diff options
| author | Poddar, Siddarth <siddpodd@codeaurora.org> | 2016-10-10 13:51:38 +0530 |
|---|---|---|
| committer | Anjaneedevi Kapparapu <akappa@codeaurora.org> | 2016-11-01 15:02:54 +0530 |
| commit | 1d9231ffb32723a00f1df4d48fcebc6b42b60810 (patch) | |
| tree | ef5df63dd0dcbc30a52a194034fe23f216d36450 | |
| parent | d576336c3e01d8aa56b758322d0c2417092b08b1 (diff) | |
qcacld-2.0: Fix to avoid invalid access to already freed target memory
During wifi unload, to clear the endpoint receive callback for the htt,
get target handle from global context directly rather than passing
handle as an argument in disconnect service during pdev detach.
This is to avoid any invalid access to freed target memory as in case
of vos_close, where handle is destroyed before detaching pdev.
Change-Id: Iadb6b141fe49cb81d7d122b5b88dc9e741515e47
CRs-Fixed: 1076014
| -rw-r--r-- | CORE/CLD_TXRX/HTT/htt.c | 2 | ||||
| -rw-r--r-- | CORE/SERVICES/COMMON/htc_api.h | 4 | ||||
| -rw-r--r-- | CORE/SERVICES/HTC/htc_services.c | 15 |
3 files changed, 14 insertions, 7 deletions
diff --git a/CORE/CLD_TXRX/HTT/htt.c b/CORE/CLD_TXRX/HTT/htt.c index e986cd48e1aa..9a03cc1c3723 100644 --- a/CORE/CLD_TXRX/HTT/htt.c +++ b/CORE/CLD_TXRX/HTT/htt.c @@ -391,7 +391,7 @@ htt_attach_target(htt_pdev_handle pdev) void htt_htc_detach(struct htt_pdev_t *pdev) { - htc_disconnect_service(pdev->htc_pdev, pdev->htc_endpoint); + htc_disconnect_service(pdev->htc_endpoint); return; } diff --git a/CORE/SERVICES/COMMON/htc_api.h b/CORE/SERVICES/COMMON/htc_api.h index 351d485af0f3..29127179e7c7 100644 --- a/CORE/SERVICES/COMMON/htc_api.h +++ b/CORE/SERVICES/COMMON/htc_api.h @@ -394,15 +394,13 @@ A_STATUS HTCConnectService(HTC_HANDLE HTCHandle, /** * htc_disconnect_service() - Disconnect to an HTC service - * @htc_handle: HTC handle * @endpoint_id: endpoint id * * Service disconnection must be performed during htt_detach. * * Return: None */ -void htc_disconnect_service(HTC_HANDLE htc_handle, - HTC_ENDPOINT_ID endpoint_id); +void htc_disconnect_service(HTC_ENDPOINT_ID endpoint_id); /*+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ @desc: HTC register log dump diff --git a/CORE/SERVICES/HTC/htc_services.c b/CORE/SERVICES/HTC/htc_services.c index 36d45557a70f..4ee26eda9a4a 100644 --- a/CORE/SERVICES/HTC/htc_services.c +++ b/CORE/SERVICES/HTC/htc_services.c @@ -31,6 +31,7 @@ #if defined(HIF_PCI) #include "if_pci.h" #endif +#include <vos_api.h> extern unsigned int htc_credit_flow; @@ -328,10 +329,18 @@ A_STATUS HTCConnectService(HTC_HANDLE HTCHandle, return status; } -void htc_disconnect_service(HTC_HANDLE htc_handle, HTC_ENDPOINT_ID endpoint_id) +void htc_disconnect_service(HTC_ENDPOINT_ID endpoint_id) { - HTC_TARGET *target = GET_HTC_TARGET_FROM_HANDLE(htc_handle); - HTC_ENDPOINT *endpoint = &target->EndPoint[endpoint_id]; + void *vos_ctx = vos_get_global_context(VOS_MODULE_ID_HTC, NULL); + HTC_HANDLE *htc_hdl = vos_get_context(VOS_MODULE_ID_HTC, vos_ctx); + HTC_TARGET *target; + HTC_ENDPOINT *endpoint; + + if (htc_hdl == NULL) + return; + + target = GET_HTC_TARGET_FROM_HANDLE(htc_hdl); + endpoint = &target->EndPoint[endpoint_id]; LOCK_HTC_ENDPOINT_RX(endpoint); endpoint->EpCallBacks.EpRecv = NULL; |