diff options
| author | Jeff Johnson <jjohnson@qca.qualcomm.com> | 2013-12-05 17:19:46 -0800 |
|---|---|---|
| committer | Prakash Dhavali <pdhavali@codeaurora.org> | 2014-01-18 02:43:13 -0800 |
| commit | 32bf1d22fea19da48e6f3e30eb88f9b226f5638f (patch) | |
| tree | 331dedf6c9c9a8a0d055a7e4ec2f3fc6ab940d23 | |
| parent | 3ab487efb84f31d09a173a825d1866d5cbdd17e3 (diff) | |
wlan: Add adapter MAGIC checking in *_tx_fetch_packet_cbk()
A kernel panic in _list_del_entry() was observed when SoftAP was
disabled. Root cause is that when the SoftAP function was disabled
and the pAdapter was freed, the TX Thread was blocked. When the TX
Thread subsequently unblocked, a stale pAdapter was dereferenced. Add
adapter MAGIC checking to the *_tx_fetch_packet_cbk() functions to
prevent dereference of a stale pAdapter.
Change-Id: I7d7436bf0433e86833230b8bfa620a8fa9c7f538
CRs-fixed: 580814
| -rw-r--r-- | CORE/HDD/src/wlan_hdd_softap_tx_rx.c | 34 | ||||
| -rw-r--r-- | CORE/HDD/src/wlan_hdd_tx_rx.c | 2 |
2 files changed, 18 insertions, 18 deletions
diff --git a/CORE/HDD/src/wlan_hdd_softap_tx_rx.c b/CORE/HDD/src/wlan_hdd_softap_tx_rx.c index e909b2d69f33..7d269b724701 100644 --- a/CORE/HDD/src/wlan_hdd_softap_tx_rx.c +++ b/CORE/HDD/src/wlan_hdd_softap_tx_rx.c @@ -1103,13 +1103,28 @@ VOS_STATUS hdd_softap_tx_fetch_packet_cbk( v_VOID_t *vosContext, return VOS_STATUS_E_FAILURE; } - pAdapter = pHddCtx->sta_to_adapter[*pStaId]; - if( NULL == pAdapter ) + STAId = *pStaId; + if (STAId >= WLAN_MAX_STA_COUNT) + { + VOS_TRACE( VOS_MODULE_ID_HDD_SOFTAP, VOS_TRACE_LEVEL_ERROR, + "%s: Invalid STAId %d passed by TL", __func__, STAId); + return VOS_STATUS_E_FAILURE; + } + + pAdapter = pHddCtx->sta_to_adapter[STAId]; + if ((NULL == pAdapter) || (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic)) { VOS_ASSERT(0); return VOS_STATUS_E_FAILURE; } + if (FALSE == pAdapter->aStaInfo[STAId].isUsed ) + { + VOS_TRACE( VOS_MODULE_ID_HDD_SOFTAP, VOS_TRACE_LEVEL_ERROR, + "%s: Unregistered STAId %d passed by TL", __func__, STAId); + return VOS_STATUS_E_FAILURE; + } + /* Monitor traffic */ if ( pHddCtx->cfg_ini->enableTrafficMonitor ) { @@ -1132,21 +1147,6 @@ VOS_STATUS hdd_softap_tx_fetch_packet_cbk( v_VOID_t *vosContext, ++pAdapter->hdd_stats.hddTxRxStats.txFetched; - STAId = *pStaId; - if (STAId >= WLAN_MAX_STA_COUNT) - { - VOS_TRACE( VOS_MODULE_ID_HDD_SOFTAP, VOS_TRACE_LEVEL_ERROR, - "%s: Invalid STAId %d passed by TL", __func__, STAId); - return VOS_STATUS_E_FAILURE; - } - - if (FALSE == pAdapter->aStaInfo[STAId].isUsed ) - { - VOS_TRACE( VOS_MODULE_ID_HDD_SOFTAP, VOS_TRACE_LEVEL_ERROR, - "%s: Unregistered STAId %d passed by TL", __func__, STAId); - return VOS_STATUS_E_FAILURE; - } - *ppVosPacket = NULL; //Make sure the AC being asked for is sane diff --git a/CORE/HDD/src/wlan_hdd_tx_rx.c b/CORE/HDD/src/wlan_hdd_tx_rx.c index f57be8db267c..f9fcd0a9b4c9 100644 --- a/CORE/HDD/src/wlan_hdd_tx_rx.c +++ b/CORE/HDD/src/wlan_hdd_tx_rx.c @@ -1304,7 +1304,7 @@ VOS_STATUS hdd_tx_fetch_packet_cbk( v_VOID_t *vosContext, } pAdapter = pHddCtx->sta_to_adapter[*pStaId]; - if( NULL == pAdapter ) + if ((NULL == pAdapter) || (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic)) { VOS_ASSERT(0); return VOS_STATUS_E_FAILURE; |