You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On LEDE trunk rt3052 based devices (and all other devices using rt2800 wireless chipset) crash whenever you try to unload rt2800soc. This happens because patch 604-rt2x00-load-eeprom-on-SoC-from-a-mtd-device-defines-.patch interferes with 602-rt2x00-introduce-rt2x00eeprom.patch. In 602 the struct rt2x00_dev is extended by the member eeprom_file. In its initialisation function rt2x00lib_request_eeprom_file eeprom_file is either initialized with a firmware struct from request_firmware or keeps being NULL if an error occurs. Patch 604 hooks into rt2x00lib_request_eeprom_file by the function rt2800lib_read_eeprom_mtd. rt2800lib_read_eeprom_mtd fills eeprom_file with a statically declared struct firmware if loading from the mtd partition succeeds. Now, when we come to uninitialization patch 602s rt2x00lib_free_eeprom_file is called. This function assumes that eeprom_file was dynamically allocated and calls release_firmware(eeprom_file) even if patch 604 allocated it statically. This leads to release_firmware kfree-ing eeprom_file although it was never kmalloced, resulting in a kernelpanic.
The text was updated successfully, but these errors were encountered:
Thanks a lot for the report and the detailed analysis. Would it be possible that you send a patch according to [[https://lede-project.org/docs/guide-developer/the-source-code#submitting_patches|submitting patches guideline]] to get this bug fixed?
tsys:
On LEDE trunk rt3052 based devices (and all other devices using rt2800 wireless chipset) crash whenever you try to unload rt2800soc. This happens because patch 604-rt2x00-load-eeprom-on-SoC-from-a-mtd-device-defines-.patch interferes with 602-rt2x00-introduce-rt2x00eeprom.patch. In 602 the struct rt2x00_dev is extended by the member eeprom_file. In its initialisation function rt2x00lib_request_eeprom_file eeprom_file is either initialized with a firmware struct from request_firmware or keeps being NULL if an error occurs. Patch 604 hooks into rt2x00lib_request_eeprom_file by the function rt2800lib_read_eeprom_mtd. rt2800lib_read_eeprom_mtd fills eeprom_file with a statically declared struct firmware if loading from the mtd partition succeeds. Now, when we come to uninitialization patch 602s rt2x00lib_free_eeprom_file is called. This function assumes that eeprom_file was dynamically allocated and calls release_firmware(eeprom_file) even if patch 604 allocated it statically. This leads to release_firmware kfree-ing eeprom_file although it was never kmalloced, resulting in a kernelpanic.
The text was updated successfully, but these errors were encountered: