git.monstr.eu Git - linux-2.6-microblaze.git/commit

author	Pavel Skripkin <paskripkin@gmail.com>
	Wed, 21 Jul 2021 19:34:47 +0000 (22:34 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 27 Jul 2021 13:15:24 +0000 (15:15 +0200)
commit	e9e6aa51b2735d83a67d9fa0119cf11abef80d99
tree	d6bcb31c49b720bd17ff5e0b6161f65366cc64a6	tree \| snapshot
parent	9be550ee43919b070bcd77f9228bdbbbc073245b	commit \| diff

staging: rtl8712: error handling refactoring

There was strange error handling logic in case of fw load failure. For
some reason fw loader callback was doing clean up stuff when fw is not
available. I don't see any reason behind doing this. Since this driver
doesn't have EEPROM firmware let's just disconnect it in case of fw load
failure. Doing clean up stuff in 2 different place which can run
concurently is not good idea and syzbot found 2 bugs related to this
strange approach.

So, in this pacth I deleted all clean up code from fw callback and made
a call to device_release_driver() under device_lock(parent) in case of fw
load failure. This approach is more generic and it defend driver from UAF
bugs, since all clean up code is moved to one place.

Fixes: e02a3b945816 ("staging: rtl8712: fix memory leak in rtl871x_load_fw_cb")
Fixes: 8c213fa59199 ("staging: r8712u: Use asynchronous firmware loading")
Cc: stable <stable@vger.kernel.org>
Reported-and-tested-by: syzbot+5872a520e0ce0a7c7230@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+cc699626e48a6ebaf295@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Link: https://lore.kernel.org/r/d49ecc56e97c4df181d7bd4d240b031f315eacc3.1626895918.git.paskripkin@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/staging/rtl8712/hal_init.c		diff \| blob \| history
drivers/staging/rtl8712/usb_intf.c		diff \| blob \| history