From 27fbec79708aa3865bd9a2d9bb38270c87d31d7e Mon Sep 17 00:00:00 2001 From: "Masti, Narayanraddi" Date: Wed, 14 Sep 2016 16:36:37 +0530 Subject: [PATCH] qcacld-3.0: Fix crash in TDLS functionality qcacld-2.0 to qcacld-3.0 propagation Currently, tdls lock has not been acquired and if tdls peer or tdls context freed in other context then it will lead to crash. Fix is to ensure that the tdls lock is acquired for tdls peer list and tdls context. Change-Id: I52c3e7b67c7f61160c54a1a6688db09f0137b7e1 CRs-Fixed: 945302 --- core/hdd/src/wlan_hdd_tdls.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/core/hdd/src/wlan_hdd_tdls.c b/core/hdd/src/wlan_hdd_tdls.c index 9ef07db175..77a560d049 100644 --- a/core/hdd/src/wlan_hdd_tdls.c +++ b/core/hdd/src/wlan_hdd_tdls.c @@ -874,22 +874,34 @@ void wlan_hdd_tdls_exit(hdd_adapter_t *pAdapter) mutex_lock(&pHddCtx->tdls_lock); + pHddTdlsCtx = WLAN_HDD_GET_TDLS_CTX_PTR(pAdapter); + if (NULL == pHddTdlsCtx) { + /* + * TDLS context can be null and might have been freed up during + * cleanup for STA adapter + */ + mutex_unlock(&pHddCtx->tdls_lock); + + hdd_info("pHddTdlsCtx is NULL, adapter device mode: %s(%d)", + hdd_device_mode_to_string(pAdapter->device_mode), + pAdapter->device_mode); + goto done; + } + /* must stop timer here before freeing peer list, because peerIdleTimer is part of peer list structure. */ wlan_hdd_tdls_timers_destroy(pHddTdlsCtx); wlan_hdd_tdls_free_list(pHddTdlsCtx); - mutex_unlock(&pHddCtx->tdls_lock); - wlan_hdd_tdls_free_scan_request(&pHddCtx->tdls_scan_ctxt); pHddTdlsCtx->magic = 0; pHddTdlsCtx->pAdapter = NULL; + pAdapter->sessionCtx.station.pHddTdlsCtx = NULL; + + mutex_unlock(&pHddCtx->tdls_lock); qdf_mem_free(pHddTdlsCtx); - pAdapter->sessionCtx.station.pHddTdlsCtx = NULL; - pHddTdlsCtx = NULL; - done: EXIT(); clear_bit(TDLS_INIT_DONE, &pAdapter->event_flags);