From d939d58b24c0de44675da960f66e71fc9fce0083 Mon Sep 17 00:00:00 2001 From: Balaganapathy Palanisamy Date: Mon, 23 Nov 2020 11:55:33 +0530 Subject: [PATCH] qcacmn: Delete logger timer then reset pcur_node Delete the flush timer then set the pcur_node to NULL while cleanup to avoid NULL pointer dereference in timer handler. CRs-Fixed: 2820441 Change-Id: If6edca1343890e0fe962d7b3e3b5b07f379143ef --- utils/logging/src/wlan_logging_sock_svc.c | 40 +++++++++++++---------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/utils/logging/src/wlan_logging_sock_svc.c b/utils/logging/src/wlan_logging_sock_svc.c index 1ce0c08658..94565a5ec2 100644 --- a/utils/logging/src/wlan_logging_sock_svc.c +++ b/utils/logging/src/wlan_logging_sock_svc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2020 The Linux Foundation. All rights reserved. + * Copyright (c) 2014-2021 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -1033,12 +1033,21 @@ static void flush_timer_init(void) gwlan_logging.flush_timer_period = 0; } +static void flush_timer_deinit(void) +{ + gwlan_logging.is_flush_timer_initialized = false; + qdf_spin_lock(&gwlan_logging.flush_timer_lock); + qdf_timer_stop(&gwlan_logging.flush_timer); + qdf_timer_free(&gwlan_logging.flush_timer); + qdf_spin_unlock(&gwlan_logging.flush_timer_lock); + qdf_spinlock_destroy(&gwlan_logging.flush_timer_lock); +} + int wlan_logging_sock_init_svc(void) { int i = 0, j, pkt_stats_size; unsigned long irq_flag; - flush_timer_init(); spin_lock_init(&gwlan_logging.spin_lock); spin_lock_init(&gwlan_logging.pkt_stats_lock); @@ -1065,6 +1074,8 @@ int wlan_logging_sock_init_svc(void) list_del_init(gwlan_logging.free_list.next); spin_unlock_irqrestore(&gwlan_logging.spin_lock, irq_flag); + flush_timer_init(); + /* Initialize the pktStats data structure here */ pkt_stats_size = sizeof(struct pkt_stats_msg); gpkt_stats_buffers = vmalloc(MAX_PKTSTATS_BUFF * pkt_stats_size); @@ -1133,6 +1144,7 @@ err2: vfree(gpkt_stats_buffers); gpkt_stats_buffers = NULL; err1: + flush_timer_deinit(); spin_lock_irqsave(&gwlan_logging.spin_lock, irq_flag); gwlan_logging.pcur_node = NULL; spin_unlock_irqrestore(&gwlan_logging.spin_lock, irq_flag); @@ -1141,16 +1153,6 @@ err1: return -ENOMEM; } -static void flush_timer_deinit(void) -{ - gwlan_logging.is_flush_timer_initialized = false; - qdf_spin_lock(&gwlan_logging.flush_timer_lock); - qdf_timer_stop(&gwlan_logging.flush_timer); - qdf_timer_free(&gwlan_logging.flush_timer); - qdf_spin_unlock(&gwlan_logging.flush_timer_lock); - qdf_spinlock_destroy(&gwlan_logging.flush_timer_lock); -} - int wlan_logging_sock_deinit_svc(void) { unsigned long irq_flag; @@ -1172,10 +1174,6 @@ int wlan_logging_sock_deinit_svc(void) wake_up_interruptible(&gwlan_logging.wait_queue); wait_for_completion(&gwlan_logging.shutdown_comp); - spin_lock_irqsave(&gwlan_logging.spin_lock, irq_flag); - gwlan_logging.pcur_node = NULL; - spin_unlock_irqrestore(&gwlan_logging.spin_lock, irq_flag); - spin_lock_irqsave(&gwlan_logging.pkt_stats_lock, irq_flag); gwlan_logging.pkt_stats_pcur_node = NULL; gwlan_logging.pkt_stats_msg_idx = 0; @@ -1185,12 +1183,18 @@ int wlan_logging_sock_deinit_svc(void) dev_kfree_skb(gpkt_stats_buffers[i].skb); } spin_unlock_irqrestore(&gwlan_logging.pkt_stats_lock, irq_flag); - vfree(gpkt_stats_buffers); gpkt_stats_buffers = NULL; - free_log_msg_buffer(); + + /* Delete the Flush timer then mark pcur_node NULL */ flush_timer_deinit(); + spin_lock_irqsave(&gwlan_logging.spin_lock, irq_flag); + gwlan_logging.pcur_node = NULL; + spin_unlock_irqrestore(&gwlan_logging.spin_lock, irq_flag); + + free_log_msg_buffer(); + return 0; }