diff options
| author | Pragaspathi Thilagaraj <tpragasp@codeaurora.org> | 2019-03-28 17:37:49 +0530 |
|---|---|---|
| committer | nshrivas <nshrivas@codeaurora.org> | 2019-04-12 14:01:32 -0700 |
| commit | a4288e1c9a2036c5353e06b97d565d104404f355 (patch) | |
| tree | e058417b3ecc6b4c34776f2ca08bd67c6dcac410 /scripts/gdb/linux/tasks.py | |
| parent | 96b26736e6fdcd561eff09b2f5ab8a44d55a4883 (diff) | |
qcacld-3.0: Unset sme roaming in progress after roam synch complete
When userspace disconnect is received, wlan_hdd_disconnect()
checks if roaming is in progress and waits for 4 secs if roaming
is in progress. The roaming_in_progress flag is set after
CSR receives SIR_ROAMING_START and is unset after CSR receives
SIR_ROAM_SYNCH_NAPI_OFF. Since SIR_ROAM_SYNCH_COMPLETE is
received after SIR_ROAM_SYNCH_NAPI_OFF and all the roaming state
machine activities like filling connection info, bss description
happens after SIR_ROAM_SYNCH_COMPLETE is received. So there
exists a race window between SIR_ROAM_SYNCH_NAPI_OFF and
SIR_ROAM_SYNCH_COMPLETE when the wlan_hdd_disconnect() could
proceed to free the session->pCurRoamProfile and
csr_roam_prepare_bss_config() tries to acces this when
SIR_ROAM_SYNCH_COMPLETE or SIR_ROAM_SYNCH_PROPOGATE is received.
This could result in null pointer dereference of pCurRoamProfile.
Call hdd_set_roaming_in_progress(false) in
hdd_sme_roam_callback() when SIR_ROAM_SYNCH_COMPLETE is received
Change-Id: Ic350d55e857ad950a0e630b07d75a5b1b572a75c
CRs-Fixed: 2399474
Diffstat (limited to 'scripts/gdb/linux/tasks.py')
0 files changed, 0 insertions, 0 deletions