From 420442623e173f27299d9819f98742fa48fc3d2d Mon Sep 17 00:00:00 2001 From: Rajeev Kumar Date: Mon, 15 Jun 2020 14:17:39 -0700 Subject: [PATCH] qcacld-3.0: Get vdev ref properly in pmo enable/disable RTPM offloads vdev object is used without get ref in runtime pm enable/disable offloads api, this can lead to vdev use after free issue. Add vdev ref get before using it and avoid vdev use after free. Change-Id: I309abdd568c858288150f575899101bda06e57a7 CRs-Fixed: 2710759 --- components/pmo/core/src/wlan_pmo_suspend_resume.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/components/pmo/core/src/wlan_pmo_suspend_resume.c b/components/pmo/core/src/wlan_pmo_suspend_resume.c index 719a062c7f..f0d288f48e 100644 --- a/components/pmo/core/src/wlan_pmo_suspend_resume.c +++ b/components/pmo/core/src/wlan_pmo_suspend_resume.c @@ -433,14 +433,17 @@ static void pmo_core_enable_runtime_pm_offloads(struct wlan_objmgr_psoc *psoc) { uint8_t vdev_id; struct wlan_objmgr_vdev *vdev; + QDF_STATUS status; /* Iterate through VDEV list */ for (vdev_id = 0; vdev_id < WLAN_UMAC_PSOC_MAX_VDEVS; vdev_id++) { vdev = pmo_psoc_get_vdev(psoc, vdev_id); - if (!vdev) + status = pmo_vdev_get_ref(vdev); + if (QDF_IS_STATUS_ERROR(status)) continue; pmo_register_action_frame_patterns(vdev, QDF_RUNTIME_SUSPEND); + pmo_vdev_put_ref(vdev); } } @@ -448,14 +451,17 @@ static void pmo_core_disable_runtime_pm_offloads(struct wlan_objmgr_psoc *psoc) { uint8_t vdev_id; struct wlan_objmgr_vdev *vdev; + QDF_STATUS status; /* Iterate through VDEV list */ for (vdev_id = 0; vdev_id < WLAN_UMAC_PSOC_MAX_VDEVS; vdev_id++) { vdev = pmo_psoc_get_vdev(psoc, vdev_id); - if (!vdev) + status = pmo_vdev_get_ref(vdev); + if (QDF_IS_STATUS_ERROR(status)) continue; pmo_clear_action_frame_patterns(vdev); + pmo_vdev_put_ref(vdev); } }