rtlwifi: Fix firmware loading bugs (Closes: #869084)

2017-08-12 21:44:43 +01:00 · 2017-08-12 21:44:43 +01:00 · 831ae89c56
parent 3b32a0551f
commit 831ae89c56
4 changed files with 236 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -30,6 +30,8 @@ linux (4.12.6-1) UNRELEASED; urgency=medium
  * debian/control: Fix version in dependencies on arch-independent
    linux-headers-*-common* (Closes: #869511)
  * xfrm: policy: check policy direction value (CVE-2017-11600)
+  * rtlwifi: Fix memory leak when firmware request fails
+  * rtlwifi: Fix fallback firmware loading (Closes: #869084)

  [ Salvatore Bonaccorso ]
  * packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111)
--- a/debian/patches/bugfix/all/rtlwifi-fix-fallback-firmware-loading.patch
+++ b/debian/patches/bugfix/all/rtlwifi-fix-fallback-firmware-loading.patch
@ -0,0 +1,90 @@
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 31 Jul 2017 18:10:45 +0200
+Subject: rtlwifi: Fix fallback firmware loading
+Origin: https://git.kernel.org/linus/1d9b168d8ea9a0f51947d0e2f84856e77d2fe7ff
+Bug-Debian: https://bugs.debian.org/869084
+
+Commit f70e4df2b384 ("rtlwifi: Add code to read new versions of
+firmware") added code to load an old firmware file if the new one is
+not available.  Unfortunately that code is never reached because
+request_firmware_nowait() does not wait for the firmware to show up
+and returns 0 even if the file is not there.
+
+Use the existing fallback mechanism introduced by commit 62009b7f1279
+("rtlwifi: rtl8192cu: Add new firmware") instead.
+
+Fixes: f70e4df2b384 ("rtlwifi: Add code to read new versions of firmware")
+Cc: stable@vger.kernel.org
+Signed-off-by: Sven Joachim <svenjoac@gmx.de>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c | 17 +++++------------
+ drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c | 17 +++++------------
+ 2 files changed, 10 insertions(+), 24 deletions(-)
+
+--- a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c
+@@ -187,18 +187,10 @@ int rtl8723be_init_sw_vars(struct ieee80
+ 				      rtlpriv->io.dev, GFP_KERNEL, hw,
+ 				      rtl_fw_cb);
+ 	if (err) {
+-		/* Failed to get firmware. Check if old version available */
+-		fw_name = "rtlwifi/rtl8723befw.bin";
+-		pr_info("Using firmware %s\n", fw_name);
+-		err = request_firmware_nowait(THIS_MODULE, 1, fw_name,
+-					      rtlpriv->io.dev, GFP_KERNEL, hw,
+-					      rtl_fw_cb);
+-		if (err) {
+-			pr_err("Failed to request firmware!\n");
+-			vfree(rtlpriv->rtlhal.pfirmware);
+-			rtlpriv->rtlhal.pfirmware = NULL;
+-			return 1;
+-		}
+		pr_err("Failed to request firmware!\n");
+		vfree(rtlpriv->rtlhal.pfirmware);
+		rtlpriv->rtlhal.pfirmware = NULL;
+		return 1;
+ 	}
+ 	return 0;
+ }
+@@ -289,6 +281,7 @@ static const struct rtl_hal_cfg rtl8723b
+ 	.bar_id = 2,
+ 	.write_readback = true,
+ 	.name = "rtl8723be_pci",
+	.alt_fw_name = "rtlwifi/rtl8723befw.bin",
+ 	.ops = &rtl8723be_hal_ops,
+ 	.mod_params = &rtl8723be_mod_params,
+ 	.maps[SYS_ISO_CTRL] = REG_SYS_ISO_CTRL,
+--- a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c
+@@ -216,18 +216,10 @@ int rtl8821ae_init_sw_vars(struct ieee80
+ 				      rtlpriv->io.dev, GFP_KERNEL, hw,
