From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 38DAD108B8FF for ; Sat, 21 Mar 2026 06:54:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=fLguTg/CwHLDO76/FtqbXbi6oUO08/VOnfftZ3rpAX0=; b=hauGy8eDM/wYRf VO/1vHI41Obh1Uzlw4rl9dUa2cagdkVFO29nje6Jrw1HQG6wFO9Ql7MRqUsl1R8DO+ccKogZdgbq+ qAoTdghfGc50XDMb6oeceuYCuUPlvHzv1s85MBKUSLBUg24L5Ch7ftQtnKA4KCOiJgOQXiiyiEviV 3DrTuGY/1uQQqHwXU4rpNZ0zuzIy6+4bnS+TAMZCOYYJgTZKeivQbvvDlGwUAgj2F3ju6lVcUhU4q sISb52MZiNp8/aa8fnIh2ptwmLcny0hctZk55hjiyiZA1SxXvOjdKgJ09syd1HsYSwM/f/Tc+xiLP rnKeib2ASAv8RDYOqkTQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1w3qE5-0000000EAh7-33fq; Sat, 21 Mar 2026 06:54:26 +0000 Received: from mail-pg1-x52a.google.com ([2607:f8b0:4864:20::52a]) by bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux)) id 1w3qE0-0000000EAfB-3sIN for linux-amlogic@lists.infradead.org; Sat, 21 Mar 2026 06:54:22 +0000 Received: by mail-pg1-x52a.google.com with SMTP id 41be03b00d2f7-c73a12af63cso868469a12.0 for ; Fri, 20 Mar 2026 23:54:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1774076059; x=1774680859; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=kGQQXI1iMDOQW7zjWSA3/NeC4tENFjL25ABxgm3fCbk=; b=bBQ/rwkyS7OCP1XfaKdOzfySUiHbYbcoIgAKRIdAZJzapRiP9p21Xkpp3+fvx2u2w3 m4ejgP3c6BMRP8mO2H+3PgXWm0J3iY/SwmqtE5v0ESfu83fOUTpmrfhtu01SRP4S3SoN OulFs0yYsFEEQRaDpoDcsEJQpQdPgr7Nx56ieDeAo8hlhVl9txmOYzUgIaQ6dMoKqzCW E4xi5P6Z7/HY8CZYYyNRbQONUj1Zyspmwz5SeIjog/nfcipBj6A7iQ30P41Iw4jRf54f Fn+MNWV4asxTLah+OOfWtVtjUQHjGzoCHLmAn23YOs7dlxUKJMtUq4lmCOpGY34slShp 4dnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774076059; x=1774680859; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=kGQQXI1iMDOQW7zjWSA3/NeC4tENFjL25ABxgm3fCbk=; b=FIDs/F9IlNlU02f+CfWBwfc3hY/dAURIWQfVY0zRkUa8qIi4FVwxf8KIORrFgkafiM vbbaaklcssQG5aOngAFWdlYIIIZUBjFKmPLYzcwG/PuAOmbiST6TkeQa9w7NeBhMJCjo kJD8dMVPlJVGIX0KVUwRcMgUQillS3/pOBjuyRXIQtxTx93XJ/KlncRjO01GN1FZOeQQ W5AfNHCNIAqYq7A5AvoPAULZ5zQnKeO2UmbaG0F+TAr6OY+sH/qHm6MMdeMRIgp8061w yfi5Rh93qM1aOSA1VdvPW/gV4cGs1WiBo+c4lWodOKhoh5vyiEP4gbTXNnuHnJml3gf9 74Nw== X-Forwarded-Encrypted: i=1; AJvYcCXShank6gINAJHCg9z6ch0LCtg5vnpJkkcB5S1liQ7eTNATAYfLpMPULs6Ic/prVRC192T0RZYgouM/TcUz@lists.infradead.org X-Gm-Message-State: AOJu0Ywjw/yfaf2wOvtfZTljmlOMJgb9rcLz+RlXbyaquww7eV1hvwdf //1FJKZFMc+58cjzcrSmiSuj3cyqmRwwnr9cF0pF/dEnnRY6Vf57oUZL X-Gm-Gg: ATEYQzzgeX/zluMVereGVRodhTCKITLw7m8oMEhmFIJlBgtJFMOKn6DADuTySO3x000 yKtvXemAw0Us0lrFRrqkjrcVyzUHTo3ElV7A58p7REMxLjOtUNUvs6L9dlJ2v7vi4QsIRx/0PCQ kd4jVuWG3WyZBjZ9JSAgB77ioPbyzK1Cz2bwlqUyS5GBJJ3hp87dP3g1WrPSru0mLoh48t2DtnG 5ApnIZo5FD3Q0qukEUO5kI3r4DvuQth5kv341lij0Oc/Uoez0NJOWBf6j+dkiqEZoXk7akt4oO1 gy5jX9fynXU95DdudxQvSKf8zyi5TpicHUpRN3fcRZayE10PRsG23p36TalC6FAuD9UabEprcQ+ L31WlkFkbcs+qs+I8i8qNnUhEAeRZ9eIUq5X1rSp4W2WvdSF0rSTA49GWGZO4+fMIbpz31Yp3WC R27Q2l2QECmwNhTYAGsbZ7 X-Received: by 2002:a05:6a20:401d:b0:39b:e0f4:322e with SMTP id adf61e73a8af0-39be0f44141mr2372219637.62.1774076058629; Fri, 20 Mar 2026 23:54:18 -0700 (PDT) Received: from rockpi-5b ([45.112.0.200]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c74456fbfb0sm3188114a12.29.2026.03.20.23.54.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Mar 2026 23:54:17 -0700 (PDT) From: Anand Moon To: Neil Armstrong , Mauro Carvalho Chehab , Greg Kroah-Hartman , Kevin Hilman , Jerome Brunet , Martin Blumenstingl , Maxime Jourdan , Hans Verkuil , linux-media@vger.kernel.org (open list:MESON VIDEO DECODER DRIVER FOR AMLOGIC SOCS), linux-amlogic@lists.infradead.org (open list:MESON VIDEO DECODER DRIVER FOR AMLOGIC SOCS), linux-staging@lists.linux.dev (open list:STAGING SUBSYSTEM), linux-arm-kernel@lists.infradead.org (moderated list:ARM/Amlogic Meson SoC support), linux-kernel@vger.kernel.org (open list) Cc: Anand Moon , Nicolas Dufresne Subject: [PATCH v2] media: meson: vdec: Fix memory leak in error path of vdec_open Date: Sat, 21 Mar 2026 12:24:06 +0530 Message-ID: <20260321065408.209723-1-linux.amoon@gmail.com> X-Mailer: git-send-email 2.50.