diff --git a/debian/changelog b/debian/changelog index f0af2056d..4fae2fa51 100644 --- a/debian/changelog +++ b/debian/changelog @@ -30,6 +30,8 @@ linux (4.12.6-1) UNRELEASED; urgency=medium * debian/control: Fix version in dependencies on arch-independent linux-headers-*-common* (Closes: #869511) * xfrm: policy: check policy direction value (CVE-2017-11600) + * rtlwifi: Fix memory leak when firmware request fails + * rtlwifi: Fix fallback firmware loading (Closes: #869084) [ Salvatore Bonaccorso ] * packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111) diff --git a/debian/patches/bugfix/all/rtlwifi-fix-fallback-firmware-loading.patch b/debian/patches/bugfix/all/rtlwifi-fix-fallback-firmware-loading.patch new file mode 100644 index 000000000..cbe3d4ae7 --- /dev/null +++ b/debian/patches/bugfix/all/rtlwifi-fix-fallback-firmware-loading.patch @@ -0,0 +1,90 @@ +From: Sven Joachim +Date: Mon, 31 Jul 2017 18:10:45 +0200 +Subject: rtlwifi: Fix fallback firmware loading +Origin: https://git.kernel.org/linus/1d9b168d8ea9a0f51947d0e2f84856e77d2fe7ff +Bug-Debian: https://bugs.debian.org/869084 + +Commit f70e4df2b384 ("rtlwifi: Add code to read new versions of +firmware") added code to load an old firmware file if the new one is +not available. Unfortunately that code is never reached because +request_firmware_nowait() does not wait for the firmware to show up +and returns 0 even if the file is not there. + +Use the existing fallback mechanism introduced by commit 62009b7f1279 +("rtlwifi: rtl8192cu: Add new firmware") instead. + +Fixes: f70e4df2b384 ("rtlwifi: Add code to read new versions of firmware") +Cc: stable@vger.kernel.org +Signed-off-by: Sven Joachim +Signed-off-by: Kalle Valo +--- + drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c | 17 +++++------------ + drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c | 17 +++++------------ + 2 files changed, 10 insertions(+), 24 deletions(-) + +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c +@@ -187,18 +187,10 @@ int rtl8723be_init_sw_vars(struct ieee80 + rtlpriv->io.dev, GFP_KERNEL, hw, + rtl_fw_cb); + if (err) { +- /* Failed to get firmware. Check if old version available */ +- fw_name = "rtlwifi/rtl8723befw.bin"; +- pr_info("Using firmware %s\n", fw_name); +- err = request_firmware_nowait(THIS_MODULE, 1, fw_name, +- rtlpriv->io.dev, GFP_KERNEL, hw, +- rtl_fw_cb); +- if (err) { +- pr_err("Failed to request firmware!\n"); +- vfree(rtlpriv->rtlhal.pfirmware); +- rtlpriv->rtlhal.pfirmware = NULL; +- return 1; +- } ++ pr_err("Failed to request firmware!\n"); ++ vfree(rtlpriv->rtlhal.pfirmware); ++ rtlpriv->rtlhal.pfirmware = NULL; ++ return 1; + } + return 0; + } +@@ -289,6 +281,7 @@ static const struct rtl_hal_cfg rtl8723b + .bar_id = 2, + .write_readback = true, + .name = "rtl8723be_pci", ++ .alt_fw_name = "rtlwifi/rtl8723befw.bin", + .ops = &rtl8723be_hal_ops, + .mod_params = &rtl8723be_mod_params, + .maps[SYS_ISO_CTRL] = REG_SYS_ISO_CTRL, +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c +@@ -216,18 +216,10 @@ int rtl8821ae_init_sw_vars(struct ieee80 + rtlpriv->io.dev, GFP_KERNEL, hw, + rtl_fw_cb); + if (err) { +- /* Failed to get firmware. Check if old version available */ +- fw_name = "rtlwifi/rtl8821aefw.bin"; +- pr_info("Using firmware %s\n", fw_name); +- err = request_firmware_nowait(THIS_MODULE, 1, fw_name, +- rtlpriv->io.dev, GFP_KERNEL, hw, +- rtl_fw_cb); +- if (err) { +- pr_err("Failed to request normal firmware!\n"); +- vfree(rtlpriv->rtlhal.wowlan_firmware); +- vfree(rtlpriv->rtlhal.pfirmware); +- return 1; +- } ++ pr_err("Failed to request normal firmware!\n"); ++ vfree(rtlpriv->rtlhal.wowlan_firmware); ++ vfree(rtlpriv->rtlhal.pfirmware); ++ return 1; + } + /*load wowlan firmware*/ + pr_info("Using firmware %s\n", wowlan_fw_name); +@@ -331,6 +323,7 @@ static const struct rtl_hal_cfg rtl8821a + .bar_id = 2, + .write_readback = true, + .name = "rtl8821ae_pci", ++ .alt_fw_name = "rtlwifi/rtl8821aefw.bin", + .ops = &rtl8821ae_hal_ops, + .mod_params = &rtl8821ae_mod_params, + .maps[SYS_ISO_CTRL] = REG_SYS_ISO_CTRL, diff --git a/debian/patches/bugfix/all/rtlwifi-fix-memory-leak-when-firmware-request-fails.patch b/debian/patches/bugfix/all/rtlwifi-fix-memory-leak-when-firmware-request-fails.patch new file mode 100644 index 000000000..54c9a6ba4 --- /dev/null +++ b/debian/patches/bugfix/all/rtlwifi-fix-memory-leak-when-firmware-request-fails.patch @@ -0,0 +1,142 @@ +From: Souptick Joarder +Date: Wed, 5 Jul 2017 19:55:06 +0530 +Subject: rtlwifi: Fix memory leak when firmware request fails +Origin: https://git.kernel.org/linus/f2764f61fa10593204b0c5e4e9a68dba02112e50 +Bug-Debian: https://bugs.debian.org/869084 + +This patch will fix memory leak when firmware request fails + +Signed-off-by: Souptick Joarder +Acked-by: Larry Finger +Signed-off-by: Kalle Valo +--- + drivers/net/wireless/realtek/rtlwifi/rtl8188ee/sw.c | 2 ++ + drivers/net/wireless/realtek/rtlwifi/rtl8192ce/sw.c | 2 ++ + drivers/net/wireless/realtek/rtlwifi/rtl8192cu/sw.c | 4 ++++ + drivers/net/wireless/realtek/rtlwifi/rtl8192de/sw.c | 2 ++ + drivers/net/wireless/realtek/rtlwifi/rtl8192ee/sw.c | 2 ++ + drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 2 ++ + drivers/net/wireless/realtek/rtlwifi/rtl8723ae/sw.c | 2 ++ + drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c | 2 ++ + drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c | 6 ++++++ + 9 files changed, 24 insertions(+) + +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8188ee/sw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8188ee/sw.c +@@ -175,6 +175,8 @@ int rtl88e_init_sw_vars(struct ieee80211 + rtl_fw_cb); + if (err) { + pr_info("Failed to request firmware!\n"); ++ vfree(rtlpriv->rtlhal.pfirmware); ++ rtlpriv->rtlhal.pfirmware = NULL; + return 1; + } + +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192ce/sw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192ce/sw.c +@@ -176,6 +176,8 @@ int rtl92c_init_sw_vars(struct ieee80211 + rtl_fw_cb); + if (err) { + pr_err("Failed to request firmware!\n"); ++ vfree(rtlpriv->rtlhal.pfirmware); ++ rtlpriv->rtlhal.pfirmware = NULL; + return 1; + } + +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/sw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/sw.c +@@ -85,6 +85,10 @@ static int rtl92cu_init_sw_vars(struct i + err = request_firmware_nowait(THIS_MODULE, 1, + fw_name, rtlpriv->io.dev, + GFP_KERNEL, hw, rtl_fw_cb); ++ if (err) { ++ vfree(rtlpriv->rtlhal.pfirmware); ++ rtlpriv->rtlhal.pfirmware = NULL; ++ } + return err; + } + +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192de/sw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192de/sw.c +@@ -183,6 +183,8 @@ static int rtl92d_init_sw_vars(struct ie + rtl_fw_cb); + if (err) { + pr_err("Failed to request firmware!\n"); ++ vfree(rtlpriv->rtlhal.pfirmware); ++ rtlpriv->rtlhal.pfirmware = NULL; + return 1; + } + +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/sw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192ee/sw.c +@@ -177,6 +177,8 @@ int rtl92ee_init_sw_vars(struct ieee8021 + rtl_fw_cb); + if (err) { + pr_err("Failed to request firmware!\n"); ++ vfree(rtlpriv->rtlhal.pfirmware); ++ rtlpriv->rtlhal.pfirmware = NULL; + return 1; + } + +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c +@@ -215,6 +215,8 @@ static int rtl92s_init_sw_vars(struct ie + rtl92se_fw_cb); + if (err) { + pr_err("Failed to request firmware!\n"); ++ vfree(rtlpriv->rtlhal.pfirmware); ++ rtlpriv->rtlhal.pfirmware = NULL; + return 1; + } + +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/sw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/sw.c +@@ -184,6 +184,8 @@ int rtl8723e_init_sw_vars(struct ieee802 + rtl_fw_cb); + if (err) { + pr_err("Failed to request firmware!\n"); ++ vfree(rtlpriv->rtlhal.pfirmware); ++ rtlpriv->rtlhal.pfirmware = NULL; + return 1; + } + return 0; +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c +@@ -195,6 +195,8 @@ int rtl8723be_init_sw_vars(struct ieee80 + rtl_fw_cb); + if (err) { + pr_err("Failed to request firmware!\n"); ++ vfree(rtlpriv->rtlhal.pfirmware); ++ rtlpriv->rtlhal.pfirmware = NULL; + return 1; + } + } +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c +@@ -196,6 +196,8 @@ int rtl8821ae_init_sw_vars(struct ieee80 + rtlpriv->rtlhal.wowlan_firmware = vzalloc(0x8000); + if (!rtlpriv->rtlhal.wowlan_firmware) { + pr_err("Can't alloc buffer for wowlan fw.\n"); ++ vfree(rtlpriv->rtlhal.pfirmware); ++ rtlpriv->rtlhal.pfirmware = NULL; + return 1; + } + +@@ -222,6 +224,8 @@ int rtl8821ae_init_sw_vars(struct ieee80 + rtl_fw_cb); + if (err) { + pr_err("Failed to request normal firmware!\n"); ++ vfree(rtlpriv->rtlhal.wowlan_firmware); ++ vfree(rtlpriv->rtlhal.pfirmware); + return 1; + } + } +@@ -233,6 +237,8 @@ int rtl8821ae_init_sw_vars(struct ieee80 + rtl_wowlan_fw_cb); + if (err) { + pr_err("Failed to request wowlan firmware!\n"); ++ vfree(rtlpriv->rtlhal.wowlan_firmware); ++ vfree(rtlpriv->rtlhal.pfirmware); + return 1; + } + return 0; diff --git a/debian/patches/series b/debian/patches/series index f8f438078..482a2dc8e 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -83,6 +83,8 @@ bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch +bugfix/all/rtlwifi-fix-memory-leak-when-firmware-request-fails.patch +bugfix/all/rtlwifi-fix-fallback-firmware-loading.patch # Miscellaneous features