From nobody Sat Apr 4 03:04:26 2026 Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5763D37419A for ; Sat, 21 Mar 2026 06:54:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774076060; cv=none; b=DyplJDRCio+Nc3jpiuYwbldWEvWJULmRugbvBleF1BK6+ElQlhd36u2+whZS3Fr0vwKiTQGHXJwMm188E5352XBLWJfr/vqeEi1/QRrQuDkkPJ3bwY5J/vBHjwjJX5dhjYOo5tbbdZ7KCEpWzGFfOM9YfuApt0J1DGnFPtcMJ14= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774076060; c=relaxed/simple; bh=o88VheB7Ue9cz3AeJEej6NtWuPSWVpzOFlfKchReNH4=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=V9yeNdRiWvdvQ9hOU0s3qD5qHvCmUszsyGgQXdtWjp22ONGueyo/bcGU4LRish0DsAE4mu1E6Rc7mEuw+YNwRMOo71MPnFQlu03COJ4UV7MW/3zGqLm/DyA62QC4maNY/Jp+gDoxjPdDNhYvSimH58sVLQH296d84UyrWFfXeu4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=a7GDcnkA; arc=none smtp.client-ip=209.85.215.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="a7GDcnkA" Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-c70bfef17a4so897506a12.2 for ; Fri, 20 Mar 2026 23:54:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1774076059; x=1774680859; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=kGQQXI1iMDOQW7zjWSA3/NeC4tENFjL25ABxgm3fCbk=; b=a7GDcnkA0s2BLCa67NKe0Gifno2r7zjzdNLrU7v6N3yTCORSkdv5hIG9hg6USpEcJK GVUAqqjoFy5B5b+TDh2N9IXCbfsIgtpowvP8KVALo/ujmi49mBXvcD+WjTVedk7h63cV j1uVLCKyw3IXCRyN5ST2pB8Gl0ztaBh5V6RqfUEMZ54edYUzZhZRvl38nYJHrRkF9qLF otaaK7iUE1Go5WfYxFqKwEcXapx0HJaWy/iOUC/mYiUQ+I9Nljrg46wLBenDtwNgw37r eb5ZsDt04pmf9TJyFiiPjvRxwlDOgF4NAA85vLlL4oyTP6ViFSey+5KUOZdsHHbPGY44 6Vhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774076059; x=1774680859; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=kGQQXI1iMDOQW7zjWSA3/NeC4tENFjL25ABxgm3fCbk=; b=UJ7rqla/glZis4uKmlD2xF5AtoJKRhL/tj+mpyC01+BvHNzXSNC6rbz6GfWdw9Lv0J 6Nn7LOymjg39qYRljQ7fjs7JPlG5LsaMo0o0Dna7q9p6GVkmZIgw7MWfKIMNefsFr5c0 pzvkWI0Xx9Z7ZWMQsNUktvnRwYrku0sWobYOPzda+ioAJ1d1ocqP/OFP62g7hAO/8BBg 7E4JhcphGJbolyv3Ul3CGen9VoiF3YcGdIUNyCvCeKj8KFGG6OwP7xLczSnmaIsAzyq+ EOhJVsl3rpWgfa2HdL7qha7Jm1c0G+6ffV5viXPFILDOvEewaoaUTfbLyxwvbGXxjqvd Gl7g== X-Forwarded-Encrypted: i=1; AJvYcCUbruH0V5eGGNDyQ0GQOL2Dc7SErNZPfUteX0wGoagkjTfB2+rppZj+vR6FYML3ckUbu0vqOGenSz0AtoY=@vger.kernel.org X-Gm-Message-State: AOJu0Yy9ayp+6IWxLdNmkYZyeGJzWvg/fq9GutzdquGHuEI+gPXeQisU dzDwqXPrzdy6zFbT5mVbBilDsHMVS3PcKUmTSAcaCl681EE2odah24M3y1OA4g== X-Gm-Gg: ATEYQzwrLFUD+WBYf+fzgivXtR2P6jWs/9ZmI8XiwapQnjZvhna85SSrD+CvD/lRlHT q320pHUTLcHXlj8XUjDcUNDKy1bs1EfseDewAZ7IT0OKMN4JcOpjUiMc0aJyMCWb1e0q4di+QBQ knPDxG05fnd2mFT94iItMNkQ13BeAAQiala5vpe62nEa/qYAvwvq7HS8hzjgPLr10yEelPdlSMa tpbWqdJX/+//UF2hw7yN67gmoUSGMkCgOu8+e8ElQuJyn7wT28N34AcQAB4sfFzyvec28664LzA sYxpNP2pKohQbSxnU87jN8gGNX7HihjNlVzLdQzGuyxIsS5VBQt5SKmKDN1oetbGSgBWlyLzPed 1MS3cWPn5YMnCRq9Yc5vJ4w+Vf/s4J+nN0a2Ca1UIhlhQvjZIsoBehuRI0InriFZskKYT0KrCxk Xk1NwcTFeVDSuVlx3d3dGG X-Received: by 2002:a05:6a20:401d:b0:39b:e0f4:322e with SMTP id adf61e73a8af0-39be0f44141mr2372219637.62.1774076058629; Fri, 20 Mar 2026 23:54:18 -0700 (PDT) Received: from rockpi-5b ([45.112.0.200]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c74456fbfb0sm3188114a12.29.2026.03.20.23.54.