UPSTREAM: remoteproc: core: Fix rproc->firmware free in rproc_set_firmware()

rproc_alloc_firmware() (called by rproc_alloc()) can allocate
rproc->firmware using kstrdup_const() and therefore should be freed
using kfree_const(); however, rproc_set_firmware() frees it using the
simple kfree(). This causes a kernel oops if a constant string is passed
to rproc_alloc() and rproc_set_firmware() is subsequently called.

Fix the above issue by using kfree_const() to free rproc->firmware in
rproc_set_firmware().

Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@intel.com>
Link: https://lore.kernel.org/r/20210118165904.719999-1-daniele.alessandrelli@linux.intel.com
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>

[juhyung: A kernel panic was observed with downstream Qualcomm's
qcom_spss and spss_utils modules on production phones.
drivers/remoteproc/qcom_spss.c's qcom_spss_set_fw_name() have upstream's
rproc_set_firmware() logic duplicated and hence needs its own fix (change
to call rproc_set_firmware() directly) to fully fix the kernel panic,
but remoteproc_core needs to be fixed too.]

Change-Id: I7d993e38d4babc30562dd47c366cba9fda388130
(cherry picked from commit 43d3f2c715cefcfb89b10675728e9bf0d8bb98e3)
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>

drivers/remoteproc/remoteproc_core.c

@@ -2000,7 +2000,7 @@ int rproc_set_firmware(struct rproc *rproc, const char *fw_name)
 		goto out;
 	}
 
-	kfree(rproc->firmware);
+	kfree_const(rproc->firmware);
 	rproc->firmware = p;
 
 out: