From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
Vikash Garodia <quic_vgarodia@quicinc.com>,
Dikshita Agarwal <quic_dikshita@quicinc.com>,
Bryan ODonoghue <bod@kernel.org>,
Hans Verkuil <hverkuil+cisco@kernel.org>,
Neil Armstrong <neil.armstrong@linaro.org>,
Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Subject: [PATCH 6.16 12/14] media: iris: Fix memory leak by freeing untracked persist buffer
Date: Fri, 3 Oct 2025 18:05:46 +0200 [thread overview]
Message-ID: <20251003160353.060321369@linuxfoundation.org> (raw)
In-Reply-To: <20251003160352.713189598@linuxfoundation.org>
6.16-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dikshita Agarwal <quic_dikshita@quicinc.com>
commit 02a24f13b3a1d9da9f3de56aa5fdb7cc1fe167a2 upstream.
One internal buffer which is allocated only once per session was not
being freed during session close because it was not being tracked as
part of internal buffer list which resulted in a memory leak.
Add the necessary logic to explicitly free the untracked internal buffer
during session close to ensure all allocated memory is released
properly.
Fixes: 73702f45db81 ("media: iris: allocate, initialize and queue internal buffers")
Cc: stable@vger.kernel.org
Reviewed-by: Vikash Garodia <quic_vgarodia@quicinc.com>
Tested-by: Vikash Garodia <quic_vgarodia@quicinc.com> # X1E80100
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8550-HDK
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8650-HDK
Signed-off-by: Dikshita Agarwal <quic_dikshita@quicinc.com>
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> # x1e80100-crd
Signed-off-by: Bryan O'Donoghue <bod@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/qcom/iris/iris_buffer.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/media/platform/qcom/iris/iris_buffer.c
+++ b/drivers/media/platform/qcom/iris/iris_buffer.c
@@ -410,6 +410,16 @@ static int iris_destroy_internal_buffers
}
}
+ if (force) {
+ buffers = &inst->buffers[BUF_PERSIST];
+
+ list_for_each_entry_safe(buf, next, &buffers->list, list) {
+ ret = iris_destroy_internal_buffer(inst, buf);
+ if (ret)
+ return ret;
+ }
+ }
+
return 0;
}
next prev parent reply other threads:[~2025-10-03 16:07 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-03 16:05 [PATCH 6.16 00/14] 6.16.11-rc1 review Greg Kroah-Hartman
2025-10-03 16:05 ` [PATCH 6.16 01/14] blk-mq: fix blk_mq_tags double free while nr_requests grown Greg Kroah-Hartman
2025-10-03 16:05 ` [PATCH 6.16 02/14] gcc-plugins: Remove TODO_verify_il for GCC >= 16 Greg Kroah-Hartman
2025-10-03 16:05 ` [PATCH 6.16 03/14] scsi: target: target_core_configfs: Add length check to avoid buffer overflow Greg Kroah-Hartman
2025-10-03 16:05 ` [PATCH 6.16 04/14] ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free Greg Kroah-Hartman
2025-10-03 16:05 ` [PATCH 6.16 05/14] media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove Greg Kroah-Hartman
2025-10-03 16:05 ` [PATCH 6.16 06/14] media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe Greg Kroah-Hartman
2025-10-03 16:05 ` [PATCH 6.16 07/14] media: tuner: xc5000: Fix use-after-free in xc5000_release Greg Kroah-Hartman
2025-10-03 16:05 ` [PATCH 6.16 08/14] media: rc: fix races with imon_disconnect() Greg Kroah-Hartman
2025-10-03 16:05 ` [PATCH 6.16 09/14] media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID Greg Kroah-Hartman
2025-10-03 16:05 ` [PATCH 6.16 10/14] mm: swap: check for stable address space before operating on the VMA Greg Kroah-Hartman
2025-10-03 16:05 ` [PATCH 6.16 11/14] wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() Greg Kroah-Hartman
2025-10-03 16:05 ` Greg Kroah-Hartman [this message]
2025-10-03 16:05 ` [PATCH 6.16 13/14] media: stm32-csi: Fix dereference before NULL check Greg Kroah-Hartman
2025-10-03 16:05 ` [PATCH 6.16 14/14] ASoC: qcom: audioreach: fix potential null pointer dereference Greg Kroah-Hartman
2025-10-03 17:32 ` [PATCH 6.16 00/14] 6.16.11-rc1 review Florian Fainelli
2025-10-04 2:40 ` Justin Forbes
2025-10-04 8:31 ` Markus Reichelt
2025-10-04 11:35 ` Brett A C Sheffield
2025-10-04 11:49 ` [PATCH 6.16 00/14] " Naresh Kamboju
2025-10-04 13:06 ` Jon Hunter
2025-10-04 16:54 ` Shuah Khan
2025-10-04 21:11 ` Ron Economos
2025-10-04 22:00 ` Peter Schneider
2025-10-05 16:25 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251003160353.060321369@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bod@kernel.org \
--cc=bryan.odonoghue@linaro.org \
--cc=hverkuil+cisco@kernel.org \
--cc=neil.armstrong@linaro.org \
--cc=patches@lists.linux.dev \
--cc=quic_dikshita@quicinc.com \
--cc=quic_vgarodia@quicinc.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).