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Mar 2026 23:54:17 -0700 (PDT) From: Anand Moon To: Neil Armstrong , Mauro Carvalho Chehab , Greg Kroah-Hartman , Kevin Hilman , Jerome Brunet , Martin Blumenstingl , Maxime Jourdan , Hans Verkuil , linux-media@vger.kernel.org (open list:MESON VIDEO DECODER DRIVER FOR AMLOGIC SOCS), linux-amlogic@lists.infradead.org (open list:MESON VIDEO DECODER DRIVER FOR AMLOGIC SOCS), linux-staging@lists.linux.dev (open list:STAGING SUBSYSTEM), linux-arm-kernel@lists.infradead.org (moderated list:ARM/Amlogic Meson SoC support), linux-kernel@vger.kernel.org (open list) Cc: Anand Moon , Nicolas Dufresne Subject: [PATCH v2] media: meson: vdec: Fix memory leak in error path of vdec_open Date: Sat, 21 Mar 2026 12:24:06 +0530 Message-ID: <20260321065408.209723-1-linux.amoon@gmail.com> X-Mailer: git-send-email 2.50.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The vdec_open and vdec_close functions in the Meson VDEC driver failed to release several resources, leading to memory leaks and potential use-after-free scenarios. This patch addresses: - Missing v4l2_ctrl_handler_free() in both the close path and error exit of the open path, preventing control memory leaks. - A leak of the M2M context if vdec_init_ctrls() failed. The error labels in vdec_open() have been reordered to ensure a proper Last-In-First-Out (LIFO) teardown of all initialized resources. This was identified via kmemleak: unreferenced object 0xffff0000205d6878 (size 8): comm "v4l_id", pid 5289, jiffies 4294938580 hex dump (first 8 bytes): 40 d2 49 18 00 00 ff ff @.I..... backtrace (crc d3204599): kmemleak_alloc+0xc8/0xf0 __kvmalloc_node_noprof+0x60c/0x850 v4l2_ctrl_handler_init_class+0x1b4/0x2e8 [videodev] vdec_open+0x1f4/0x788 [meson_vdec] v4l2_open+0x144/0x460 [videodev] chrdev_open+0x1ac/0x500 do_dentry_open+0x3f0/0xfe8 vfs_open+0x68/0x320 do_open+0x2d8/0x9a8 path_openat+0x1d0/0x4f0 do_filp_open+0x190/0x380 do_sys_openat2+0xf8/0x1b0 __arm64_sys_openat+0x13c/0x1e8 invoke_syscall+0xdc/0x268 el0_svc_common.constprop.0+0x178/0x258 do_el0_svc+0x4c/0x70 Cc: Nicolas Dufresne Fixes: 3e7f51bd9607 ("media: meson: add v4l2 m2m video decoder driver") Signed-off-by: Anand Moon --- v1: https://lore.kernel.org/all/20260304100557.126488-1-linux.amoon@gmail.c= om/ tried to address the issue reported by Nicolas improve the commit message. --- drivers/staging/media/meson/vdec/vdec.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/staging/media/meson/vdec/vdec.c b/drivers/staging/medi= a/meson/vdec/vdec.c index 4b77ec1af5a76..3a5e4ebe0b34c 100644 --- a/drivers/staging/media/meson/vdec/vdec.c +++ b/drivers/staging/media/meson/vdec/vdec.c @@ -877,7 +877,7 @@ static int vdec_open(struct file *file) if (IS_ERR(sess->m2m_dev)) { dev_err(dev, "Fail to v4l2_m2m_init\n"); ret =3D PTR_ERR(sess->m2m_dev); - goto err_free_sess; + goto err_m2m_release; } =20 sess->m2m_ctx =3D v4l2_m2m_ctx_init(sess->m2m_dev, sess, m2m_queue_init); @@ -889,7 +889,7 @@ static int vdec_open(struct file *file) =20 ret =3D vdec_init_ctrls(sess); if (ret) - goto err_m2m_release; + goto err_m2m_ctx_release; =20 sess->pixfmt_cap =3D formats[0].pixfmts_cap[0]; sess->fmt_out =3D &formats[0]; @@ -913,9 +913,11 @@ static int vdec_open(struct file *file) =20 return 0; =20 +err_m2m_ctx_release: + v4l2_m2m_ctx_release(sess->m2m_ctx); err_m2m_release: v4l2_m2m_release(sess->m2m_dev); -err_free_sess: + v4l2_ctrl_handler_free(&sess->ctrl_handler); kfree(sess); return ret; } @@ -926,6 +928,7 @@ static int vdec_close(struct file *file) =20 v4l2_m2m_ctx_release(sess->m2m_ctx); v4l2_m2m_release(sess->m2m_dev); + v4l2_ctrl_handler_free(&sess->ctrl_handler); v4l2_fh_del(&sess->fh, file); v4l2_fh_exit(&sess->fh); =20 base-commit: a0c83177734ab98623795e1ba2cf4b72c23de5e7 --=20 2.50.1