Inicio Explorar Ayuda
Iniciar sesión
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Explorar el Código

qcacld-3.0: Fix double free of ol_txrx pdev

Converged pdev_detach is responsible for freeing the context.
Legacy api needs to conform.  Now the removal of the pdev from
the cds context needs to be done with the api that does not free
the context.

Change-Id: I4430a3bae1658e4e1accc457a572c67c9ce6f58f
CRs-Fixed: 2000089
Houston Hoffman hace 8 años
padre
23a8839a95
commit
e5ec049121
Se han modificado 2 ficheros con 5 adiciones y 4 borrados
Dividir vista Mostrar estadísticas de diff
  1. 4 4
      core/cds/src/cds_api.c
  2. 1 0
      core/dp/txrx/ol_txrx.c

+ 4 - 4
core/cds/src/cds_api.c
Ver fichero 

@@ -896,6 +896,7 @@ QDF_STATUS cds_post_disable(v_CONTEXT_t cds_context)
 
 QDF_STATUS cds_close(struct wlan_objmgr_psoc *psoc, v_CONTEXT_t cds_context)
 
 {
 
 	QDF_STATUS qdf_status;
 
+	void *ctx;
 
 
 	qdf_status = wma_wmi_work_close(cds_context);
 
 	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
 
@@ -910,10 +911,9 @@ QDF_STATUS cds_close(struct wlan_objmgr_psoc *psoc, v_CONTEXT_t cds_context)
 
 		gp_cds_context->htc_ctx = NULL;
 
 	}
 
 
-	cdp_pdev_detach(cds_get_context(QDF_MODULE_ID_SOC),
 
-		gp_cds_context->pdev_txrx_ctx, 1);
 
-	cds_free_context(cds_context, QDF_MODULE_ID_TXRX,
 
-			 gp_cds_context->pdev_txrx_ctx);
 
+	ctx = cds_get_context(QDF_MODULE_ID_TXRX);
 
+	cds_set_context(QDF_MODULE_ID_TXRX, NULL);
 
+	cdp_pdev_detach(cds_get_context(QDF_MODULE_ID_SOC), ctx, 1);
 
 
 	qdf_status = sme_close(((p_cds_contextType) cds_context)->pMACContext);
 
 	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {

+ 1 - 0
core/dp/txrx/ol_txrx.c
Ver fichero 

@@ -1743,6 +1743,7 @@ static void ol_txrx_pdev_detach(void *ppdev, int force)
 
 #ifdef QCA_COMPUTE_TX_DELAY
 
 	qdf_spinlock_destroy(&pdev->tx_delay.mutex);
 
 #endif
 
+	qdf_mem_free(ppdev);
 
 }
 
 
 #if defined(CONFIG_PER_VDEV_TX_DESC_POOL)