Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c33f749d authored by Hamad Kadmany's avatar Hamad Kadmany Committed by Maya Erez
Browse files

wil6210: protect list of pending wmi events during flush 



When flush is done, pending events list is manipulated
without taking the proper spinlock, which could lead to
memory corruption if list is manipulated by wmi worker
or by interrupt routine.

Change-Id: Iccbc65d94f837402c12d9794cfdde21339599a0b
CRs-Fixed: 2002638
Signed-off-by: default avatarHamad Kadmany <hkadmany@codeaurora.org>
parent a4882780

drivers/net/wireless/ath/wil6210/wmi.c

+5 −0
Original line number Diff line number Diff line
@@ -1770,14 +1770,19 @@ int wmi_new_sta(struct wil6210_priv *wil, const u8 *mac, u8 aid) 


void wmi_event_flush(struct wil6210_priv *wil)

{

	ulong flags;

	struct pending_wmi_event *evt, *t;



	wil_dbg_wmi(wil, "event_flush\n");



	spin_lock_irqsave(&wil->wmi_ev_lock, flags);



	list_for_each_entry_safe(evt, t, &wil->pending_wmi_ev, list) {

		list_del(&evt->list);

		kfree(evt);

	}



	spin_unlock_irqrestore(&wil->wmi_ev_lock, flags);

}



static bool wmi_evt_call_handler(struct wil6210_priv *wil, int id,