From 345f131dc4f09502ce61e863bb9c3987a883311f Mon Sep 17 00:00:00 2001
From: Ashish Kumar Dhanotiya <adhanoti@codeaurora.org>
Date: Wed, 2 Sep 2020 12:03:57 +0530
Subject: [PATCH] qcacld-3.0: Update current sta info inside lock

Currently when next sta info get is done, the for loop updates
current sta info outside of the lock, which may lead to
undefined behavior.

To address above issue update the current stats info inside
the lock.

Change-Id: Idf33b9271379d34696f35c714bdf2d42446bd688
CRs-Fixed: 2755355
---
 core/hdd/src/wlan_hdd_sta_info.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/hdd/src/wlan_hdd_sta_info.h b/core/hdd/src/wlan_hdd_sta_info.h
index e4993b8791..410901ff60 100644
--- a/core/hdd/src/wlan_hdd_sta_info.h
+++ b/core/hdd/src/wlan_hdd_sta_info.h
@@ -161,6 +161,7 @@ char *sta_info_string_from_dbgid(wlan_sta_info_dbgid id);
 /**
  * struct hdd_station_info - Per station structure kept in HDD for
  *                                     multiple station support for SoftAP
+ * @sta_node: The sta_info node for the station info list maintained in adapter
  * @in_use: Is the station entry in use?
  * @sta_id: Station ID reported back from HAL (through SAP).
  *           Broadcast uses station ID zero by default.
@@ -220,7 +221,6 @@ char *sta_info_string_from_dbgid(wlan_sta_info_dbgid id);
  * @tx_retry_exhaust_fw: the number of frames retried but finally failed from
  *                    firmware to remote station
  * @rx_fcs_count: the number of frames received with fcs error
- * @sta_info: The sta_info node for the station info list maintained in adapter
  * @assoc_req_ies: Assoc request IEs of the peer station
  * @ref_cnt: Reference count to synchronize sta_info access
  * @ref_cnt_dbgid: Reference count to debug sta_info synchronization issues
@@ -229,6 +229,7 @@ char *sta_info_string_from_dbgid(wlan_sta_info_dbgid id);
  * @peer_rssi_per_chain: Average value of RSSI (dbm) per chain
  */
 struct hdd_station_info {
+	qdf_list_node_t sta_node;
 	bool in_use;
 	uint8_t sta_id;
 	eStationType sta_type;
@@ -281,7 +282,6 @@ struct hdd_station_info {
 	uint32_t tx_retry_fw;
 	uint32_t tx_retry_exhaust_fw;
 	uint32_t rx_fcs_count;
-	qdf_list_node_t sta_node;
 	struct wlan_ies assoc_req_ies;
 	qdf_atomic_t ref_cnt;
 	qdf_atomic_t ref_cnt_dbgid[STA_INFO_ID_MAX];
@@ -464,8 +464,8 @@ hdd_get_next_sta_info_no_lock(struct hdd_sta_info_obj *sta_info_container,
 #define __hdd_take_ref_and_fetch_next_sta_info_safe(sta_info_container, \
 						    sta_info, next_sta_info, \
 						    sta_info_dbgid) \
-	sta_info = next_sta_info, \
 	qdf_spin_lock_bh(&sta_info_container.sta_obj_lock), \
+	sta_info = next_sta_info, \
 	hdd_get_next_sta_info_no_lock(&sta_info_container, sta_info, \
 				      &next_sta_info), \
 	(next_sta_info) ? hdd_take_sta_info_ref(&sta_info_container, \