diff options
| author | Deepak Dhamdhere <ddhamdhe@qca.qualcomm.com> | 2015-06-17 20:30:31 -0700 |
|---|---|---|
| committer | Anjaneedevi Kapparapu <akappa@codeaurora.org> | 2015-07-06 16:28:31 +0530 |
| commit | 280c8fee614ba1bd76acab2fef3b90409b774b93 (patch) | |
| tree | e4a7bdcc0ac5750973fc7cdb16b59aaed3dd40af | |
| parent | fc9f5820e7770658115b757133de0306772c63bc (diff) | |
qcacld-2.0: Change timer context to global pMac from local pMac
prima to qcacld-2.0 propagation
This problem is due to race between driver unload and
timer expiry in kernel.In this case, SYS_MSG_ID_MC_STOP
msg is posted from RM thread context during driver unload.
As part of processing this msg, roaming module sets
tCsrTimerInfo->pMac to NULL in MC thread context. Meanwhile,
timer msg also is enqueued from kernel thread. After completion
of SYS_MSG_ID_MC_STOP msg, MC thread will call timer callback
which accesses tCsrTimerInfo->pMac which becomes NULL though
pMac still exists.
This issue is fixed now by checking for NULL pMac and
invalid sessionId. Timer callback will return if those
parameters are invalid.
Change-Id: I37154e1da3f9f9477a73cc864218be952a1b1bbe
CRs-Fixed: 777052
| -rw-r--r-- | CORE/SME/src/csr/csrNeighborRoam.c | 48 |
1 files changed, 41 insertions, 7 deletions
diff --git a/CORE/SME/src/csr/csrNeighborRoam.c b/CORE/SME/src/csr/csrNeighborRoam.c index 922886e27c36..f8cec34b3ab7 100644 --- a/CORE/SME/src/csr/csrNeighborRoam.c +++ b/CORE/SME/src/csr/csrNeighborRoam.c @@ -3382,9 +3382,21 @@ void csrNeighborRoamNeighborScanTimerCallback(void *pv) { tCsrTimerInfo *pInfo = (tCsrTimerInfo *)pv; tpAniSirGlobal pMac = pInfo->pMac; - tANI_U32 sessionId = pInfo->sessionId; - tpCsrNeighborRoamControlInfo pNeighborRoamInfo = - &pMac->roam.neighborRoamInfo[sessionId]; + tANI_U32 sessionId = pInfo->sessionId; + tpCsrNeighborRoamControlInfo pNeighborRoamInfo; + + if (!pMac) + { + VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, FL("pMac is Null")); + return; + } + if (CSR_SESSION_ID_INVALID == sessionId) + { + VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, FL("invalid sessionId")); + return; + } + + pNeighborRoamInfo = &pMac->roam.neighborRoamInfo[sessionId]; // check if bg scan is on going, no need to send down the new params if true if(eANI_BOOLEAN_TRUE == pNeighborRoamInfo->scanRspPending) @@ -3430,8 +3442,19 @@ void csrNeighborRoamEmptyScanRefreshTimerCallback(void *context) tpAniSirGlobal pMac = pInfo->pMac; VOS_STATUS vosStatus = VOS_STATUS_SUCCESS; tANI_U32 sessionId = pInfo->sessionId; - tpCsrNeighborRoamControlInfo pNeighborRoamInfo = - &pMac->roam.neighborRoamInfo[sessionId]; + tpCsrNeighborRoamControlInfo pNeighborRoamInfo; + + if (!pMac) + { + VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, FL("pMac is Null")); + return; + } + if (CSR_SESSION_ID_INVALID == sessionId) + { + VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, FL("invalid sessionId")); + return; + } + pNeighborRoamInfo = &pMac->roam.neighborRoamInfo[sessionId]; /* Reset all the variables just as no scan had happened before */ csrNeighborRoamResetConnectedStateControlInfo(pMac, sessionId); @@ -3485,8 +3508,19 @@ void csrNeighborRoamResultsRefreshTimerCallback(void *context) tpAniSirGlobal pMac = pInfo->pMac; VOS_STATUS vosStatus = VOS_STATUS_SUCCESS; tANI_U32 sessionId = pInfo->sessionId; - tpCsrNeighborRoamControlInfo pNeighborRoamInfo = - &pMac->roam.neighborRoamInfo[pInfo->sessionId]; + tpCsrNeighborRoamControlInfo pNeighborRoamInfo; + + if (!pMac) + { + VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, FL("pMac is Null")); + return; + } + if (CSR_SESSION_ID_INVALID == sessionId) + { + VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, FL("invalid sessionId")); + return; + } + pNeighborRoamInfo = &pMac->roam.neighborRoamInfo[sessionId]; NEIGHBOR_ROAM_DEBUG(pMac, LOG2, FL("Deregistering DOWN event reassoc callback with TL. RSSI = %d"), pNeighborRoamInfo->cfgParams.neighborReassocThreshold * (-1)); |