qcacld-2.0: Fix kernel panic while TDLS exit

prima to qcacld-2.0 propagation

As a part of  TDLS exit, tdls context is freed without
explicitly setting tdls adapter as NULL. As a result, a
race condition may arise when tdls exit is called immediately
after tdls init. As a part of tdls init, driver start timers
for peerDiscovery which use tdls adapater. Since as part of tdls
exit, adapters are not set as null but are freed, timer function
might end up using memory which is freed.
As a part of fix, explicitly set adapter as null as part of tdls
exit.

Change-Id: I6eeb3f2b37000237583e17ee160b9c34b9b68957
CRs-Fixed: 800373

1 files changed, 14 insertions, 0 deletions

diff --git a/CORE/HDD/src/wlan_hdd_tdls.c b/CORE/HDD/src/wlan_hdd_tdls.c
index 11e1b9dec208..2bc7d0ca0e0f 100644
--- a/CORE/HDD/src/wlan_hdd_tdls.c
+++ b/CORE/HDD/src/wlan_hdd_tdls.c
@@ -206,6 +206,12 @@ static v_VOID_t wlan_hdd_tdls_discover_peer_cb( v_PVOID_t userData )
         return;
     }
 
+    if (WLAN_HDD_ADAPTER_MAGIC != pHddTdlsCtx->pAdapter->magic) {
+        hddLog(LOGE, FL("pAdapter has invalid magic"));
+        return;
+    }
+
+
     pHddCtx = WLAN_HDD_GET_CTX( pHddTdlsCtx->pAdapter );
     if (0 != (wlan_hdd_validate_context(pHddCtx)))
     {
@@ -374,6 +380,11 @@ static v_VOID_t wlan_hdd_tdls_discovery_timeout_peer_cb(v_PVOID_t userData)
         return;
     }
 
+    if (WLAN_HDD_ADAPTER_MAGIC != pHddTdlsCtx->pAdapter->magic) {
+        hddLog(LOGE, FL("pAdapter has invalid magic"));
+        return;
+    }
+
     pHddCtx = WLAN_HDD_GET_CTX( pHddTdlsCtx->pAdapter );
     if (0 != (wlan_hdd_validate_context(pHddCtx)))
     {
@@ -896,6 +907,9 @@ void wlan_hdd_tdls_exit(hdd_adapter_t *pAdapter)
       }
    }
 
+    pHddTdlsCtx->magic = 0;
+    pHddTdlsCtx->pAdapter = NULL;
+
     vos_mem_free(pHddTdlsCtx);
     pAdapter->sessionCtx.station.pHddTdlsCtx = NULL;
     pHddTdlsCtx = NULL;