diff options
| author | Rajeev Kumar <rajekuma@qca.qualcomm.com> | 2014-01-17 15:51:06 -0800 |
|---|---|---|
| committer | Prakash Dhavali <pdhavali@qca.qualcomm.com> | 2014-01-26 21:37:02 -0800 |
| commit | 09ba53d50fbddd7e48535a8ae325b0ba4fd224e5 (patch) | |
| tree | 63f302f2d09bffb84ffb67362da8b55d13bf6f00 | |
| parent | bf119963297416a9adb6eb65b0acbce3638db612 (diff) | |
qcacld-new: Fix of page fault caused by dangling pointer
wma_handle->ack_work_ctx is freed after scheduled work is
processed in wma_data_tx_ack_work_handler() but ack_work_ctx
pointer is not reset to null this leads WMA_stop() to use it
during driver unload and leading to page fault because of
using an invalid dangling pointer
Change-Id: I70a411aabe50f91cbcc96cf2c609e213355822f0
CRs-fixed: 600298
| -rw-r--r-- | CORE/SERVICES/WMA/wma.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/CORE/SERVICES/WMA/wma.c b/CORE/SERVICES/WMA/wma.c index 799e1ad7a66f..320874d6feb6 100644 --- a/CORE/SERVICES/WMA/wma.c +++ b/CORE/SERVICES/WMA/wma.c @@ -12301,17 +12301,19 @@ static void wma_data_tx_ack_work_handler(struct work_struct *ack_work) { struct wma_tx_ack_work_ctx *work = container_of(ack_work, struct wma_tx_ack_work_ctx, ack_cmp_work); + tp_wma_handle wma_handle = work->wma_handle; pWDAAckFnTxComp ack_cb = - work->wma_handle->umac_data_ota_ack_cb; + wma_handle->umac_data_ota_ack_cb; WMA_LOGD("Data Tx Ack Cb Status %d", work->status); /* Call the Ack Cb registered by UMAC */ - ack_cb((tpAniSirGlobal)(work->wma_handle->mac_context), + ack_cb((tpAniSirGlobal)(wma_handle->mac_context), work->status ? 0 : 1); - work->wma_handle->umac_data_ota_ack_cb = NULL; + wma_handle->umac_data_ota_ack_cb = NULL; adf_os_mem_free(work); + wma_handle->ack_work_ctx = NULL; } /** |