FS#573 - Unloading rt2800soc crashes rt3052 based devices #7096
Labels
Comments
|
mkresin: Thanks a lot for the report and the detailed analysis. Would it be possible that you send a patch according to [[https://lede-project.org/docs/guide-developer/the-source-code#submitting_patches|submitting patches guideline]] to get this bug fixed? |
|
tsys: Yeah, sure. I'll see what I can do EDIT: Patch and PR created: lede-project/source#907 |
|
tsys: Mathias, could you please take a look at the pull request for this bug? lede-project/source#907 |
|
manawyrm: I just encountered this bug and can confirm the issue.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
tsys:
On LEDE trunk rt3052 based devices (and all other devices using rt2800 wireless chipset) crash whenever you try to unload rt2800soc. This happens because patch 604-rt2x00-load-eeprom-on-SoC-from-a-mtd-device-defines-.patch interferes with 602-rt2x00-introduce-rt2x00eeprom.patch. In 602 the struct rt2x00_dev is extended by the member eeprom_file. In its initialisation function rt2x00lib_request_eeprom_file eeprom_file is either initialized with a firmware struct from request_firmware or keeps being NULL if an error occurs. Patch 604 hooks into rt2x00lib_request_eeprom_file by the function rt2800lib_read_eeprom_mtd. rt2800lib_read_eeprom_mtd fills eeprom_file with a statically declared struct firmware if loading from the mtd partition succeeds. Now, when we come to uninitialization patch 602s rt2x00lib_free_eeprom_file is called. This function assumes that eeprom_file was dynamically allocated and calls release_firmware(eeprom_file) even if patch 604 allocated it statically. This leads to release_firmware kfree-ing eeprom_file although it was never kmalloced, resulting in a kernelpanic.
The text was updated successfully, but these errors were encountered: