xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libertas: move firmware lifetime handling to firmware.c

Browse Source 
Previously, each bus type was responsible for freeing the firmware
structure, but some did that badly.  Move responsibility for freeing
firmware into firmware.c so that it's done once and correctly, instead
of happening in multiple places in bus-specific code.

This fixes a use-after-free bug found by Dr. H. Nikolaus Schaller where
the SDIO code forgot to NULL priv->helper_fw after freeing it.

Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Dan Williams
2013-10-14 17:51:55 -05:00
committed by John W. Linville
parent e07f01e4c7
commit 1dfba3060f
5 changed files with 16 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
drivers/net/wireless/libertas/firmware.c
View File

@@ -53,6 +53,11 @@ static void main_firmware_cb(const struct firmware *firmware, void *context)
/* Firmware found! */
lbs_fw_loaded(priv, 0, priv->helper_fw, firmware);
if (priv->helper_fw) {
release_firmware (priv->helper_fw);
priv->helper_fw = NULL;
}
release_firmware (firmware);
}
static void helper_firmware_cb(const struct firmware *firmware, void *context)