0696eef313
During peer unmap handler, while the peer is being deleted, there is a possible race condition if the OL Rx thread is processing RX packets and accesses the peer structure after its contents have been nulled. Remove race condition by - * Flush all RX packets in ol_txrx_peer_detach function which happens before peer unmap event is received from firmware * Avoid use of peer data structures (for example peer->local_id) outside of peer->info_lock in ol_rx_data_cb function. Use cached local copies of peer data structures instead Crash signature due to the race condition: wlan: [0:E :CDF] TXRX: Deleting peer ffffffc012fd13c0 (02:a0:c6:81:f8:c0) Unable to handle kernel paging request at virtual address 400000001 pgd = ffffffc0018b4000 [400000001] *pgd=0000000000000000, *pud=0000000000000000 Internal error: Oops: 96000005 [#1] PREEMPT SMP Modules linked in: wlan(O) [last unloaded: wlan] CPU: 1 PID: 29506 Comm: cds_ol_rx_threa Tainted: G W O 3.18.20-g5222edf-13780-g2219ed2 #1 Hardware name: Qualcomm Technologies, Inc. MSM 8996 v3 + PMI8996 CD (DT) task: ffffffc09350d400 ti: ffffffc0556a4000 task.ti: ffffffc0556a4000 PC is at hdd_rx_packet_cbk+0x84/0x224 [wlan] LR is at hdd_rx_packet_cbk+0x48/0x224 [wlan] pc : [<ffffffbffdd55b5c>] lr : [<ffffffbffdd55b20>] pstate: 80000145 Change-Id: I4b32313024ec214f33dcdcfc401aadfa8af9d692 CRs-Fixed: 1002081 |
||
|---|---|---|
| .. | ||
| bmi | ||
| cds | ||
| dp | ||
| hdd | ||
| mac | ||
| sap | ||
| sme | ||
| utils | ||
| wma | ||