samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull-Requests Actions Pakete Projekte Releases Wiki Aktivität

qcacmn: Inc the peer->peer_objmgr.ref_cnt in time

Quellcode durchsuchen 
There is a race condition: during the peer is created and invoking
qdf_atomic_inc to increase the ref_cnt, another thread may firstly
use it by wlan_objmgr_peer_get_ref and wlan_objmgr_peer_release_ref.
Then wlan_objmgr_peer_obj_destroy was called and WLAN_OBJMGR_BUG(0)
happens.

Change-Id: Ic15bada7c70d799f808fe980ae52d4862789fe11
CRs-Fixed: 2133929
Dieser Commit ist enthalten in:
Paul Zhang
2017-10-27 20:51:59 +08:00
committet von snandini
Ursprung 66698093e1
Commit 52ae099d0b
1 geänderte Dateien mit 4 neuen und 2 gelöschten Zeilen
Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

6
umac/cmn_services/obj_mgr/src/wlan_objmgr_peer_obj.c
Datei anzeigen

@@ -167,6 +167,10 @@ struct wlan_objmgr_peer *wlan_objmgr_peer_obj_create(
macaddr[3], macaddr[4], macaddr[5]); macaddr[3], macaddr[4], macaddr[5]);
return NULL; return NULL;
} }
qdf_atomic_init(&peer->peer_objmgr.ref_cnt);
for (id = 0; id < WLAN_REF_ID_MAX; id++)
qdf_atomic_init(&peer->peer_objmgr.ref_id_dbg[id]);
wlan_objmgr_peer_get_ref(peer, WLAN_OBJMGR_ID);
/* set vdev to peer */ /* set vdev to peer */
wlan_peer_set_vdev(peer, vdev); wlan_peer_set_vdev(peer, vdev);
/* set peer type */ /* set peer type */
@@ -176,7 +180,6 @@ struct wlan_objmgr_peer *wlan_objmgr_peer_obj_create(
/* initialize peer state */ /* initialize peer state */
wlan_peer_mlme_set_state(peer, WLAN_INIT_STATE); wlan_peer_mlme_set_state(peer, WLAN_INIT_STATE);
wlan_peer_mlme_reset_seq_num(peer); wlan_peer_mlme_reset_seq_num(peer);
qdf_atomic_init(&peer->peer_objmgr.ref_cnt);
peer->peer_objmgr.print_cnt = 0; peer->peer_objmgr.print_cnt = 0;
/* Attach peer to psoc, psoc maintains the node table for the device */ /* Attach peer to psoc, psoc maintains the node table for the device */
if (wlan_objmgr_psoc_peer_attach(psoc, peer) != if (wlan_objmgr_psoc_peer_attach(psoc, peer) !=
@@ -201,7 +204,6 @@ struct wlan_objmgr_peer *wlan_objmgr_peer_obj_create(
return NULL; return NULL;
} }
qdf_spinlock_create(&peer->peer_lock); qdf_spinlock_create(&peer->peer_lock);
wlan_objmgr_peer_get_ref(peer, WLAN_OBJMGR_ID);
/* Increment ref count for BSS peer, so that BSS peer deletes last*/ /* Increment ref count for BSS peer, so that BSS peer deletes last*/
if ((type == WLAN_PEER_STA) || (type == WLAN_PEER_STA_TEMP) if ((type == WLAN_PEER_STA) || (type == WLAN_PEER_STA_TEMP)
|| (type == WLAN_PEER_P2P_CLI)) || (type == WLAN_PEER_P2P_CLI))