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20260320_235421_127875_91F0C95A X-CRM114-Status: GOOD ( 13.09 ) X-BeenThere: linux-amlogic@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-amlogic" Errors-To: linux-amlogic-bounces+linux-amlogic=archiver.kernel.org@lists.infradead.org The vdec_open and vdec_close functions in the Meson VDEC driver failed to release several resources, leading to memory leaks and potential use-after-free scenarios. This patch addresses: - Missing v4l2_ctrl_handler_free() in both the close path and error exit of the open path, preventing control memory leaks. - A leak of the M2M context if vdec_init_ctrls() failed. The error labels in vdec_open() have been reordered to ensure a proper Last-In-First-Out (LIFO) teardown of all initialized resources. This was identified via kmemleak: unreferenced object 0xffff0000205d6878 (size 8): comm "v4l_id", pid 5289, jiffies 4294938580 hex dump (first 8 bytes): 40 d2 49 18 00 00 ff ff @.I..... backtrace (crc d3204599): kmemleak_alloc+0xc8/0xf0 __kvmalloc_node_noprof+0x60c/0x850 v4l2_ctrl_handler_init_class+0x1b4/0x2e8 [videodev] vdec_open+0x1f4/0x788 [meson_vdec] v4l2_open+0x144/0x460 [videodev] chrdev_open+0x1ac/0x500 do_dentry_open+0x3f0/0xfe8 vfs_open+0x68/0x320 do_open+0x2d8/0x9a8 path_openat+0x1d0/0x4f0 do_filp_open+0x190/0x380 do_sys_openat2+0xf8/0x1b0 __arm64_sys_openat+0x13c/0x1e8 invoke_syscall+0xdc/0x268 el0_svc_common.constprop.0+0x178/0x258 do_el0_svc+0x4c/0x70 Cc: Nicolas Dufresne Fixes: 3e7f51bd9607 ("media: meson: add v4l2 m2m video decoder driver") Signed-off-by: Anand Moon --- v1: https://lore.kernel.org/all/20260304100557.126488-1-linux.amoon@gmail.com/ tried to address the issue reported by Nicolas improve the commit message. --- drivers/staging/media/meson/vdec/vdec.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/staging/media/meson/vdec/vdec.c b/drivers/staging/media/meson/vdec/vdec.c index 4b77ec1af5a76..3a5e4ebe0b34c 100644 --- a/drivers/staging/media/meson/vdec/vdec.c +++ b/drivers/staging/media/meson/vdec/vdec.c @@ -877,7 +877,7 @@ static int vdec_open(struct file *file) if (IS_ERR(sess->m2m_dev)) { dev_err(dev, "Fail to v4l2_m2m_init\n"); ret = PTR_ERR(sess->m2m_dev); - goto err_free_sess; + goto err_m2m_release; } sess->m2m_ctx = v4l2_m2m_ctx_init(sess->m2m_dev, sess, m2m_queue_init); @@ -889,7 +889,7 @@ static int vdec_open(struct file *file) ret = vdec_init_ctrls(sess); if (ret) - goto err_m2m_release; + goto err_m2m_ctx_release; sess->pixfmt_cap = formats[0].pixfmts_cap[0]; sess->fmt_out = &formats[0]; @@ -913,9 +913,11 @@ static int vdec_open(struct file *file) return 0; +err_m2m_ctx_release: + v4l2_m2m_ctx_release(sess->m2m_ctx); err_m2m_release: v4l2_m2m_release(sess->m2m_dev); -err_free_sess: + v4l2_ctrl_handler_free(&sess->ctrl_handler); kfree(sess); return ret; } @@ -926,6 +928,7 @@ static int vdec_close(struct file *file) v4l2_m2m_ctx_release(sess->m2m_ctx); v4l2_m2m_release(sess->m2m_dev); + v4l2_ctrl_handler_free(&sess->ctrl_handler); v4l2_fh_del(&sess->fh, file); v4l2_fh_exit(&sess->fh); base-commit: a0c83177734ab98623795e1ba2cf4b72c23de5e7 -- 2.50.1 _______________________________________________ linux-amlogic mailing list linux-amlogic@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-amlogic