From 6bfa475e456ea381828ae21beeefbbb01ee31db0 Mon Sep 17 00:00:00 2001
From: Pragaspathi Thilagaraj <tpragasp@codeaurora.org>
Date: Wed, 10 Jul 2019 12:33:33 +0530
Subject: [PATCH] qcacld-3.0: Acquire sme global lock if wait for set key times
 out

When the set key timeout occurs and there is a disconnect
triggered from userspace during the set key timeout, then the
disconnect proceeds to free the roam_profile for the csr
session. And when the set key timeout handler
csr_roam_wait_for_key_time_out_handler() is invoked, it tries
to access the roam profile from csr_roam_link_up()->
csr_neighbor_roam_info_ctx_init(). This results in a race between the
supplicant thread and scheduler thread.

Acquire sme global lock before call to csr_roam_link_up() to avoid
this deadlock.

Change-Id: I1dd0bec7afa191648d064a1935a33d9612bb89bc
CRs-Fixed: 2486186
---
 core/sme/src/csr/csr_api_roam.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/sme/src/csr/csr_api_roam.c b/core/sme/src/csr/csr_api_roam.c
index 6540216c48..18b3259c19 100644
--- a/core/sme/src/csr/csr_api_roam.c
+++ b/core/sme/src/csr/csr_api_roam.c
@@ -12577,18 +12577,18 @@ void csr_roam_wait_for_key_time_out_handler(void *pv)
 		}
 		sme_debug("SME pre-auth state timeout");
 
+		status = sme_acquire_global_lock(&mac->sme);
 		if (csr_is_conn_state_connected_infra(mac, session_id)) {
 			csr_roam_link_up(mac,
 					 pSession->connectedProfile.bssid);
-			status = sme_acquire_global_lock(&mac->sme);
 			if (QDF_IS_STATUS_SUCCESS(status)) {
 				csr_roam_disconnect(mac, session_id,
 					eCSR_DISCONNECT_REASON_UNSPECIFIED);
-				sme_release_global_lock(&mac->sme);
 			}
 		} else {
 			sme_err("session not found");
 		}
+		sme_release_global_lock(&mac->sme);
 	} else {
 		spin_unlock(&mac->roam.roam_state_lock);
 	}