wlan: Validate scan_req adapter
qcacld-2.0 to prima propagation.
In function wlan_hdd_cfg80211_validate_scan_req, wiphy pointer in scan_req
is not being validated with the wiphy stored in hdd_ctx. This can cause
a freed scan request to be validated leading to a crash due to
a kernel WARN_ON.
Check hdd_ctx->wiphy with scan_req->wiphy.
Change-Id: I0ea9586cb7114c2e1babfce19b2777596f842c7b
CRs-Fixed: 1092461
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 0687dec..5d505ab 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -12919,9 +12919,11 @@
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 14, 0))
static inline bool wlan_hdd_cfg80211_validate_scan_req(struct
cfg80211_scan_request
- *scan_req)
+ *scan_req, hdd_context_t
+ *hdd_ctx)
{
- if (!scan_req || !scan_req->wiphy) {
+ if (!scan_req || !scan_req->wiphy ||
+ scan_req->wiphy != hdd_ctx->wiphy) {
hddLog(VOS_TRACE_LEVEL_ERROR, "Invalid scan request");
return false;
}
@@ -12934,9 +12936,11 @@
#else
static inline bool wlan_hdd_cfg80211_validate_scan_req(struct
cfg80211_scan_request
- *scan_req)
+ *scan_req, hdd_context_t
+ *hdd_ctx)
{
- if (!scan_req || !scan_req->wiphy) {
+ if (!scan_req || !scan_req->wiphy ||
+ scan_req->wiphy != hdd_ctx->wiphy) {
hddLog(VOS_TRACE_LEVEL_ERROR, "Invalid scan request");
return false;
}
@@ -13066,7 +13070,7 @@
/* Scan is no longer pending */
pScanInfo->mScanPending = VOS_FALSE;
- if (!wlan_hdd_cfg80211_validate_scan_req(req))
+ if (!wlan_hdd_cfg80211_validate_scan_req(req, pHddCtx))
{
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
hddLog(VOS_TRACE_LEVEL_ERROR, FL("interface state %s"),