prima: Protect pHashTable with lock
lim_is_assoc_req_for_drop() uses pHashTable which can be accessed
by peDeleteSession simulataneously. This can lead to crash as
memory for pHashTable can be deleted.
Fix this by protecting usage of pHashTable with a lock.
Change-Id: Iaef7a26d9f3e1ccb76807c9dcf140a6f3de34d8e
CRs-Fixed: 2771345
diff --git a/CORE/MAC/src/pe/lim/limApi.c b/CORE/MAC/src/pe/lim/limApi.c
index 988eec3..9aa3d6a 100644
--- a/CORE/MAC/src/pe/lim/limApi.c
+++ b/CORE/MAC/src/pe/lim/limApi.c
@@ -2469,6 +2469,8 @@
tpPESession session_entry;
tpSirMacMgmtHdr pMacHdr;
tpDphHashNode sta_ds;
+ bool status;
+ eHalStatus lock_status = eHAL_STATUS_SUCCESS;
pMacHdr = WDA_GET_RX_MAC_HEADER(rx_pkt_info);
session_entry = peFindSessionByBssid(pMac, pMacHdr->bssId, &session_id);
@@ -2479,27 +2481,45 @@
pMacHdr->sa););
return false;
}
+
+ lock_status = pe_AcquireGlobalLock(&pMac->lim);
+ if (lock_status != eHAL_STATUS_SUCCESS)
+ {
+ limLog(pMac, LOGE, FL("pe_AcquireGlobalLock error"));
+ return TRUE;
+ }
+
sta_ds = dphLookupHashEntry(pMac, pMacHdr->sa, &aid,
&session_entry->dph.dphHashTable);
if (!sta_ds)
{
PELOG1(limLog(pMac, LOG1, FL("pStaDs is NULL")););
- return false;
+ status = false;
+ goto end;
}
- if (!sta_ds->rmfEnabled)
- return false;
+ if (!sta_ds->rmfEnabled) {
+ status = false;
+ goto end;
+ }
- if (sta_ds->pmfSaQueryState == DPH_SA_QUERY_IN_PROGRESS)
- return true;
+ if (sta_ds->pmfSaQueryState == DPH_SA_QUERY_IN_PROGRESS) {
+ status = true;
+ goto end;
+ }
if (sta_ds->last_assoc_received_time &&
((vos_timer_get_system_time() -
- sta_ds->last_assoc_received_time) < 1000))
- return true;
+ sta_ds->last_assoc_received_time) < 1000)) {
+ status = true;
+ goto end;
+ }
sta_ds->last_assoc_received_time = vos_timer_get_system_time();
- return false;
+ status = false;
+end:
+ pe_ReleaseGlobalLock(&pMac->lim);
+ return status;
}
#endif