samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Fix race between dequeue logs and deinit connectivity logging

Browse Source 
As part of stop modules, the deinit connectivity logging happens and
the queue, all the pointers are deinitialized. But while
initializing the write pointer the write pointer spinlock is not
acquired. This results in null pointer dereference of write_ptr
from other context.

Protect the access to the write pointer before setting it to
NULL in wlan_connectivity_logging_stop().

Change-Id: I69dc57b9e661004203f58754824496953105726f
CRs-Fixed: 3054306
This commit is contained in:
Pragaspathi Thilagaraj
2021-10-12 19:04:16 +05:30
committed by Madan Koyyalamudi
parent ded3ce6ffd
commit c3548d50ff
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
components/cmn_services/logging/src/wlan_connectivity_logging.c
View File

@@ -66,18 +66,21 @@ void wlan_connectivity_logging_stop(void)
if (!qdf_atomic_read(&global_cl.is_active))
return;
qdf_spin_lock_bh(&global_cl.write_ptr_lock);
global_cl.osif_cb_context = NULL;
global_cl.osif_cbks.wlan_connectivity_log_send_to_usr = NULL;
qdf_atomic_set(&global_cl.is_active, 0);
global_cl.read_ptr = NULL;
global_cl.write_ptr = NULL;
qdf_spinlock_destroy(&global_cl.write_ptr_lock);
global_cl.read_idx = 0;
global_cl.write_idx = 0;
qdf_mem_vfree(global_cl.head);
global_cl.head = NULL;
qdf_spin_unlock_bh(&global_cl.write_ptr_lock);
qdf_spinlock_destroy(&global_cl.write_ptr_lock);
}
void
@@ -123,6 +126,11 @@ static bool wlan_logging_is_queue_empty(void)
qdf_spin_lock_bh(&global_cl.write_ptr_lock);
if (!global_cl.write_ptr) {
qdf_spin_unlock_bh(&global_cl.write_ptr_lock);
return true;
}
if (global_cl.read_ptr == global_cl.write_ptr &&
!global_cl.write_ptr->is_record_filled) {
qdf_spin_unlock_bh(&global_cl.write_ptr_lock);