qcacmn: Do not call stats_cb after vdev is deleted · fb93c36d8d - n4ne's Gogs

Przeglądaj źródła

qcacmn: Do not call stats_cb after vdev is deleted

Currently before calling the stats_cbk we do not
check if the vdev has been deleted or not. There is
a case where vdev might be deleted (but not freed due
to pending ref-count) and the osif_vdev will be freed
as a part of the delete sequence. In this case, calling
stats_cbk with dangling pointer to osif_vdev will lead
to an access to memory which has been freed.

To mitigate this issue, check if the vdev has been marked
for deletion, before calling the stats_cbk in tx completion
path.

Change-Id: I32ef68f45f172fc903ab597a62bb4b3e3cb0f574
CRs-Fixed: 3635454

Rakesh Pillai 1 rok temu

rodzic

c88f3c2d9a

commit

fb93c36d8d

1 zmienionych plików z 1 dodań i 2 usunięć

Widok podzielony Pokaż statystyki zmian

						
							+ 1
							
							- 2
						
dp/wifi3.0/dp_tx.c
							 
								Wyświetl plik
							
				@@ -5743,8 +5743,7 @@ void dp_tx_update_connectivity_stats(struct dp_soc *soc,
			
				 	qdf_assert(tx_desc);
			
				-	if (!vdev ||
			
				-	    !vdev->osif_vdev ||
			
				+	if (!vdev || vdev->delete.pending || !vdev->osif_vdev ||
			
				 	    !vdev->stats_cb)
			
				 		return;