samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacmn: Do not call stats_cb after vdev is deleted

Browse Source 
Currently before calling the stats_cbk we do not
check if the vdev has been deleted or not. There is
a case where vdev might be deleted (but not freed due
to pending ref-count) and the osif_vdev will be freed
as a part of the delete sequence. In this case, calling
stats_cbk with dangling pointer to osif_vdev will lead
to an access to memory which has been freed.

To mitigate this issue, check if the vdev has been marked
for deletion, before calling the stats_cbk in tx completion
path.

Change-Id: I32ef68f45f172fc903ab597a62bb4b3e3cb0f574
CRs-Fixed: 3635454
This commit is contained in:
Rakesh Pillai
2023-10-10 14:39:16 +05:30
committed by Rahul Choudhary
parent c88f3c2d9a
commit fb93c36d8d
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
dp/wifi3.0/dp_tx.c
View File

@@ -5743,8 +5743,7 @@ void dp_tx_update_connectivity_stats(struct dp_soc *soc,
qdf_assert(tx_desc);
if (!vdev ||
!vdev->osif_vdev ||
if (!vdev || vdev->delete.pending || !vdev->osif_vdev ||
!vdev->stats_cb)
return;