lisa/android_kernel_xiaomi_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Pass a double pointer to sta_info in hdd_sta_info_detach()

Browse Source 
Data abort is happening while accessing unmapped sta_info in
hdd_softap_stop_bss(). When calling hdd_sta_info_detach() through
hdd_softap_deregister_sta(), sta_info is not being set to NULL since
a single value only passes a copy of sta_info, so the actual sta_info
is not actually being set to NULL. To fix this, pass a double pointer to
sta_info instead of a single pointer so that it can be set to NULL.

Change-Id: I96f4c7e1563e53498a86c95263dc62a8d3d68e21
CRs-Fixed: 2610763
This commit is contained in:
Alan Chen 2020-01-27 10:36:39 -08:00 committed by nshrivas
parent d2ec73e26d
commit 876fa6f2f9
5 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/hdd/src/wlan_hdd_hostapd.c
View File

@ -1557,7 +1557,7 @@ static void hdd_fill_station_info(struct hdd_adapter *adapter,
/* Remove the oldest and store the current */
hdd_sta_info_detach(&adapter->cache_sta_info_list,
oldest_disassoc_sta_info);
&oldest_disassoc_sta_info);
hdd_sta_info_attach(&adapter->cache_sta_info_list,
cache_sta_info);
}

2
core/hdd/src/wlan_hdd_softap_tx_rx.c
View File

@ -1004,7 +1004,7 @@ QDF_STATUS hdd_softap_deregister_sta(struct hdd_adapter *adapter,
mac_addr->bytes) != QDF_STATUS_SUCCESS)
hdd_debug("WLAN_CLIENT_DISCONNECT event failed");
}
hdd_sta_info_detach(&adapter->sta_info_list, sta_info);
hdd_sta_info_detach(&adapter->sta_info_list, &sta_info);
ucfg_mlme_update_oce_flags(hdd_ctx->pdev);

12
core/hdd/src/wlan_hdd_sta_info.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2019 The Linux Foundation. All rights reserved.
* Copyright (c) 2019-2020 The Linux Foundation. All rights reserved.
*
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
@ -73,7 +73,7 @@ QDF_STATUS hdd_sta_info_attach(struct hdd_sta_info_obj *sta_info_container,
}
void hdd_sta_info_detach(struct hdd_sta_info_obj *sta_info_container,
struct hdd_station_info *sta_info)
struct hdd_station_info **sta_info)
{
if (!sta_info_container || !sta_info) {
hdd_err("Parameter(s) null");
@ -82,12 +82,12 @@ void hdd_sta_info_detach(struct hdd_sta_info_obj *sta_info_container,
qdf_spin_lock_bh(&sta_info_container->sta_obj_lock);
qdf_ht_remove(&sta_info->sta_node);
qdf_ht_remove(&((*sta_info)->sta_node));
qdf_spin_unlock_bh(&sta_info_container->sta_obj_lock);
qdf_mem_free(sta_info);
sta_info = NULL;
qdf_mem_free(*sta_info);
*sta_info = NULL;
}
struct hdd_station_info *hdd_get_sta_info_by_mac(
@ -131,7 +131,7 @@ void hdd_clear_cached_sta_info(struct hdd_sta_info_obj *sta_info_container)
qdf_ht_for_each_safe(sta_info_container->sta_obj, index, tmp, sta_info,
sta_node) {
if (sta_info) {
hdd_sta_info_detach(sta_info_container, sta_info);
hdd_sta_info_detach(sta_info_container, &sta_info);
}
}
}

4
core/hdd/src/wlan_hdd_sta_info.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2019 The Linux Foundation. All rights reserved.
* Copyright (c) 2019-2020 The Linux Foundation. All rights reserved.
*
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
@ -240,7 +240,7 @@ void hdd_sta_info_deinit(struct hdd_sta_info_obj *sta_info_container);
* Return: None
*/
void hdd_sta_info_detach(struct hdd_sta_info_obj *sta_info_container,
struct hdd_station_info *sta_info);
struct hdd_station_info **sta_info);
/**
* hdd_sta_info_attach() - Attach the station info structure into the list

4
core/hdd/src/wlan_hdd_station_info.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012-2019 The Linux Foundation. All rights reserved.
* Copyright (c) 2012-2020 The Linux Foundation. All rights reserved.
*
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
@ -1084,7 +1084,7 @@ static int hdd_get_cached_station_remote(struct hdd_context *hdd_ctx,
}
}
hdd_sta_info_detach(&adapter->cache_sta_info_list, stainfo);
hdd_sta_info_detach(&adapter->cache_sta_info_list, &stainfo);
qdf_atomic_dec(&adapter->cache_sta_count);
return cfg80211_vendor_cmd_reply(skb);