Skip to content

Commit

Permalink
fix: workaround a double free bug
Browse files Browse the repository at this point in the history 
This is a temporary fix provided by Aicsemi.

Signed-off-by: ZHANG Yuntian <[email protected]>
  • Loading branch information
@RadxaYuntian
RadxaYuntian committed Jun 20, 2024
1 parent c9baba2 commit 23b9bf0
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 0 deletions.
1 change: 1 addition & 0 deletions debian/aic8800-firmware.install
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
src/PCIE/driver_fw/fw/* /lib/firmware/aic8800_fw/PCIE/
src/SDIO/driver_fw/fw/* /lib/firmware/aic8800_fw/SDIO/
src/USB/driver_fw/fw/* /lib/firmware/aic8800_fw/USB/
debian/patches/fmacfw_8800d80_u02.bin /lib/firmware/aic8800_fw/USB/aic8800D80/
45 changes: 45 additions & 0 deletions debian/patches/0001-fix-workaround-a-double-free-bug.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: lx <[email protected]>
Date: Thu, 20 Jun 2024 10:12:25 +0800
Subject: [PATCH] fix: workaround a double free bug

Provided by 酱酱@Aicsemi.
Need to be used with included firmware blob.

Signed-off-by: lx <[email protected]>
---
.../aic8800/aic8800_fdrv/aicwf_txrxif.c | 4 +---
.../drivers/aic8800/aic8800_fdrv/aicwf_usb.c | 2 +-
2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_txrxif.c b/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_txrxif.c
index c356357..8c27c89 100644
--- a/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_txrxif.c
+++ b/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_txrxif.c
@@ -728,9 +728,7 @@ int aicwf_process_rxframes(struct aicwf_rx_priv *rx_priv)
pkt_len = (*skb->data | (*(skb->data + 1) << 8));
//printk("p:%d, s:%d , %x\n", pkt_len, skb->len, data[2]);
if (pkt_len > 1600) {
- dev_kfree_skb(skb);
- atomic_dec(&rx_priv->rx_cnt);
- continue;
+ break;
}

if((skb->data[2] & USB_TYPE_CFG) != USB_TYPE_CFG) { // type : data
diff --git a/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_usb.c b/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_usb.c
index f2fc02c..e8197b3 100644
--- a/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_usb.c
+++ b/src/USB/driver_fw/drivers/aic8800/aic8800_fdrv/aicwf_usb.c
@@ -1315,7 +1315,7 @@ int usb_busrx_thread(void *data)
AICWFDBG(LOGINFO, "%s the cpu is:%d\n", __func__, current->cpu);
#endif
#endif
- set_cpu_ret = set_cpus_allowed_ptr(current, cpumask_of(1));
+ set_cpu_ret = set_cpus_allowed_ptr(current, cpumask_of(2));
#ifdef CONFIG_THREAD_INFO_IN_TASK
AICWFDBG(LOGINFO, "%s set_cpu_ret is:%d\n", __func__, set_cpu_ret);
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 16, 0))
--
2.45.2

Binary file added debian/patches/fmacfw_8800d80_u02.bin
View file
Binary file not shown.
1 change: 1 addition & 0 deletions debian/patches/series
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,4 @@ fix-aic_btusb.patch
fix-linux-6.7-build.patch
fix-linux-6.5-build.patch
fix-linux-6.9-build.patch
0001-fix-workaround-a-double-free-bug.patch

0 comments on commit 23b9bf0

Please sign in to comment.