bc5a34bba2
When interface change timer expires, wma_wmi_service_close() is
called from hdd_iface_change_callback()->hdd_wlan_stop_modules()
->cds_close(). wmi_handle is made null here. At the same time,
if there is a modem reboot, host will receive early
indication from FW. Due to this, icnss driver sent
ICNSS_UEVENT_FW_DOWN event to host and it calls wmi_stop() again
from icnss_call_driver_uevent()->pld_snoc_uevent()->
wlan_hdd_pld_uevent() -> wlan_hdd_set_the_pld_uevent()->
wma_wmi_stop() -> wmi_stop(). As wmi_handle which was marked
null during wlan stop modules, this causes potential NULL
pointer dereference.
Flush iface_idle_work before wma_wmi_stop and add NULL check
before accessing wmi_handle.
Change-Id: I1bfa8ab7329040c0b5ba989c0d7de7bf7228dd35
CRs-Fixed:
|
||
|---|---|---|
| .. | ||
| inc | ||
| src | ||