From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D8D8374720 for ; Sat, 21 Mar 2026 06:54:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.178 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774076060; cv=none; b=mbubNhYn9DF8XY9VRyh5BhiGufwoLkVOOPDzgnVOSO4Nm9U51xaRW/Z6FgBNmVIRQbXR6q69rDvZzWjQte0SgWDjwJXnXO5UsfZScdcTof9wNKWsB6oZW5YJVyIdla5/+y04rNcpV/7D4Ww/VrDBZp5O1+NpRZNPiSXazHuOnMQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774076060; c=relaxed/simple; bh=o88VheB7Ue9cz3AeJEej6NtWuPSWVpzOFlfKchReNH4=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=V9yeNdRiWvdvQ9hOU0s3qD5qHvCmUszsyGgQXdtWjp22ONGueyo/bcGU4LRish0DsAE4mu1E6Rc7mEuw+YNwRMOo71MPnFQlu03COJ4UV7MW/3zGqLm/DyA62QC4maNY/Jp+gDoxjPdDNhYvSimH58sVLQH296d84UyrWFfXeu4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=a7GDcnkA; arc=none smtp.client-ip=209.85.215.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="a7GDcnkA" Received: by mail-pg1-f178.google.com with SMTP id 41be03b00d2f7-c739561f0d3so991388a12.3 for ; Fri, 20 Mar 2026 23:54:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1774076059; x=1774680859; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=kGQQXI1iMDOQW7zjWSA3/NeC4tENFjL25ABxgm3fCbk=; b=a7GDcnkA0s2BLCa67NKe0Gifno2r7zjzdNLrU7v6N3yTCORSkdv5hIG9hg6USpEcJK GVUAqqjoFy5B5b+TDh2N9IXCbfsIgtpowvP8KVALo/ujmi49mBXvcD+WjTVedk7h63cV j1uVLCKyw3IXCRyN5ST2pB8Gl0ztaBh5V6RqfUEMZ54edYUzZhZRvl38nYJHrRkF9qLF otaaK7iUE1Go5WfYxFqKwEcXapx0HJaWy/iOUC/mYiUQ+I9Nljrg46wLBenDtwNgw37r eb5ZsDt04pmf9TJyFiiPjvRxwlDOgF4NAA85vLlL4oyTP6ViFSey+5KUOZdsHHbPGY44 6Vhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774076059; x=1774680859; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=kGQQXI1iMDOQW7zjWSA3/NeC4tENFjL25ABxgm3fCbk=; b=WJymLvalIrMivoalb2FzwhHx5pWB6exiLIodpiTzNrWrod04QVVsOK/RUJWG/Zo5zC 4XFBBuACIDJtaLG9U+cp9D0eNnf00mm/WqebEb5G29/z4UNu4SWkHc3bwB1aSAKJ1/ez vBwIJNlRA02UnHs4ogiJ3yLyy2JcQggExbRqYQzyf0n6+LfRR/4ZFX3hK5/nZp5HGcne RmoHc6SHJqhZeN2SNGYPptR9XNkWTccPghCzjvy4y/VYfeSbUZFrfIzyCOtxtf9y1TpW 9az/EcFTfjJRGi4X3iBALVzDr78HunmgiLfXMZ7Z8QbJVq/9DVEqy4hBR6XiZb+b2xdy 1OuQ== X-Forwarded-Encrypted: i=1; AJvYcCVfYv5HMGkXvjLoeECukpXa7vCa+COoswMq+O8eSMFnLhgFPZETS2j9Hlqceex95MrSB/1HaMZuT7r4zg==@vger.kernel.org X-Gm-Message-State: AOJu0YyZTHKUw0CeJwvboqEUuSCoGQWBZguEru5jOwKLQ8KvVzJ6gQhG 9Kpu+zIQFoBNKbS0WD1/k7xDDw/Tl7jzKK/LxwKpAImTd9XVvEBc/+N9 X-Gm-Gg: ATEYQzwm20Cq3QRMx0WVhsC2wqBq3DJCoaUruvgdJ8Ip9vLi9dfwaKxWnnilYHwZU6o GCOnDHytYIgf/2T70LoM36ds7PIu88pGvQ/kqvXSOB1jaNDO8SujM/oKjXc24MLVc67M7FT1iHR GzheQwGchrUS3b0xG5cjkddW2UlX5qSciI7LyxxJTpNon+4r4JNnor32fjP5+V4MyJrCenPvVdn waQ508gfFw1jTJhVLiAEGjqIvgHCecpvoGKCaZPlc2Dn08U3pZHkQ304HYXoFGHvnxhb8M2Hfl7 gl3YmZmNhmwX6jzWoNnbH9ufko0zlvtdv/6NmmJeJAYPJSMLyyvreFu7xX9jBe9Kwj+CaK9WxRd /rfguCpCI33Dn1vBL6xYYMgA+cbW3u/SswlrRXzpEbxbCqJd8nB3pX8PshW6p8rVVpqZh6pZV6+ ReueUen+YtyfxN2XPeyjX0 X-Received: by 2002:a05:6a20:401d:b0:39b:e0f4:322e with SMTP id adf61e73a8af0-39be0f44141mr2372219637.62.1774076058629; Fri, 20 Mar 2026 23:54:18 -0700 (PDT) Received: from rockpi-5b ([45.112.0.200]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c74456fbfb0sm3188114a12.29.2026.03.20.23.54.