wlan:Fix kernel panic while TDLS exit.
As a part of TDLS exit, tdls context is freed without
explicitly setting tdls adapter as NULL. As a result, a
race condition may arise when tdls exit is called immediately
after tdls init. As a part of tdls init, driver start timers
for peerDiscovery which use tdls adapater . Since as part of tdls
exit, adapters are not set as null but are freed, timer function
might end up using memory which is freed.
As a part of fix, explicitly set adapter as null as part of tdls
exit.
Change-Id: Ia33bd713cc9ab25c3bf0493aebb7ae69dc905005
CRs-Fixed: 709550
diff --git a/CORE/HDD/src/wlan_hdd_tdls.c b/CORE/HDD/src/wlan_hdd_tdls.c
index c678554..65b9235 100644
--- a/CORE/HDD/src/wlan_hdd_tdls.c
+++ b/CORE/HDD/src/wlan_hdd_tdls.c
@@ -149,6 +149,12 @@
return;
}
+ if (WLAN_HDD_ADAPTER_MAGIC != pHddTdlsCtx->pAdapter->magic)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ FL("pAdapter has invalid magic"));
+ return;
+ }
pHddCtx = WLAN_HDD_GET_CTX( pHddTdlsCtx->pAdapter );
if(0 != (wlan_hdd_validate_context(pHddCtx)))
@@ -268,7 +274,12 @@
FL(" pHddTdlsCtx or pAdapter points to NULL"));
return;
}
-
+ if (WLAN_HDD_ADAPTER_MAGIC != pHddTdlsCtx->pAdapter->magic)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ FL("pAdapter has invalid magic"));
+ return;
+ }
pHddCtx = WLAN_HDD_GET_CTX( pHddTdlsCtx->pAdapter );
if(0 != (wlan_hdd_validate_context(pHddCtx)))
@@ -511,6 +522,12 @@
return;
}
+ if (WLAN_HDD_ADAPTER_MAGIC != pHddTdlsCtx->pAdapter->magic)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ FL("pAdapter has invalid magic"));
+ return;
+ }
pHddCtx = WLAN_HDD_GET_CTX( pHddTdlsCtx->pAdapter );
if(0 != (wlan_hdd_validate_context(pHddCtx)))
@@ -796,7 +813,8 @@
wlan_hdd_tdls_free_list(pHddTdlsCtx);
wlan_hdd_tdls_free_scan_request(&pHddCtx->tdls_scan_ctxt);
-
+ pHddTdlsCtx->magic = 0;
+ pHddTdlsCtx->pAdapter = NULL;
vos_mem_free(pHddTdlsCtx);
pAdapter->sessionCtx.station.pHddTdlsCtx = NULL;
pHddTdlsCtx = NULL;