samsung-sm8650/android_kernel_samsung_sm8650-modules

qcacld-3.0: Set vdev start failure before deliver VDEV EV_START_REQ_FAIL

The lim_handle_sme_join_result will set mlme connection failure to true
before delivering event WLAN_VDEV_SM_EV_START_REQ_FAIL when substate is
SS_START_START_PROGRESS, it might call wma_send_vdev_stop, which will
reset mlme connection failure to false again.

Set vdev start failure to true in the lim_handle_sme_join_result to
let wma_mlme_vdev_notify_down_complete do not free the data due to this
data is not allocated in the heap in the lim_handle_sme_join_result.

Here is the potential call stack for your ref as below which might free
the local variable param allocated in the lim_handle_sme_join_result:

[ 6776.197093] Call trace:
[ 6776.197152]  __ksize+0x24/0xd0
[ 6776.197518]  __qdf_mem_free+0x28/0x88 [wlan]
[ 6776.197880]  wma_mlme_vdev_notify_down_complete+0xe4/0x180 [wlan]
[ 6776.198413]  vdevmgr_notify_down_complete+0x54/0x68 [wlan]
[ 6776.199008]  mlme_vdev_state_init_event+0x88/0x1c8 [wlan]
[ 6776.199353]  wlan_sm_dispatch+0x168/0x1e8 [wlan]
[ 6776.199697]  mlme_vdev_subst_start_start_progress_event+0xf8/0x1d0
[ 6776.200087]  wlan_sm_dispatch+0x168/0x1e8 [wlan]
[ 6776.200458]  wlan_vdev_mlme_sm_deliver_evt+0x60/0xf0 [wlan]
[ 6776.201043]  lim_handle_sme_join_result+0xd4/0x104 [wlan]
[ 6776.201523]  lim_process_mlm_join_cnf+0x84/0xc8 [wlan]
[ 6776.201855]  lim_process_switch_channel_rsp+0x4a4/0x7cc [wlan]
[ 6776.202186]  wma_handle_channel_switch_resp+0x114/0x2d0 [wlan]
[ 6776.202969]  wma_vdev_start_resp_handler+0x38c/0x6e0 [wlan]
[ 6776.203866]  vdevmgr_vdev_start_rsp_handle+0x48/0x58 [wlan]
[ 6776.204520]  tgt_vdev_mgr_start_response_handler+0x68/0x128 [wlan]
[ 6776.206127]  target_if_vdev_mgr_rsp_timer_cb+0x27c/0x4c4 [wlan]
[ 6776.208182]  target_if_flush_psoc_vdev_timers+0x74/0x270 [wlan]
[ 6776.209455]  wma_cleanup_vdev_resp_and_hold_req+0x24/0x64 [wlan]
[ 6776.209752]  scheduler_target_if_mq_handler+0x4c/0xbc [wlan]
[ 6776.210048]  scheduler_thread_process_queues+0x11c/0x3cc [wlan]
[ 6776.210344]  scheduler_thread+0x9c/0x1e8 [wlan]
[ 6776.210677]  kthread+0x16c/0x17c
[ 6776.210784]  ret_from_fork+0x10/0x18
[ 6776.210879] Code: f2bffc09 d346fd08 f2dfffc9 927acd08 (f8696909).

Change-Id: I058d4f5e8526209d9bb17102a96be6625e1307e6
CRs-Fixed: 3614659

Tiger Yu 1 năm trước cách đây

mục cha

0ea84f37b6

commit

344403607a

1 tập tin đã thay đổi với 3 bổ sung và 1 xóa

Split View Hiển thị tình trạng sai khác

						
							+ 3
							
							- 1
						
core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c
							 
								Xem Tập Tin
							
				@@ -1432,10 +1432,12 @@ void lim_handle_sme_join_result(struct mac_context *mac_ctx,
			
				 	mlme_set_connection_fail(session->vdev, true);
			
				 	if (wlan_vdev_mlme_get_substate(session->vdev) ==
			
				-	    WLAN_VDEV_SS_START_START_PROGRESS)
			
				+	    WLAN_VDEV_SS_START_START_PROGRESS) {
			
				+		mlme_set_vdev_start_failed(session->vdev, true);
			
				 		status = wlan_vdev_mlme_sm_deliver_evt(session->vdev,
			
				 					       WLAN_VDEV_SM_EV_START_REQ_FAIL,
			
				 					       sizeof(param), &param);
			
				+	}
			
				 	else
			
				 		status = wlan_vdev_mlme_sm_deliver_evt(session->vdev,
			
				 					       WLAN_VDEV_SM_EV_CONNECTION_FAIL,

qcacld-3.0: Set vdev start failure before deliver VDEV EV_START_REQ_FAIL

+ 3 - 1 core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c Xem Tập Tin

+ 3 - 1
core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c
Xem Tập Tin