[PATCH v5 0/6] media: meson: Fix memory leak in error path in vdec
Anand Moon
linux.amoon at gmail.com
Mon May 25 02:51:48 PDT 2026
V5: Changes
Following chamges try to fix the memory leak reported by Sashiko
New issues:
- [High] The newly added error path in `vdec_start_streaming()` leaks
`sess->priv` when `kthread_run()` fails.
Pre-existing issues:
- [Critical] Race condition between hardware power-on and `core->cur_sess`
initialization leads to a NULL pointer dereference in the IRQ handler.
- [High] Returning buffers for both source and destination queues upon
single-queue failure orphans active queue buffers.
- [High] Concurrent sessions can bypass the hardware exclusivity check,
leading to simultaneous hardware programming.
--
Reported-by: Sashiko <sashiko-bot at kernel.org>
https://lore.kernel.org/all/20260521090944.F35401F00A3D@smtp.kernel.org/
V4: Changes:
Following chamges try to fix the memory leak reported by Sashiko
Pre-existing issues:
- [Critical] The `sess->esparser_queue_work` work item is not canceled
before freeing the session context, leading to a potential Use-After-Free
vulnerability.
- [High] The patch attempts to fix a memory leak reported by kmemleak,
but misdiagnoses the root cause and leaves the primary memory leak
(the V4L2 control handler) unresolved.
- [High] The driver does not verify if `kthread_run()` returns an `ERR_PTR`,
leading to a kernel panic when `kthread_stop()` is called.
Reported-by: Sashiko <sashiko-bot at kernel.org>
https://lore.kernel.org/all/20260520045905.6ACBA1F000E9@smtp.kernel.org/#t
Thanks
-Anand
Anand Moon (6):
media: meson: vdec: Fix memory leak in error path of vdec_open
media: meson: vdec: Protect session exclusivity check with lock
media: meson: vdec: Set cur_sess before hardware vdec_poweron()
media: meson: vdec: Handle kthread error and free codec private data
media: meson: vdec: Isolate error path buffer flush to the active
queue
media: meson: vdec: Cancel esparser work in error and stop paths
drivers/staging/media/meson/vdec/vdec.c | 54 ++++++++++++++++++++-----
1 file changed, 44 insertions(+), 10 deletions(-)
base-commit: e7ae89a0c97ce2b68b0983cd01eda67cf373517d
--
2.50.1
More information about the linux-arm-kernel
mailing list