qcacld-3.0: Fix race condition between vendor scan and nl scan

If vendor scan and nl scan happen and abort at the same time, before
scan_block_work is scheduled, pAdapter->request may be set as vendor
scan request firstly, then scan_block_work is scheduled while at the
same time pAdapter->request may be as nl scan request by nl scan.

This causes memory leak and incorrect scan done called.

Change-Id: Id730f2d0041641099a26e76ab13ec419a48b4241
CRs-Fixed: 2134652

2 files changed, 23 insertions, 12 deletions

diff --git a/core/hdd/inc/wlan_hdd_main.h b/core/hdd/inc/wlan_hdd_main.h
index c1bd2778fa49..cfc5c3680ea8 100644
--- a/core/hdd/inc/wlan_hdd_main.h
+++ b/core/hdd/inc/wlan_hdd_main.h
@@ -1198,7 +1198,7 @@ struct hdd_adapter_s {
 	/* TODO Move this to sta Ctx */
 	struct wireless_dev wdev;
 	struct cfg80211_scan_request *request;
-	uint8_t scan_source;
+	struct cfg80211_scan_request *vendor_request;
 
 	/** ops checks if Opportunistic Power Save is Enable or Not
 	 * ctw stores ctWindow value once we receive Opps command from
diff --git a/core/hdd/src/wlan_hdd_scan.c b/core/hdd/src/wlan_hdd_scan.c
index ae67337f113e..7baa0cf2916e 100644
--- a/core/hdd/src/wlan_hdd_scan.c
+++ b/core/hdd/src/wlan_hdd_scan.c
@@ -1619,12 +1619,18 @@ static void __wlan_hdd_cfg80211_scan_block_cb(struct work_struct *work)
 		request->n_channels = 0;
 
 		hdd_err("##In DFS Master mode. Scan aborted. Null result sent");
-		if (NL_SCAN == adapter->scan_source)
-			hdd_cfg80211_scan_done(adapter, request, true);
-		else
-			hdd_vendor_scan_callback(adapter, request, true);
+		hdd_cfg80211_scan_done(adapter, request, true);
 		adapter->request = NULL;
 	}
+	request = adapter->vendor_request;
+	if (request) {
+		request->n_ssids = 0;
+		request->n_channels = 0;
+
+		hdd_err("In DFS Master mode. Scan aborted. Null result sent");
+		hdd_vendor_scan_callback(adapter, request, true);
+		adapter->vendor_request = NULL;
+	}
 }
 
 void wlan_hdd_cfg80211_scan_block_cb(struct work_struct *work)
@@ -1924,8 +1930,10 @@ static int __wlan_hdd_cfg80211_scan(struct wiphy *wiphy,
 						conn_info.connState) &&
 	    (!pHddCtx->config->enable_connected_scan)) {
 		hdd_info("enable_connected_scan is false, Aborting scan");
-		pAdapter->request = request;
-		pAdapter->scan_source = source;
+		if (NL_SCAN == source)
+			pAdapter->request = request;
+		else
+			pAdapter->vendor_request = request;
 		schedule_work(&pAdapter->scan_block_work);
 		return 0;
 	}
@@ -1981,9 +1989,10 @@ static int __wlan_hdd_cfg80211_scan(struct wiphy *wiphy,
 			 * startup.
 			 */
 			hdd_err("##In DFS Master mode. Scan aborted");
-			pAdapter->request = request;
-			pAdapter->scan_source = source;
-
+			if (NL_SCAN == source)
+				pAdapter->request = request;
+			else
+				pAdapter->vendor_request = request;
 			schedule_work(&pAdapter->scan_block_work);
 			return 0;
 		}
@@ -2082,8 +2091,10 @@ static int __wlan_hdd_cfg80211_scan(struct wiphy *wiphy,
 	if (pAdapter->device_mode == QDF_SAP_MODE &&
 	   wlan_hdd_sap_skip_scan_check(pHddCtx, request)) {
 		hdd_debug("sap scan skipped");
-		pAdapter->request = request;
-		pAdapter->scan_source = source;
+		if (NL_SCAN == source)
+			pAdapter->request = request;
+		else
+			pAdapter->vendor_request = request;
 		schedule_work(&pAdapter->scan_block_work);
 		return 0;
 	}