android_kernel_xiaomi_sm8350

History

sheenam monga 1fa0514eb7 qcacld-3.0: Fix sta_ds use after free lim_is_pkt_candidate_for_drop() uses sta_ds to update last assoc and deauth/disasocc received time without taking any lock for sta_ds. deletion of sta_ds in pe_delete_session before accessing sta_ds in dph_lookup_hash_entry can lead lead to Assert. Similar is the case with sta_ds->last_assoc_received_time and sta_ds->last_disassoc_deauth_received_time. Fix is to use peer_priv instead of sta_ds and update last_assoc_received_time and last_disassoc_deauth_received_time of peer_mlme_priv_obj. In this case refcount gets increased for valid peer and peer won't be deleted until lim_is_pkt_candidate_for_drop releases the ref count of the peer. Change-Id: I9daf31f9dd7b509eaf38a93078bb7418605b1c74 CRs-Fixed: 2598841	2020-01-11 17:53:06 -08:00
..
core	qcacld-3.0: Fix sta_ds use after free	2020-01-11 17:53:06 -08:00
dispatcher	qcacld-3.0: Set the default SW retry limit value to 16	2020-01-11 01:50:08 -08:00

sheenam monga 1fa0514eb7 qcacld-3.0: Fix sta_ds use after free

lim_is_pkt_candidate_for_drop() uses sta_ds to update last assoc
and deauth/disasocc received time without taking any lock for
sta_ds. deletion of sta_ds in pe_delete_session before accessing
sta_ds in dph_lookup_hash_entry can lead lead to Assert.
Similar is the case with sta_ds->last_assoc_received_time and
sta_ds->last_disassoc_deauth_received_time.

Fix is to use peer_priv instead of sta_ds and update
last_assoc_received_time and last_disassoc_deauth_received_time of
peer_mlme_priv_obj. In this case refcount gets increased for valid
peer and peer won't be deleted until lim_is_pkt_candidate_for_drop
releases the ref count of the peer.

Change-Id: I9daf31f9dd7b509eaf38a93078bb7418605b1c74
CRs-Fixed: 2598841

2020-01-11 17:53:06 -08:00

core

qcacld-3.0: Fix sta_ds use after free

2020-01-11 17:53:06 -08:00

dispatcher

qcacld-3.0: Set the default SW retry limit value to 16

2020-01-11 01:50:08 -08:00