Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 30717dbd authored by Srinivas Dasari's avatar Srinivas Dasari Committed by snandini
Browse files

qcacld-3.0: Fetch vdev from psoc in TDLS handlers 

Currently, if the TDLS timer expires while the scheduler thread
is processing something(e.g., station vdev destroy), the handler
would be in wait queue and it gets called once the scheduler
thread is done with its current task(i.e., vdev deletion).
TDLS handler tries to use the vdev even it has just got freed,
which leads to use-after-free.
This happens because of the below,
1. vdev destroy notification has no knowledge of the TDLS timer
   expiry as timer_stop is used to stop the timer.
2. vdev is passed to TDLS handler as part of registration.

Fix:
1. Use timer_stop_sync in vdev_destroy_notification to make
   sure the handler is posted to scheduler thread if the timer
   had expired.
2. Get the vdev in handler from psoc instead of passing it to
   the timer handler. This can make sure the vdev is referred
   only if it exists.

Change-Id: I186fd0d44b2364ebb375a8445dd1239368543e7b
CRs-Fixed: 2792020
parent 899e3060
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment