0001-fix-workaround-a-double-free-bug.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: lx <liuxian@radxa.com>
Date: Thu, 20 Jun 2024 10:12:25 +0800
Subject: [PATCH] fix: workaround a double free bug

Provided by 酱酱@Aicsemi.
Need to be used with included firmware blob.

Signed-off-by: lx <liuxian@radxa.com>
---
 .../aic8800/aic8800_fdrv/aicwf_txrxif.c       |   4 +---
 .../drivers/aic8800/aic8800_fdrv/aicwf_usb.c  |   2 +-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_txrxif.c b/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_txrxif.c
index c356357..8c27c89 100644
--- a/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_txrxif.c
+++ b/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_txrxif.c
@@ -728,9 +728,7 @@ int aicwf_process_rxframes(struct aicwf_rx_priv *rx_priv)
 	        pkt_len = (*skb->data | (*(skb->data + 1) << 8));
 	        //printk("p:%d, s:%d , %x\n", pkt_len, skb->len, data[2]);
 	        if (pkt_len > 1600) {
-	            dev_kfree_skb(skb);
-	            atomic_dec(&rx_priv->rx_cnt);
-	                continue;
+	            break;
 	        }
 
 	        if((skb->data[2] & USB_TYPE_CFG) != USB_TYPE_CFG) { // type : data
diff --git a/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_usb.c b/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_usb.c
index f2fc02c..e8197b3 100644
--- a/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_usb.c
+++ b/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_usb.c
@@ -1315,7 +1315,7 @@ int usb_busrx_thread(void *data)
     AICWFDBG(LOGINFO, "%s the cpu is:%d\n", __func__, current->cpu);
 #endif
 #endif
-    set_cpu_ret = set_cpus_allowed_ptr(current, cpumask_of(1));
+    set_cpu_ret = set_cpus_allowed_ptr(current, cpumask_of(2));
 #ifdef CONFIG_THREAD_INFO_IN_TASK
     AICWFDBG(LOGINFO, "%s set_cpu_ret is:%d\n", __func__, set_cpu_ret);
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 16, 0))
-- 
2.45.2