Ming Qian 8cd35ceadc media: amphion: Fix race between m2m job_abort and device_run ... Fix kernel panic caused by race condition where v4l2_m2m_ctx_release() frees m2m_ctx while v4l2_m2m_try_run() is about to call device_run with the same context. Race sequence: v4l2_m2m_try_run(): v4l2_m2m_ctx_release(): lock/unlock v4l2_m2m_cancel_job() job_abort() v4l2_m2m_job_finish() kfree(m2m_ctx) <- frees ctx device_run() <- use-after-free crash at 0x538 Crash trace: Unable to handle kernel read from unreadable memory at virtual address 0000000000000538 v4l2_m2m_try_run+0x78/0x138 v4l2_m2m_device_run_work+0x14/0x20 The amphion vpu driver does not rely on the m2m framework's device_run callback to perform encode/decode operations. Fix the race by preventing m2m framework job scheduling entirely: - Add job_ready callback returning 0 (no jobs ready for m2m framework) - Remove job_abort callback to avoid the race condition Fixes: 3cd084519c ("media: amphion: add vpu v4l2 m2m support") Cc: stable@vger.kernel.org Signed-off-by: Ming Qian <ming.qian@oss.nxp.com> Reviewed-by: Nicolas Dufresne <nicolas.dufresne@collabora.com> Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>		2026-03-23 11:18:34 +01:00
..
Kconfig	media: platform: amphion: Fix build error without MAILBOX	2022-03-18 06:03:40 +01:00
Makefile
vdec.c	Convert 'alloc_obj' family to use the new default GFP_KERNEL argument	2026-02-21 17:09:51 -08:00
venc.c	Convert 'alloc_obj' family to use the new default GFP_KERNEL argument	2026-02-21 17:09:51 -08:00
vpu_cmds.c	Convert 'alloc_obj' family to use the new default GFP_KERNEL argument	2026-02-21 17:09:51 -08:00
vpu_cmds.h	media: amphion: implement vpu core communication based on mailbox	2022-03-07 17:13:33 +01:00
vpu_codec.h	media: amphion: decoder implement display delay enable	2023-03-19 22:54:56 +01:00
vpu_color.c	media: amphion: Remove unused functions	2025-06-17 10:35:17 +02:00
vpu_core.c	media: amphion: Use kmalloc instead of vmalloc	2026-01-13 09:41:59 +01:00
vpu_core.h	media: amphion: fix a bug that vpu core may not resume after suspend	2022-08-30 15:27:51 +02:00
vpu_dbg.c	media: amphion: Support dmabuf and v4l2 buffer without binding	2025-07-12 08:34:48 +02:00
vpu_defs.h	media: amphion: Add H264 and HEVC profile and level control	2025-06-20 12:39:54 +02:00
vpu_drv.c	media: amphion: Remove dummy PM handling	2025-11-03 15:58:41 +01:00
vpu_helpers.c	media: amphion: Add H264 and HEVC profile and level control	2025-06-20 12:39:54 +02:00
vpu_helpers.h	media: amphion: Add H264 and HEVC profile and level control	2025-06-20 12:39:54 +02:00
vpu_imx8q.c	media: amphion: fix some issues to improve robust	2022-03-18 07:32:10 +01:00
vpu_imx8q.h	media: amphion: fix some issues to improve robust	2022-03-18 07:32:10 +01:00
vpu_malone.c	media: amphion: Remove vpu_vb_is_codecconfig	2025-10-20 09:23:17 +02:00
vpu_malone.h	media: amphion: support to decode RealVideo video	2023-04-10 14:09:35 +01:00
vpu_mbox.c	media: amphion: Remove unused functions	2025-06-17 10:35:17 +02:00
vpu_mbox.h	media: amphion: Remove unused functions	2025-06-17 10:35:17 +02:00
vpu_msgs.c	media: amphion: handle firmware debug message	2023-10-07 10:55:44 +02:00
vpu_msgs.h	media: amphion: implement vpu core communication based on mailbox	2022-03-07 17:13:33 +01:00
vpu_rpc.c	media: Explicitly include correct DT includes	2023-07-19 12:57:51 +02:00
vpu_rpc.h	media: amphion: only insert the first sequence startcode for vc1l format	2022-07-08 18:18:49 +01:00
vpu_v4l2.c	media: amphion: Fix race between m2m job_abort and device_run	2026-03-23 11:18:34 +01:00
vpu_v4l2.h	media: amphion: Remove vpu_vb_is_codecconfig	2025-10-20 09:23:17 +02:00
vpu_windsor.c	media: amphion: Report the average QP of current encoded frame	2024-06-10 10:24:30 +02:00
vpu_windsor.h	media: amphion: implement windsor encoder rpc interface	2022-03-07 17:13:33 +01:00
vpu.h	media: Replace file->private_data access with file_to_v4l2_fh()	2025-08-13 08:33:25 +02:00