From 01cb81be76d76fe466529a82b35b2f2ace196e5a Mon Sep 17 00:00:00 2001
From: Naman Padhiar <quic_npadhiar@quicinc.com>
Date: Fri, 24 Feb 2023 20:44:32 +0530
Subject: [PATCH] icnss2: Use event_data before posting event

In icnss_pdr_notifier_cb() API, event_data gets free while
processing PD_SERVICE_DOWN event. In the same function
event_data->crashed is checking after posting PD_SERVICE_DOWN
event which may cause using event_data even after free.

This commit updates checking for event_data->crashed before
posting PD_SERVICE_DOWN event.

Change-Id: Ie82a0b7b4ceb40063318ab2d926b9c14412fb2c9
CRs-Fixed: 3415299
---
 icnss2/main.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/icnss2/main.c b/icnss2/main.c
index 87cb6cc18f..566a132099 100644
--- a/icnss2/main.c
+++ b/icnss2/main.c
@@ -2468,13 +2468,14 @@ static void icnss_pdr_notifier_cb(int state, char *service_path, void *priv_cb)
 			}
 		}
 		clear_bit(ICNSS_HOST_TRIGGERED_PDR, &priv->state);
-		icnss_driver_event_post(priv, ICNSS_DRIVER_EVENT_PD_SERVICE_DOWN,
-					ICNSS_EVENT_SYNC, event_data);
 
 		if (event_data->crashed)
 			mod_timer(&priv->recovery_timer,
 				  jiffies +
 				  msecs_to_jiffies(ICNSS_RECOVERY_TIMEOUT));
+
+		icnss_driver_event_post(priv, ICNSS_DRIVER_EVENT_PD_SERVICE_DOWN,
+					ICNSS_EVENT_SYNC, event_data);
 		break;
 	case SERVREG_SERVICE_STATE_UP:
 		clear_bit(ICNSS_FW_DOWN, &priv->state);