179 +++++++++++++++++-------
drivers/staging/media/meson/vdec/vdec.h | 4 +-
3 files changed, 136 insertions(+), 49 deletions(-)
base-commit: f5e5d3509bffb95c6648eb9795f7f236852ae62d
--
2.50.1
WARNING: multiple messages have this Message-ID (diff)
From: Anand Moon <linux.amoon@gmail.com>
To: Neil Armstrong <neil.armstrong@linaro.org>,
Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
Maxime Ripard <mripard@kernel.org>,
Thomas Zimmermann <tzimmermann@suse.de>,
David Airlie <airlied@gmail.com>, Simona Vetter <simona@ffwll.ch>,
Kevin Hilman <khilman@baylibre.com>,
Jerome Brunet <jbrunet@baylibre.com>,
Martin Blumenstingl <martin.blumenstingl@googlemail.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Hans Verkuil <hverkuil@kernel.org>,
Maxime Jourdan <mjourdan@baylibre.com>,
dri-devel@lists.freedesktop.org (open list:DRM DRIVERS FOR
AMLOGIC SOCS),
linux-amlogic@lists.infradead.org (open list:DRM DRIVERS FOR
AMLOGIC SOCS),
linux-arm-kernel@lists.infradead.org (moderated list:ARM/Amlogic
Meson SoC support), linux-kernel@vger.kernel.org (open list),
linux-media@vger.kernel.org (open list:MESON VIDEO DECODER
DRIVER FOR AMLOGIC SOCS),
linux-staging@lists.linux.dev (open list:STAGING SUBSYSTEM)
Subject: [PATCH v6 0/8] media: meson: Fix memory leak in error path in vdec
Date: Sat, 30 May 2026 15:12:46 +0530 [thread overview]
Message-ID: <20260530094326.11892-1-linux.amoon@gmail.com> (raw)
v6: Changes
The previous approach had some technical issues, so this new version
takes a slightly different approach, I have fixed the DMA warnings
found during basic testing.
I have donse basic testing on the Odroid N2+ and found that
the clocks are not enabling for decoder.
It also seems some Mali GPU configurations are still missing.
You can reproduce the test case using:
mpv --hwdec=v4l2m2m Big_Buck_Bunny_1080_10s_30MB.mp4
Please let me know your feedback so we can discuss and address these
points!
Thanks
-Anand
V5: Changes
[v5] https://lore.kernel.org/all/20260525095216.12078-2-linux.amoon@gmail.com/
Following chamges try to fix the memory leak reported by Sashiko
New issues:
- [High] The newly added error path in `vdec_start_streaming()` leaks
`sess->priv` when `kthread_run()` fails.
Pre-existing issues:
- [Critical] Race condition between hardware power-on and `core->cur_sess`
initialization leads to a NULL pointer dereference in the IRQ handler.
- [High] Returning buffers for both source and destination queues upon
single-queue failure orphans active queue buffers.
- [High] Concurrent sessions can bypass the hardware exclusivity check,
leading to simultaneous hardware programming.
--
V4: Changes:
v4: https://lore.kernel.org/all/20260521073449.10057-2-linux.amoon@gmail.com/
Following chamges try to fix the memory leak reported by Sashiko
Pre-existing issues:
- [Critical] The `sess->esparser_queue_work` work item is not canceled
before freeing the session context, leading to a potential Use-After-Free
vulnerability.
- [High] The patch attempts to fix a memory leak reported by kmemleak,
but misdiagnoses the root cause and leaves the primary memory leak
(the V4L2 control handler) unresolved.
- [High] The driver does not verify if `kthread_run()` returns an `ERR_PTR`,
leading to a kernel panic when `kthread_stop()` is called.
Thanks
-Anand
Anand Moon (8):
media: meson: vdec: Fix memory leaks and lifetime of m2m device
media: meson: vdec: Fix concurrent STREAMON / STREAMOFF race
conditions
media: meson: vdec: Handle kthread failure and free codec state
media: meson: vdec: Condition buffer flushing on queue type in
start_streaming
media: meson: vdec: Cancel esparser work during teardown
media: meson: vdec: Configure DMA mask and segment size in probe
media: meson: vdec: Fix NULL pointer dereference in ISR handlers
gpu: drm: meson: Fix DMA max segment size for DMABUF imports
drivers/gpu/drm/meson/meson_drv.c | 2 +
drivers/staging/media/meson/vdec/vdec.c | 179 +++++++++++++++++-------
drivers/staging/media/meson/vdec/vdec.h | 4 +-
3 files changed, 136 insertions(+), 49 deletions(-)
base-commit: f5e5d3509bffb95c6648eb9795f7f236852ae62d
--
2.50.1
_______________________________________________
linux-amlogic mailing list
linux-amlogic@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-amlogic
next reply other threads:[~2026-05-30 9:43 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-30 9:42 Anand Moon [this message]
2026-05-30 9:42 ` [PATCH v6 0/8] media: meson: Fix memory leak in error path in vdec Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 9:42 ` [PATCH v6 1/8] media: meson: vdec: Fix memory leaks and lifetime of m2m device Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 9:55 ` sashiko-bot
2026-05-30 9:55 ` sashiko-bot
2026-05-30 9:42 ` [PATCH v6 2/8] media: meson: vdec: Fix concurrent STREAMON / STREAMOFF race conditions Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 10:08 ` sashiko-bot
2026-05-30 10:08 ` sashiko-bot
2026-05-30 9:42 ` [PATCH v6 3/8] media: meson: vdec: Handle kthread failure and free codec state Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 10:25 ` sashiko-bot
2026-05-30 10:25 ` sashiko-bot
2026-05-30 9:42 ` [PATCH v6 4/8] media: meson: vdec: Condition buffer flushing on queue type in start_streaming Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 10:43 ` sashiko-bot
2026-05-30 10:43 ` sashiko-bot
2026-05-30 9:42 ` [PATCH v6 5/8] media: meson: vdec: Cancel esparser work during teardown Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 10:59 ` sashiko-bot
2026-05-30 10:59 ` sashiko-bot
2026-05-30 9:42 ` [PATCH v6 6/8] media: meson: vdec: Configure DMA mask and segment size in probe Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 11:10 ` sashiko-bot
2026-05-30 11:10 ` sashiko-bot
2026-05-30 9:42 ` [PATCH v6 7/8] media: meson: vdec: Fix NULL pointer dereference in ISR handlers Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 11:23 ` sashiko-bot
2026-05-30 11:23 ` sashiko-bot
2026-05-30 9:42 ` [PATCH v6 8/8] gpu: drm: meson: Fix DMA max segment size for DMABUF imports Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 9:42 ` Anand Moon
2026-05-30 11:35 ` sashiko-bot
2026-05-30 11:35 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260530094326.11892-1-linux.amoon@gmail.com \
--to=linux.amoon@gmail.com \
--cc=airlied@gmail.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=gregkh@linuxfoundation.org \
--cc=hverkuil@kernel.org \
--cc=jbrunet@baylibre.com \
--cc=khilman@baylibre.com \
--cc=linux-amlogic@lists.infradead.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=maarten.lankhorst@linux.intel.com \
--cc=martin.blumenstingl@googlemail.com \
--cc=mchehab@kernel.org \
--cc=mjourdan@baylibre.com \
--cc=mripard@kernel.org \
--cc=neil.armstrong@linaro.org \
--cc=simona@ffwll.ch \
--cc=tzimmermann@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.