0696eef313
During peer unmap handler, while the peer is being deleted, there is a possible race condition if the OL Rx thread is processing RX packets and accesses the peer structure after its contents have been nulled. Remove race condition by - * Flush all RX packets in ol_txrx_peer_detach function which happens before peer unmap event is received from firmware * Avoid use of peer data structures (for example peer->local_id) outside of peer->info_lock in ol_rx_data_cb function. Use cached local copies of peer data structures instead Crash signature due to the race condition: wlan: [0:E :CDF] TXRX: Deleting peer ffffffc012fd13c0 (02:a0:c6:81:f8:c0) Unable to handle kernel paging request at virtual address 400000001 pgd = ffffffc0018b4000 [400000001] *pgd=0000000000000000, *pud=0000000000000000 Internal error: Oops: 96000005 [#1] PREEMPT SMP Modules linked in: wlan(O) [last unloaded: wlan] CPU: 1 PID: 29506 Comm: cds_ol_rx_threa Tainted: G W O 3.18.20-g5222edf-13780-g2219ed2 #1 Hardware name: Qualcomm Technologies, Inc. MSM 8996 v3 + PMI8996 CD (DT) task: ffffffc09350d400 ti: ffffffc0556a4000 task.ti: ffffffc0556a4000 PC is at hdd_rx_packet_cbk+0x84/0x224 [wlan] LR is at hdd_rx_packet_cbk+0x48/0x224 [wlan] pc : [<ffffffbffdd55b5c>] lr : [<ffffffbffdd55b20>] pstate: 80000145 Change-Id: I4b32313024ec214f33dcdcfc401aadfa8af9d692 CRs-Fixed: 1002081 |
||
|---|---|---|
| .. | ||
| cds_api.h | ||
| cds_concurrency.h | ||
| cds_crypto.h | ||
| cds_ieee80211_common.h | ||
| cds_ieee80211_defines.h | ||
| cds_if_upperproto.h | ||
| cds_mc_timer.h | ||
| cds_mq.h | ||
| cds_pack_align.h | ||
| cds_packet.h | ||
| cds_queue.h | ||
| cds_reg_service.h | ||
| cds_regdomain.h | ||
| cds_sched.h | ||
| cds_utils.h | ||