From 52ae099d0b6ea7b3dd45f4f72324c6160a102de2 Mon Sep 17 00:00:00 2001 From: Paul Zhang Date: Fri, 27 Oct 2017 20:51:59 +0800 Subject: [PATCH] qcacmn: Inc the peer->peer_objmgr.ref_cnt in time There is a race condition: during the peer is created and invoking qdf_atomic_inc to increase the ref_cnt, another thread may firstly use it by wlan_objmgr_peer_get_ref and wlan_objmgr_peer_release_ref. Then wlan_objmgr_peer_obj_destroy was called and WLAN_OBJMGR_BUG(0) happens. Change-Id: Ic15bada7c70d799f808fe980ae52d4862789fe11 CRs-Fixed: 2133929 --- umac/cmn_services/obj_mgr/src/wlan_objmgr_peer_obj.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/umac/cmn_services/obj_mgr/src/wlan_objmgr_peer_obj.c b/umac/cmn_services/obj_mgr/src/wlan_objmgr_peer_obj.c index b0f8c4a365..b02821dd57 100644 --- a/umac/cmn_services/obj_mgr/src/wlan_objmgr_peer_obj.c +++ b/umac/cmn_services/obj_mgr/src/wlan_objmgr_peer_obj.c @@ -167,6 +167,10 @@ struct wlan_objmgr_peer *wlan_objmgr_peer_obj_create( macaddr[3], macaddr[4], macaddr[5]); return NULL; } + qdf_atomic_init(&peer->peer_objmgr.ref_cnt); + for (id = 0; id < WLAN_REF_ID_MAX; id++) + qdf_atomic_init(&peer->peer_objmgr.ref_id_dbg[id]); + wlan_objmgr_peer_get_ref(peer, WLAN_OBJMGR_ID); /* set vdev to peer */ wlan_peer_set_vdev(peer, vdev); /* set peer type */ @@ -176,7 +180,6 @@ struct wlan_objmgr_peer *wlan_objmgr_peer_obj_create( /* initialize peer state */ wlan_peer_mlme_set_state(peer, WLAN_INIT_STATE); wlan_peer_mlme_reset_seq_num(peer); - qdf_atomic_init(&peer->peer_objmgr.ref_cnt); peer->peer_objmgr.print_cnt = 0; /* Attach peer to psoc, psoc maintains the node table for the device */ if (wlan_objmgr_psoc_peer_attach(psoc, peer) != @@ -201,7 +204,6 @@ struct wlan_objmgr_peer *wlan_objmgr_peer_obj_create( return NULL; } qdf_spinlock_create(&peer->peer_lock); - wlan_objmgr_peer_get_ref(peer, WLAN_OBJMGR_ID); /* Increment ref count for BSS peer, so that BSS peer deletes last*/ if ((type == WLAN_PEER_STA) || (type == WLAN_PEER_STA_TEMP) || (type == WLAN_PEER_P2P_CLI))