qcacld-3.0: Relocate fetching of hdd_ctx to avoid stale pointer

In the function hdd_driver_unload, the hdd_ctx is fetched at the beginning before the dsc_wait_for_trans. In the scenario where this wait_for_trans is active and in the other thread (for example when wlan_pld_remove and rmmod run in parallel) the hdd_ctx is invalidated, the local copy of the pointer becomes stale. Accessing this stale pointer leads to page fault. Do not fetch the hdd_ctx before waiting for dsc trans. Rather fetch it just before where it is actually used. Change-Id: Ia5524c7a2af8ff2e976a6f1d3e87f2f374fdc371 CRs-Fixed: 2720714
2020-06-29 12:07:56 +05:30
parent dbcaef0ec1
commit e25710a25c
1 changed files with 2 additions and 1 deletions
--- a/core/hdd/src/wlan_hdd_main.c
+++ b/core/hdd/src/wlan_hdd_main.c
@@ -15929,7 +15929,7 @@ exit:
 static void hdd_driver_unload(void)
 {
 	struct osif_driver_sync *driver_sync;
-	struct hdd_context *hdd_ctx = cds_get_context(QDF_MODULE_ID_HDD);
+	struct hdd_context *hdd_ctx;
 	QDF_STATUS status;
 	void *hif_ctx;

@@ -15962,6 +15962,7 @@ static void hdd_driver_unload(void)
 	cds_set_driver_loaded(false);
 	cds_set_unload_in_progress(true);

+	hdd_ctx = cds_get_context(QDF_MODULE_ID_HDD);
 	if (hdd_ctx) {
 		hdd_psoc_idle_timer_stop(hdd_ctx);
 		/*