From 426ffc563a94ca12531ff8a2df598185ba88487e Mon Sep 17 00:00:00 2001
From: Stanislaw Gruszka <sgruszka@redhat.com>
Date: Sun, 24 Feb 2019 10:23:18 +0100
Subject: mac80211: rt2x00: fix crash on release_firmware

Fix crash due to passing invalid r2x00dev->eeprom_file pointer to
release_firmware(). Since we copy eeprom data with EEPROM_SIZE
in rt2800_read_eeprom() we can use eeprom_file->size as marker
if the file was crated by request_firmware().

Acked-by: Kristian Evensen <kristian.evensen@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
---
 .../mac80211/patches/rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'package/kernel/mac80211/patches/rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch')

diff --git a/package/kernel/mac80211/patches/rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch b/package/kernel/mac80211/patches/rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch
index ab31d8485d..c6d4862e41 100644
--- a/package/kernel/mac80211/patches/rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch
+++ b/package/kernel/mac80211/patches/rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch
@@ -152,7 +152,7 @@
  
 --- /dev/null
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00eeprom.c
-@@ -0,0 +1,105 @@
+@@ -0,0 +1,106 @@
 +/*
 +	Copyright (C) 2004 - 2009 Ivo van Doorn <IvDoorn@gmail.com>
 +	Copyright (C) 2004 - 2009 Gertjan van Wingerde <gwingerde@gmail.com>
@@ -255,7 +255,8 @@
 +
 +void rt2x00lib_free_eeprom_file(struct rt2x00_dev *rt2x00dev)
 +{
-+	release_firmware(rt2x00dev->eeprom_file);
++	if (rt2x00dev->eeprom_file && rt2x00dev->eeprom_file->size)
++		release_firmware(rt2x00dev->eeprom_file);
 +	rt2x00dev->eeprom_file = NULL;
 +}
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00lib.h
-- 
cgit v1.2.3