Accueil Explorer Aide
Connexion
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

qcacmn: Fix scan db mem leak in race condition

During module stop, scan db is cleared before scheduler thread
stop, new beacon can be handled and scan node still can be added
into scan db after scan db clear in race condition, result in
mem leak.

Fixed by moving scm_db_deinit from ucfg_scan_psoc_disable to
ucfg_scan_psoc_close, which is called after scheduler thread
stop

To be symmetrical, move scm_db_init from ucfg_scan_psoc_enable
to ucfg_scan_psoc_open.

Call stack:

hdd_wlan_stop_modules
 ->hdd_deconfigure_cds
    ->cds_disable
       ->dispatcher_psoc_disable
          ->ucfg_scan_psoc_disable
             ->scm_db_deinit
 ->cds_close
    ->dispatcher_disable
       ->scheduler_disable
    ->dispatcher_psoc_close
       ->ucfg_scan_psoc_close

scheduler_thread
 ->scheduler_thread_process_queues
    ->scheduler_target_if_mq_handler
       ->target_if_msg_handler
          ->scm_handle_bcn_probe
             ->scm_add_update_entry
                ->scm_add_scan_entry

Change-Id: I911751a247ae3ccb489755c30ffbe078a93ca4db
CRs-Fixed: 2205354
Zhu Jianmin il y a 7 ans
Parent
1ca70f07c8
commit
832737116d
1 fichiers modifiés avec 2 ajouts et 2 suppressions
Vue séparée Afficher les stats Diff
  1. 2 2
      umac/scan/dispatcher/src/wlan_scan_ucfg_api.c

+ 2 - 2
umac/scan/dispatcher/src/wlan_scan_ucfg_api.c
Voir le fichier 

@@ -1963,6 +1963,7 @@ ucfg_scan_psoc_open(struct wlan_objmgr_psoc *psoc)
 
 	wlan_scan_global_init(scan_obj);
 
 	qdf_spinlock_create(&scan_obj->lock);
 
 	ucfg_scan_register_pmo_handler();
 
+	scm_db_init(psoc);
 
 
 	return QDF_STATUS_SUCCESS;
 
 }
 
@@ -1977,6 +1978,7 @@ ucfg_scan_psoc_close(struct wlan_objmgr_psoc *psoc)
 
 		scm_err("null psoc");
 
 		return QDF_STATUS_E_FAILURE;
 
 	}
 
+	scm_db_deinit(psoc);
 
 	scan_obj = wlan_psoc_get_scan_obj(psoc);
 
 	if (scan_obj == NULL) {
 
 		scm_err("Failed to get scan object");
 
@@ -2027,7 +2029,6 @@ ucfg_scan_psoc_enable(struct wlan_objmgr_psoc *psoc)
 
 	/* Subscribe for scan events from lmac layesr */
 
 	status = tgt_scan_register_ev_handler(psoc);
 
 	QDF_ASSERT(status == QDF_STATUS_SUCCESS);
 
-	scm_db_init(psoc);
 
 	if (wlan_reg_11d_original_enabled_on_host(psoc))
 
 		scm_11d_cc_db_init(psoc);
 
 	ucfg_scan_register_unregister_bcn_cb(psoc, true);
 
@@ -2054,7 +2055,6 @@ ucfg_scan_psoc_disable(struct wlan_objmgr_psoc *psoc)
 
 	ucfg_scan_register_unregister_bcn_cb(psoc, false);
 
 	if (wlan_reg_11d_original_enabled_on_host(psoc))
 
 		scm_11d_cc_db_deinit(psoc);
 
-	scm_db_deinit(psoc);
 
 
 	return status;
 
 }