qcacmn: Fix monitor status buffer double free issue

currently rx_mon_ring and REO are part of the same interrupt group, due to which in case of mission mode when IRQ is received from REO, even the lmac rings are processed in the same context. This results in dp_mon_reap_timer_handler and dp_process_lmac_rings calling dp_rx_mon_status_process_tlv() in different context and access global list at the same time, which may lead to skb double free issue. To fix the issue if current mode is not monitor mode do not set rx_mon_ring_mask MSI interrupt mask. Change-Id: Icc64455824f919e17d3daa741be1cbdafd6fe88f CRs-Fixed: 3274531
2022-08-26 02:17:21 -07:00
--- a/dp/wifi3.0/dp_main.c
+++ b/dp/wifi3.0/dp_main.c
@@ -3299,6 +3299,19 @@ dp_soc_near_full_interrupt_attach(struct dp_soc *soc, int num_irq,
 }
 #endif

+#ifdef DP_CON_MON_MSI_SKIP_SET
+static inline bool dp_skip_rx_mon_ring_mask_set(struct dp_soc *soc)
+{
+	return !!(soc->cdp_soc.ol_ops->get_con_mode() !=
+			QDF_GLOBAL_MONITOR_MODE);
+}
+#else
+static inline bool dp_skip_rx_mon_ring_mask_set(struct dp_soc *soc)
+{
+	return false;
+}
+#endif
+
 /*
 * dp_soc_interrupt_detach() - Deregister any allocations done for interrupts
 * @txrx_soc: DP SOC handle
@@ -3408,6 +3421,9 @@ static QDF_STATUS dp_soc_interrupt_attach(struct cdp_soc_t *txrx_soc)
 		int umac_reset_intr_mask =
 			wlan_cfg_get_umac_reset_intr_mask(soc->wlan_cfg_ctx, i);

+		if (dp_skip_rx_mon_ring_mask_set(soc))
+			rx_mon_mask = 0;
+
 		soc->intr_ctx[i].dp_intr_id = i;
 		soc->intr_ctx[i].tx_ring_mask = tx_mask;
 		soc->intr_ctx[i].rx_ring_mask = rx_mask;