962336e56d
An assert was observed with the following traceback:
qdf_mc_timer_stop+0x90/0x140 [wlan]
hdd_wmm_disable_inactivity_timer+0x54/0xd0 [wlan]
hdd_wmm_delts+0x168/0x240 [wlan]
iw_del_tspec+0x94/0xf0 [wlan]
In hdd_wmm_disable_inactivity_timer() there is sufficient guard logic
to only act upon a valid timer:
if (pQosContext->is_inactivity_timer_running == true) {
So it is apparent that this flag was set to true. However in this
specific use case the logs show that in the addTS path the timer was
not started and the flag was not explicitly set. So the only
explanation is that the flag was set via some other mechanism.
There are two places where a pQosContext is allocated and initialized.
In hdd_wmm_acquire_access() the implicit qos case is handled, and in
that function there is an explicit assignment:
pQosContext->is_inactivity_timer_running = false;
In hdd_wmm_addts() the explicit qos case is handled, and in that
function there is not an explicit assignment.
Note the memory is allocated by:
pQosContext = kmalloc(sizeof(*pQosContext), GFP_KERNEL);
And there is not an explicit clearing of the memory. Hence in the case
of an explicit addTS the is_inactivity_timer_running flag will have a
garbage value. So in the case at handle this garbage value must have
been equal to true.
Fix this by explicitly setting is_inactivity_timer_running in the
explicit qos case.
Change-Id: I94325ab6889780d77241d6e1b3ac0a138cf786b8
CRs-Fixed: 1083078
(cherry picked from commit 9e5e59ff7a51680d582711ef1182fc6aace1bfe1)
This is CNSS WLAN Host Driver for products starting from iHelium