diff mbox series

[OpenWrt-Devel] mac80211: rt2x00: fix crash on release_firmware

Message ID 1551000198-30901-1-git-send-email-sgruszka@redhat.com
State Accepted
Headers show
Series [OpenWrt-Devel] mac80211: rt2x00: fix crash on release_firmware | expand

Commit Message

Stanislaw Gruszka Feb. 24, 2019, 9:23 a.m. UTC 
Fix crash due to passing invalid r2x00dev->eeprom_file pointer to
release_firmware(). Since we copy eeprom data with EEPROM_SIZE
in rt2800_read_eeprom() we can use eeprom_file->size as marker
if the file was crated by request_firmware().

Cc: Felix Fietkau <nbd@nbd.name>,
Cc: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
---
 .../mac80211/patches/rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch  | 5 +++--
 .../604-rt2x00-load-eeprom-on-SoC-from-a-mtd-device-defines-.patch   | 5 ++---
 2 files changed, 5 insertions(+), 5 deletions(-)

Comments

Kristian Evensen Feb. 26, 2019, 7:54 a.m. UTC | #1 
Hi Stanislaw,

On Sun, Feb 24, 2019 at 10:23 AM Stanislaw Gruszka <sgruszka@redhat.com> wrote:
>
> Fix crash due to passing invalid r2x00dev->eeprom_file pointer to
> release_firmware(). Since we copy eeprom data with EEPROM_SIZE
> in rt2800_read_eeprom() we can use eeprom_file->size as marker
> if the file was crated by request_firmware().
>
> Cc: Felix Fietkau <nbd@nbd.name>,
> Cc: Daniel Golle <daniel@makrotopia.org>
> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>

Thanks for the patch. I submitted a patch doing something similar some
days ago, but your fix is much nicer. FWIW:

Acked-by: Kristian Evensen <kristian.evensen@gmail.com>

BR,
Kristian
diff mbox series

Patch

diff --git a/package/kernel/mac80211/patches/rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch b/package/kernel/mac80211/patches/rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch
index ab31d8485d7d..c6d4862e41ec 100644
--- a/package/kernel/mac80211/patches/rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch
+++ b/package/kernel/mac80211/patches/rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch
@@ -152,7 +152,7 @@ 
  
 --- /dev/null
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00eeprom.c
-@@ -0,0 +1,105 @@
+@@ -0,0 +1,106 @@
 +/*
 +	Copyright (C) 2004 - 2009 Ivo van Doorn <IvDoorn@gmail.com>
 +	Copyright (C) 2004 - 2009 Gertjan van Wingerde <gwingerde@gmail.com>
@@ -255,7 +255,8 @@ 
 +
 +void rt2x00lib_free_eeprom_file(struct rt2x00_dev *rt2x00dev)
 +{
-+	release_firmware(rt2x00dev->eeprom_file);
++	if (rt2x00dev->eeprom_file && rt2x00dev->eeprom_file->size)
++		release_firmware(rt2x00dev->eeprom_file);
 +	rt2x00dev->eeprom_file = NULL;
 +}
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00lib.h
diff --git a/package/kernel/mac80211/patches/rt2x00/604-rt2x00-load-eeprom-on-SoC-from-a-mtd-device-defines-.patch b/package/kernel/mac80211/patches/rt2x00/604-rt2x00-load-eeprom-on-SoC-from-a-mtd-device-defines-.patch
index a98b49c541f5..b3e1220b601a 100644
--- a/package/kernel/mac80211/patches/rt2x00/604-rt2x00-load-eeprom-on-SoC-from-a-mtd-device-defines-.patch
+++ b/package/kernel/mac80211/patches/rt2x00/604-rt2x00-load-eeprom-on-SoC-from-a-mtd-device-defines-.patch
@@ -22,7 +22,7 @@  Signed-off-by: John Crispin <blogic@openwrt.org>
  	  Supported chips: RT2880, RT3050, RT3052, RT3350, RT3352.
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00eeprom.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00eeprom.c
-@@ -26,11 +26,73 @@
+@@ -26,11 +26,72 @@
  
  #include <linux/kernel.h>
  #include <linux/module.h>
@@ -84,7 +84,6 @@  Signed-off-by: John Crispin <blogic@openwrt.org>
 +			rt2x00dev->eeprom[i] = swab16(rt2x00dev->eeprom[i]);
 +
 +	rt2x00dev->eeprom_file = &mtd_fw;
-+	mtd_fw.size = len;
 +	mtd_fw.data = (const u8 *) rt2x00dev->eeprom;
 +
 +	dev_info(rt2x00dev->dev, "loaded eeprom from mtd device \"%s\"\n", part);
@@ -96,7 +95,7 @@  Signed-off-by: John Crispin <blogic@openwrt.org>
  static const char *
  rt2x00lib_get_eeprom_file_name(struct rt2x00_dev *rt2x00dev)
  {
-@@ -58,6 +120,9 @@ static int rt2x00lib_request_eeprom_file
+@@ -58,6 +119,9 @@ static int rt2x00lib_request_eeprom_file
  	const char *ee_name;
  	int retval;