+ 				      rtl_fw_cb);
+ 	if (err) {
+-		/* Failed to get firmware. Check if old version available */
+-		fw_name = "rtlwifi/rtl8821aefw.bin";
+-		pr_info("Using firmware %s\n", fw_name);
+-		err = request_firmware_nowait(THIS_MODULE, 1, fw_name,
+-					      rtlpriv->io.dev, GFP_KERNEL, hw,
+-					      rtl_fw_cb);
+-		if (err) {
+-			pr_err("Failed to request normal firmware!\n");
+-			vfree(rtlpriv->rtlhal.wowlan_firmware);
+-			vfree(rtlpriv->rtlhal.pfirmware);
+-			return 1;
+-		}
+		pr_err("Failed to request normal firmware!\n");
+		vfree(rtlpriv->rtlhal.wowlan_firmware);
+		vfree(rtlpriv->rtlhal.pfirmware);
+		return 1;
+ 	}
+ 	/*load wowlan firmware*/
+ 	pr_info("Using firmware %s\n", wowlan_fw_name);
+@@ -331,6 +323,7 @@ static const struct rtl_hal_cfg rtl8821a
+ 	.bar_id = 2,
+ 	.write_readback = true,
+ 	.name = "rtl8821ae_pci",
+	.alt_fw_name = "rtlwifi/rtl8821aefw.bin",
+ 	.ops = &rtl8821ae_hal_ops,
+ 	.mod_params = &rtl8821ae_mod_params,
+ 	.maps[SYS_ISO_CTRL] = REG_SYS_ISO_CTRL,
--- a/debian/patches/bugfix/all/rtlwifi-fix-memory-leak-when-firmware-request-fails.patch
+++ b/debian/patches/bugfix/all/rtlwifi-fix-memory-leak-when-firmware-request-fails.patch
@ -0,0 +1,142 @@
+From: Souptick Joarder <jrdr.linux@gmail.com>
+Date: Wed, 5 Jul 2017 19:55:06 +0530
+Subject: rtlwifi: Fix memory leak when firmware request fails
+Origin: https://git.kernel.org/linus/f2764f61fa10593204b0c5e4e9a68dba02112e50
+Bug-Debian: https://bugs.debian.org/869084
+
+This patch will fix memory leak when firmware request fails
+
+Signed-off-by: Souptick Joarder <jrdr.linux@gmail.com>
+Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/realtek/rtlwifi/rtl8188ee/sw.c | 2 ++
+ drivers/net/wireless/realtek/rtlwifi/rtl8192ce/sw.c | 2 ++
+ drivers/net/wireless/realtek/rtlwifi/rtl8192cu/sw.c | 4 ++++
+ drivers/net/wireless/realtek/rtlwifi/rtl8192de/sw.c | 2 ++
+ drivers/net/wireless/realtek/rtlwifi/rtl8192ee/sw.c | 2 ++
+ drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 2 ++
+ drivers/net/wireless/realtek/rtlwifi/rtl8723ae/sw.c | 2 ++
+ drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c | 2 ++
+ drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c | 6 ++++++
+ 9 files changed, 24 insertions(+)
+
+--- a/drivers/net/wireless/realtek/rtlwifi/rtl8188ee/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8188ee/sw.c
+@@ -175,6 +175,8 @@ int rtl88e_init_sw_vars(struct ieee80211
+ 				      rtl_fw_cb);
+ 	if (err) {
+ 		pr_info("Failed to request firmware!\n");
+		vfree(rtlpriv->rtlhal.pfirmware);
+		rtlpriv->rtlhal.pfirmware = NULL;
+ 		return 1;
+ 	}
+ 
+--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192ce/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192ce/sw.c
+@@ -176,6 +176,8 @@ int rtl92c_init_sw_vars(struct ieee80211
+ 				      rtl_fw_cb);
+ 	if (err) {
+ 		pr_err("Failed to request firmware!\n");
+		vfree(rtlpriv->rtlhal.pfirmware);
+		rtlpriv->rtlhal.pfirmware = NULL;
+ 		return 1;
+ 	}
+ 
+--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/sw.c
+@@ -85,6 +85,10 @@ static int rtl92cu_init_sw_vars(struct i
+ 	err = request_firmware_nowait(THIS_MODULE, 1,
+ 				      fw_name, rtlpriv->io.dev,
+ 				      GFP_KERNEL, hw, rtl_fw_cb);
+	if (err) {
+		vfree(rtlpriv->rtlhal.pfirmware);
+		rtlpriv->rtlhal.pfirmware = NULL;
+	}
+ 	return err;
+ }
+ 
+--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192de/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192de/sw.c
+@@ -183,6 +183,8 @@ static int rtl92d_init_sw_vars(struct ie
+ 				      rtl_fw_cb);
+ 	if (err) {
+ 		pr_err("Failed to request firmware!\n");
+		vfree(rtlpriv->rtlhal.pfirmware);
+		rtlpriv->rtlhal.pfirmware = NULL;
+ 		return 1;
+ 	}
+ 
+--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/sw.c
+@@ -177,6 +177,8 @@ int rtl92ee_init_sw_vars(struct ieee8021
+ 				      rtl_fw_cb);
+ 	if (err) {
+ 		pr_err("Failed to request firmware!\n");
+		vfree(rtlpriv->rtlhal.pfirmware);
+		rtlpriv->rtlhal.pfirmware = NULL;
+ 		return 1;
+ 	}
+ 
+--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c
+@@ -215,6 +215,8 @@ static int rtl92s_init_sw_vars(struct ie
+ 				      rtl92se_fw_cb);
+ 	if (err) {
+ 		pr_err("Failed to request firmware!\n");
+		vfree(rtlpriv->rtlhal.pfirmware);
+		rtlpriv->rtlhal.pfirmware = NULL;
+ 		return 1;
+ 	}
+ 
+--- a/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/sw.c
+@@ -184,6 +184,8 @@ int rtl8723e_init_sw_vars(struct ieee802
+ 				      rtl_fw_cb);
+ 	if (err) {
+ 		pr_err("Failed to request firmware!\n");
+		vfree(rtlpriv->rtlhal.pfirmware);
+		rtlpriv->rtlhal.pfirmware = NULL;
+ 		return 1;
+ 	}
+ 	return 0;
+--- a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c
+@@ -195,6 +195,8 @@ int rtl8723be_init_sw_vars(struct ieee80
+ 					      rtl_fw_cb);
+ 		if (err) {
+ 			pr_err("Failed to request firmware!\n");
+			vfree(rtlpriv->rtlhal.pfirmware);
+			rtlpriv->rtlhal.pfirmware = NULL;
+ 			return 1;
+ 		}
+ 	}
+--- a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c
+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c
+@@ -196,6 +196,8 @@ int rtl8821ae_init_sw_vars(struct ieee80
+ 	rtlpriv->rtlhal.wowlan_firmware = vzalloc(0x8000);
+ 	if (!rtlpriv->rtlhal.wowlan_firmware) {
+ 		pr_err("Can't alloc buffer for wowlan fw.\n");
+		vfree(rtlpriv->rtlhal.pfirmware);
+		rtlpriv->rtlhal.pfirmware = NULL;
+ 		return 1;
+ 	}
+ 
+@@ -222,6 +224,8 @@ int rtl8821ae_init_sw_vars(struct ieee80
+ 					      rtl_fw_cb);
+ 		if (err) {
+ 			pr_err("Failed to request normal firmware!\n");
+			vfree(rtlpriv->rtlhal.wowlan_firmware);
+			vfree(rtlpriv->rtlhal.pfirmware);
+ 			return 1;
+ 		}
+ 	}
+@@ -233,6 +237,8 @@ int rtl8821ae_init_sw_vars(struct ieee80
+ 				      rtl_wowlan_fw_cb);
+ 	if (err) {
+ 		pr_err("Failed to request wowlan firmware!\n");
+		vfree(rtlpriv->rtlhal.wowlan_firmware);
+		vfree(rtlpriv->rtlhal.pfirmware);
+ 		return 1;
+ 	}
+ 	return 0;
--- a/debian/patches/series
+++ b/debian/patches/series
@ -83,6 +83,8 @@ bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
 bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch
 bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch
 bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
+bugfix/all/rtlwifi-fix-memory-leak-when-firmware-request-fails.patch
+bugfix/all/rtlwifi-fix-fallback-firmware-loading.patch

 # Miscellaneous features