Acasă Explorează Ajutor
Autentificare
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Răsfoiți Sursa

qcacmn: Fix vdev obj manager reference release in serialization

Vdev object manager reference should be taken before enqueuing
serialization command and it should be released after dequeuing the
command from serialization queue. Currently this reference release is
done before moving the command to active queue from pending queue.
This may lead to vdev object deletion before the command is moved to
active queue and result in use after free access for vdev object.

To resolve this, release vdev object reference after moving the
serialization command to active queue.

Change-Id: Ibef0814a245abb36f526997d848cf15ef6a49a44
CRs-Fixed: 2832676
Bapiraju Alla 4 ani în urmă
părinte
53b3234b8f
comite
f36047161f
1 a modificat fișierele cu 8 adăugiri și 9 ștergeri
Vizualizare divizată Arată Statisticile Diff
  1. 8 9
      umac/cmn_services/serialization/src/wlan_serialization_internal.c

+ 8 - 9
umac/cmn_services/serialization/src/wlan_serialization_internal.c
Vizualizați fișierul 

@@ -513,15 +513,6 @@ wlan_serialization_dequeue_cmd(struct wlan_serialization_command *cmd,
 
 
 	wlan_serialization_release_lock(&pdev_queue->pdev_queue_lock);
 
 
-	/* Call cmd cb for remove request*/
 
-	if (cmd_bkup.cmd_cb) {
 
-		/* caller should release the memory */
 
-		ser_debug("Release memory for type %d id %d",
 
-			  cmd_bkup.cmd_type, cmd_bkup.cmd_id);
 
-		cmd_bkup.cmd_cb(&cmd_bkup,
 
-				     WLAN_SER_CB_RELEASE_MEM_CMD);
 
-	}
 
-
 
 	if (active_cmd) {
 
 		ser_status = wlan_serialization_move_pending_to_active(
 
 			cmd_bkup.cmd_type, ser_pdev_obj,
 
@@ -529,6 +520,14 @@ wlan_serialization_dequeue_cmd(struct wlan_serialization_command *cmd,
 
 			blocking_cmd_removed);
 
 	}
 
 
+	/* Call cmd cb for remove request*/
 
+	if (cmd_bkup.cmd_cb) {
 
+		/* caller should release the memory */
 
+		ser_debug("Release memory for type %d id %d",
 
+			  cmd_bkup.cmd_type, cmd_bkup.cmd_id);
 
+		cmd_bkup.cmd_cb(&cmd_bkup, WLAN_SER_CB_RELEASE_MEM_CMD);
 
+	}
 
+
 
 	if (active_cmd)
 
 		status = WLAN_SER_CMD_IN_ACTIVE_LIST;
 
 	else