Etusivu Tutki Apua
Kirjaudu sisään
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Haarauta 0
Tiedostot Esitykset 0 Vetopyynnöt 0 Wiki
Selaa lähdekoodia

qcacld-3.0: Fix race between PD down and Assoc resp handling

In PD down uevent handling, if assoc resp timeout timer is active,
the timeout API is called from kernel thread and free up the
‘pLimJoinReq’. Now if assoc resp is received in MC thread it also
access ‘pLimJoinReq’ in parallel. This leads to use after free.

To fix this post a msg to MC thread to call the timeout APIs of the
connection timers.

Change-Id: I95e0bbb91c382298e35928d602c096ea5267dbe4
CRs-Fixed: 2184590
Abhishek Singh 7 vuotta sitten
vanhempi
d62784459d
sitoutus
99c70a06f3
1 muutettua tiedostoa jossa 3 lisäystä ja 3 poistoa
Yhdistetty näkymä Näytä diff tilastot
  1. 3 3
      core/mac/src/pe/lim/lim_utils.c

+ 3 - 3
core/mac/src/pe/lim/lim_utils.c
Näytä tiedosto 

@@ -563,7 +563,7 @@ void lim_deactivate_timers(tpAniSirGlobal mac_ctx)
 
 	if (tx_timer_running(&lim_timer->gLimJoinFailureTimer)) {
 
 	if (tx_timer_running(&lim_timer->gLimJoinFailureTimer)) {
 
 		pe_err("Join failure timer running call the timeout API");
 
 		pe_err("Join failure timer running call the timeout API");
 
 		/* Cleanup as if join timer expired */
 
 		/* Cleanup as if join timer expired */
 
-		lim_process_join_failure_timeout(mac_ctx);
 
+		lim_timer_handler(mac_ctx, SIR_LIM_JOIN_FAIL_TIMEOUT);
 
 	}
 
 	}
 
 	/* Deactivate Join failure timer. */
 
 	/* Deactivate Join failure timer. */
 
 	tx_timer_deactivate(&lim_timer->gLimJoinFailureTimer);
 
 	tx_timer_deactivate(&lim_timer->gLimJoinFailureTimer);
 
@@ -578,7 +578,7 @@ void lim_deactivate_timers(tpAniSirGlobal mac_ctx)
 
 	if (tx_timer_running(&lim_timer->gLimAssocFailureTimer)) {
 
 	if (tx_timer_running(&lim_timer->gLimAssocFailureTimer)) {
 
 		pe_err("Assoc failure timer running call the timeout API");
 
 		pe_err("Assoc failure timer running call the timeout API");
 
 		/* Cleanup as if assoc timer expired */
 
 		/* Cleanup as if assoc timer expired */
 
-		lim_process_assoc_failure_timeout(mac_ctx, LIM_ASSOC);
 
+		lim_assoc_failure_timer_handler(mac_ctx, LIM_ASSOC);
 
 	}
 
 	}
 
 	/* Deactivate Association failure timer. */
 
 	/* Deactivate Association failure timer. */
 
 	tx_timer_deactivate(&lim_timer->gLimAssocFailureTimer);
 
 	tx_timer_deactivate(&lim_timer->gLimAssocFailureTimer);
 
@@ -586,7 +586,7 @@ void lim_deactivate_timers(tpAniSirGlobal mac_ctx)
 
 	if (tx_timer_running(&mac_ctx->lim.limTimers.gLimAuthFailureTimer)) {
 
 	if (tx_timer_running(&mac_ctx->lim.limTimers.gLimAuthFailureTimer)) {
 
 		pe_err("Auth failure timer running call the timeout API");
 
 		pe_err("Auth failure timer running call the timeout API");
 
 		/* Cleanup as if auth timer expired */
 
 		/* Cleanup as if auth timer expired */
 
-		lim_process_auth_failure_timeout(mac_ctx);
 
+		lim_timer_handler(mac_ctx, SIR_LIM_AUTH_FAIL_TIMEOUT);
 
 	}
 
 	}
 
 	/* Deactivate Authentication failure timer. */
 
 	/* Deactivate Authentication failure timer. */
 
 	tx_timer_deactivate(&lim_timer->gLimAuthFailureTimer);
 
 	tx_timer_deactivate(&lim_timer->gLimAuthFailureTimer);