From cc959f1b44f53f49e9f60eea6fbee4c67b68d1b8 Mon Sep 17 00:00:00 2001 From: Abhinav Kumar Date: Thu, 9 Aug 2018 13:58:30 +0530 Subject: [PATCH] qcacld-3.0: Possible use of un-initialized var while changing interface Currently, driver calls hdd_alloc_station_adapter to initialize the completion variables for a particular adapter only if mode of interface is STA or P2P. In case when driver changes its STA + SAP mode to STA + STA mode by calling hdd_open_concurrent_interface, driver is not able to initialize init_completion variable for new STA interface. So while processing fw commands (for new STA interface) which uses completion variables, driver leads to the use of uninitialized variables issue. Create new function cmn_init_completion to initialize completion variables for all interfaces while opening the HDD adapter. Change-Id: Iae8ec1a86dd4084c9f5b39ec0d90e16182212df9 CRs-Fixed: 2288919 --- core/hdd/src/wlan_hdd_hostapd.c | 11 ----------- core/hdd/src/wlan_hdd_main.c | 35 ++++++++++++++++++++++----------- 2 files changed, 24 insertions(+), 22 deletions(-) diff --git a/core/hdd/src/wlan_hdd_hostapd.c b/core/hdd/src/wlan_hdd_hostapd.c index cc13d55caf..1d807cf098 100644 --- a/core/hdd/src/wlan_hdd_hostapd.c +++ b/core/hdd/src/wlan_hdd_hostapd.c @@ -3196,17 +3196,6 @@ struct hdd_adapter *hdd_wlan_create_ap_dev(struct hdd_context *hdd_ctx, return NULL; } - init_completion(&adapter->disconnect_comp_var); - init_completion(&adapter->roaming_comp_var); - init_completion(&adapter->linkup_event_var); - init_completion(&adapter->cancel_rem_on_chan_var); - init_completion(&adapter->rem_on_chan_ready_event); - init_completion(&adapter->sta_authorized_event); - init_completion(&adapter->offchannel_tx_event); - init_completion(&adapter->tx_action_cnf_event); - init_completion(&adapter->ibss_peer_info_comp); - init_completion(&adapter->lfr_fw_status.disable_lfr_event); - SET_NETDEV_DEV(dev, hdd_ctx->parent_dev); spin_lock_init(&adapter->pause_map_lock); adapter->start_time = adapter->last_time = qdf_system_ticks(); diff --git a/core/hdd/src/wlan_hdd_main.c b/core/hdd/src/wlan_hdd_main.c index 22673f0937..4aa646b30a 100644 --- a/core/hdd/src/wlan_hdd_main.c +++ b/core/hdd/src/wlan_hdd_main.c @@ -3791,17 +3791,6 @@ static struct hdd_adapter *hdd_alloc_station_adapter(struct hdd_context *hdd_ctx return NULL; } - init_completion(&adapter->disconnect_comp_var); - init_completion(&adapter->roaming_comp_var); - init_completion(&adapter->linkup_event_var); - init_completion(&adapter->cancel_rem_on_chan_var); - init_completion(&adapter->rem_on_chan_ready_event); - init_completion(&adapter->sta_authorized_event); - init_completion(&adapter->offchannel_tx_event); - init_completion(&adapter->tx_action_cnf_event); - init_completion(&adapter->ibss_peer_info_comp); - init_completion(&adapter->lfr_fw_status.disable_lfr_event); - adapter->offloads_configured = false; adapter->is_link_up_service_needed = false; adapter->disconnection_in_progress = false; @@ -4753,6 +4742,29 @@ error: return -EINVAL; } +/** + * hdd_init_completion() - Initialize Completion Variables + * @adapter: HDD adapter + * + * This function Initialize the completion variables for + * a particular adapter + * + * Return: None + */ +static void hdd_init_completion(struct hdd_adapter *adapter) +{ + init_completion(&adapter->disconnect_comp_var); + init_completion(&adapter->roaming_comp_var); + init_completion(&adapter->linkup_event_var); + init_completion(&adapter->cancel_rem_on_chan_var); + init_completion(&adapter->rem_on_chan_ready_event); + init_completion(&adapter->sta_authorized_event); + init_completion(&adapter->offchannel_tx_event); + init_completion(&adapter->tx_action_cnf_event); + init_completion(&adapter->ibss_peer_info_comp); + init_completion(&adapter->lfr_fw_status.disable_lfr_event); +} + /** * hdd_open_adapter() - open and setup the hdd adatper * @hdd_ctx: global hdd context @@ -4932,6 +4944,7 @@ struct hdd_adapter *hdd_open_adapter(struct hdd_context *hdd_ctx, uint8_t sessio return NULL; } + hdd_init_completion(adapter); INIT_WORK(&adapter->scan_block_work, wlan_hdd_cfg80211_scan_block_cb); qdf_list_create(&adapter->blocked_scan_request_q, WLAN_MAX_SCAN_COUNT); qdf_mutex_create(&adapter->blocked_scan_request_q_lock);