qcacmn: Use try_get_ref API in wlan_util_get_vdev_by_ifname

wlan_util_get_vdev_by_ifname currently uses the unconditional vdev ref grabbing API, wlan_objmgr_vdev_get_ref. Using this API outside of objmgr core is very dangerous, as a reference to a destroyed vdev can be obtained, leading to double-free and use-after-free scenarios. Use the conditional wlan_objmgr_vdev_try_get_ref API instead, and return a NULL vdev if a reference cannot be obtained. Change-Id: I44484b664577e6d9a79057ee35150abfb60ca0b3 CRs-Fixed: 2150257
2017-11-28 11:02:21 -08:00
--- a/umac/cmn_services/utils/src/wlan_utility.c
+++ b/umac/cmn_services/utils/src/wlan_utility.c
@@ -191,6 +191,7 @@ struct wlan_objmgr_vdev *wlan_util_get_vdev_by_ifname(
 				struct wlan_objmgr_psoc *psoc, char *ifname,
 				wlan_objmgr_ref_dbgid ref_id)
 {
+	QDF_STATUS status;
 	struct wlan_find_vdev_filter filter = {0};

 	filter.ifname = ifname;
@@ -198,8 +199,12 @@ struct wlan_objmgr_vdev *wlan_util_get_vdev_by_ifname(
 				     wlan_util_get_vdev_by_ifname_cb,
 				     &filter, 0, ref_id);

-	if (filter.found_vdev)
-		wlan_objmgr_vdev_get_ref(filter.found_vdev, ref_id);
+	if (!filter.found_vdev)
+		return NULL;
+
+	status = wlan_objmgr_vdev_try_get_ref(filter.found_vdev, ref_id);
+	if (QDF_IS_STATUS_ERROR(status))
+		return NULL;

 	return filter.found_vdev;
 }