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Mar 2026 23:54:17 -0700 (PDT) From: Anand Moon To: Neil Armstrong , Mauro Carvalho Chehab , Greg Kroah-Hartman , Kevin Hilman , Jerome Brunet , Martin Blumenstingl , Maxime Jourdan , Hans Verkuil , linux-media@vger.kernel.org (open list:MESON VIDEO DECODER DRIVER FOR AMLOGIC SOCS), linux-amlogic@lists.infradead.org (open list:MESON VIDEO DECODER DRIVER FOR AMLOGIC SOCS), linux-staging@lists.linux.dev (open list:STAGING SUBSYSTEM), linux-arm-kernel@lists.infradead.org (moderated list:ARM/Amlogic Meson SoC support), linux-kernel@vger.kernel.org (open list) Cc: Anand Moon , Nicolas Dufresne Subject: [PATCH v2] media: meson: vdec: Fix memory leak in error path of vdec_open Date: Sat, 21 Mar 2026 12:24:06 +0530 Message-ID: <20260321065408.209723-1-linux.amoon@gmail.com> X-Mailer: git-send-email 2.50.1 Precedence: bulk X-Mailing-List: linux-media@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit The vdec_open and vdec_close functions in the Meson VDEC driver failed to release several resources, leading to memory leaks and potential use-after-free scenarios. This patch addresses: - Missing v4l2_ctrl_handler_free() in both the close path and error exit of the open path, preventing control memory leaks. - A leak of the M2M context if vdec_init_ctrls() failed. The error labels in vdec_open() have been reordered to ensure a proper Last-In-First-Out (LIFO) teardown of all initialized resources. This was identified via kmemleak: unreferenced object 0xffff0000205d6878 (size 8): comm "v4l_id", pid 5289, jiffies 4294938580 hex dump (first 8 bytes): 40 d2 49 18 00 00 ff ff @.I..... backtrace (crc d3204599): kmemleak_alloc+0xc8/0xf0 __kvmalloc_node_noprof+0x60c/0x850 v4l2_ctrl_handler_init_class+0x1b4/0x2e8 [videodev] vdec_open+0x1f4/0x788 [meson_vdec] v4l2_open+0x144/0x460 [videodev] chrdev_open+0x1ac/0x500 do_dentry_open+0x3f0/0xfe8 vfs_open+0x68/0x320 do_open+0x2d8/0x9a8 path_openat+0x1d0/0x4f0 do_filp_open+0x190/0x380 do_sys_openat2+0xf8/0x1b0 __arm64_sys_openat+0x13c/0x1e8 invoke_syscall+0xdc/0x268 el0_svc_common.constprop.0+0x178/0x258 do_el0_svc+0x4c/0x70 Cc: Nicolas Dufresne Fixes: 3e7f51bd9607 ("media: meson: add v4l2 m2m video decoder driver") Signed-off-by: Anand Moon --- v1: https://lore.kernel.org/all/20260304100557.126488-1-linux.amoon@gmail.com/ tried to address the issue reported by Nicolas improve the commit message. --- drivers/staging/media/meson/vdec/vdec.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/staging/media/meson/vdec/vdec.c b/drivers/staging/media/meson/vdec/vdec.c index 4b77ec1af5a76..3a5e4ebe0b34c 100644 --- a/drivers/staging/media/meson/vdec/vdec.c +++ b/drivers/staging/media/meson/vdec/vdec.c @@ -877,7 +877,7 @@ static int vdec_open(struct file *file) if (IS_ERR(sess->m2m_dev)) { dev_err(dev, "Fail to v4l2_m2m_init\n"); ret = PTR_ERR(sess->m2m_dev); - goto err_free_sess; + goto err_m2m_release; } sess->m2m_ctx = v4l2_m2m_ctx_init(sess->m2m_dev, sess, m2m_queue_init); @@ -889,7 +889,7 @@ static int vdec_open(struct file *file) ret = vdec_init_ctrls(sess); if (ret) - goto err_m2m_release; + goto err_m2m_ctx_release; sess->pixfmt_cap = formats[0].pixfmts_cap[0]; sess->fmt_out = &formats[0]; @@ -913,9 +913,11 @@ static int vdec_open(struct file *file) return 0; +err_m2m_ctx_release: + v4l2_m2m_ctx_release(sess->m2m_ctx); err_m2m_release: v4l2_m2m_release(sess->m2m_dev); -err_free_sess: + v4l2_ctrl_handler_free(&sess->ctrl_handler); kfree(sess); return ret; } @@ -926,6 +928,7 @@ static int vdec_close(struct file *file) v4l2_m2m_ctx_release(sess->m2m_ctx); v4l2_m2m_release(sess->m2m_dev); + v4l2_ctrl_handler_free(&sess->ctrl_handler); v4l2_fh_del(&sess->fh, file); v4l2_fh_exit(&sess->fh); base-commit: a0c83177734ab98623795e1ba2cf4b72c23de5e7 -- 2.50.1