| Message ID | 20241107133322.855112-1-cascardo@igalia.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | wifi: rtlwifi: usb probe error path fixes | expand |
Thadeu Lima de Souza Cascardo <cascardo@igalia.com> wrote: > These are fixes that affect mostly the usb probe error path. It fixes UAF > due to firmware loading touching freed memory by waiting for the load > completion before releasing that memory. It also fixes a couple of > identified memory leaks. This goes via wireless tree, not net. Just send to linux-wireless (you have done). No need "net" in patch subject. I would quickly check if you did really encounter problems and have tested this patchset with real hardware?
On Fri, Nov 08, 2024 at 01:41:45AM +0000, Ping-Ke Shih wrote: > Thadeu Lima de Souza Cascardo <cascardo@igalia.com> wrote: > > These are fixes that affect mostly the usb probe error path. It fixes UAF > > due to firmware loading touching freed memory by waiting for the load > > completion before releasing that memory. It also fixes a couple of > > identified memory leaks. > > This goes via wireless tree, not net. Just send to linux-wireless (you have done). > No need "net" in patch subject. > > I would quickly check if you did really encounter problems and > have tested this patchset with real hardware? > > Yeah, I was playing it safe here, in case some of the same rules apply, and "PATCH net" was required. If found this with a reproducer emulating a usb gadget device (by using /dev/raw-gadget), and then injecting memory allocation failures at different points in the probe path (at ieee80211_register_hw and then at init_sw_vars). I haven't tested this with real hardware, but given this lies in the probe error path, I suppose it would be harder to test for the bugs that they fix. On the other hand, it would be nice to at least confirm that it doesn't break them, though I find it hard that it would. Thanks. Cascardo.
These are fixes that affect mostly the usb probe error path. It fixes UAF due to firmware loading touching freed memory by waiting for the load completion before releasing that memory. It also fixes a couple of identified memory leaks. Thadeu Lima de Souza Cascardo (5): wifi: rtlwifi: do not complete firmware loading needlessly wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step wifi: rtlwifi: wait for firmware loading before releasing memory wifi: rtlwifi: fix init_sw_vars leak when probe fails wifi: rtlwifi: usb: fix workqueue leak when probe fails drivers/net/wireless/realtek/rtlwifi/pci.c | 1 - drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 ++++--- drivers/net/wireless/realtek/rtlwifi/usb.c | 7 +++++-- 3 files changed, 9 insertions(+), 6 deletions(-)