diff options
| author | Ryan Hsu <ryanhsu@codeaurora.org> | 2018-05-04 12:19:50 -0700 |
|---|---|---|
| committer | nshrivas <nshrivas@codeaurora.org> | 2018-05-08 03:56:27 -0700 |
| commit | a6901dba8700a7c4f2f2ae5db9a1368b375cfeed (patch) | |
| tree | 222cfcd121076b11f51c6b059154652a47bf50dd | |
| parent | 51d01bb566298f40e1deac6bff6b72e1dbf03d9e (diff) | |
qcacld-3.0: rearrange to avoid use-after-free of the skb
The skb buffer is freed after the ealier sanity and then pass along
to connectivity stats tracking. Rearragne the stats tracking into the
scope of the skb sanity to assure the skb poitner is valid before
accessing it and set to NULL after free to make sure it is cleared.
Change-Id: I08106bced48fa8f23955fd261c679a5362ddd7a6
CRs-fixed: 2232362
| -rw-r--r-- | core/hdd/src/wlan_hdd_tx_rx.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/core/hdd/src/wlan_hdd_tx_rx.c b/core/hdd/src/wlan_hdd_tx_rx.c index 6bc2688dc313..40a471edb692 100644 --- a/core/hdd/src/wlan_hdd_tx_rx.c +++ b/core/hdd/src/wlan_hdd_tx_rx.c @@ -1085,9 +1085,15 @@ drop_pkt_and_release_skb: drop_pkt: if (skb) { + /* track connectivity stats */ + if (pAdapter->pkt_type_bitmap) + hdd_tx_rx_collect_connectivity_stats_info(skb, pAdapter, + PKT_TYPE_TX_DROPPED, &pkt_type); + qdf_dp_trace_data_pkt(skb, QDF_DP_TRACE_DROP_PACKET_RECORD, 0, QDF_TX); kfree_skb(skb); + skb = NULL; } drop_pkt_accounting: @@ -1100,11 +1106,6 @@ drop_pkt_accounting: "%s : ARP packet dropped", __func__); } - /* track connectivity stats */ - if (pAdapter->pkt_type_bitmap) - hdd_tx_rx_collect_connectivity_stats_info(skb, pAdapter, - PKT_TYPE_TX_DROPPED, &pkt_type); - return NETDEV_TX_OK; } |