From 143be7a013a66079bc7d0c02cfb2d236bbfa5233 Mon Sep 17 00:00:00 2001
From: Manjeet Singh <c_manjee@qti.qualcomm.com>
Date: Tue, 13 Sep 2016 19:18:13 +0530
Subject: qcacld-2.0: Validate adapter in scan done callback

In hdd_cfg80211_scan_done_callback, scan_done notification is
sent to the kernel for scan requests completed successfully or
in case of scan abort. The notification indicates kernel to free
the scan request.
After kernel version 3.14 , changes in the kernel cause scan request
to be freed in case of net device unregister or interface down.
If then HDD sends another scan_done notification on the freed scan
request as part of pending scan abort, a crash occurs when the freed
memory is accessed by kernel.

Thus, avoid sending scan_done notification in case of driver unload.

Change-Id: I8f27c720e00f50f056d7b98e2d35d34f218da7b8
CRs-fixed: 1059683
---
 CORE/HDD/src/wlan_hdd_cfg80211.c | 48 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 46 insertions(+), 2 deletions(-)

diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 5dfadecccbba..dd030326cdf4 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -17349,6 +17349,42 @@ VOS_STATUS wlan_hdd_cfg80211_roam_metrics_handover(hdd_adapter_t * pAdapter,
 }
 #endif
 
+
+/**
+ * wlan_hdd_cfg80211_validate_scan_req - validate scan request
+ * @scan_req: scan request to be checked
+ *
+ * Return: true or false
+ */
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 14, 0))
+static inline bool wlan_hdd_cfg80211_validate_scan_req(struct
+                                                       cfg80211_scan_request
+                                                       *scan_req)
+{
+        if (!scan_req || !scan_req->wiphy) {
+                hddLog(VOS_TRACE_LEVEL_ERROR, "Invalid scan request");
+                return false;
+        }
+        if (vos_is_load_unload_in_progress(VOS_MODULE_ID_HDD, NULL)) {
+                hddLog(VOS_TRACE_LEVEL_ERROR, "Load/Unload in progress");
+                return false;
+        }
+        return true;
+}
+#else
+static inline bool wlan_hdd_cfg80211_validate_scan_req(struct
+                                                       cfg80211_scan_request
+                                                       *scan_req)
+{
+        if (!scan_req || !scan_req->wiphy) {
+                hddLog(VOS_TRACE_LEVEL_ERROR, "Invalid scan request");
+                return false;
+        }
+        return true;
+}
+#endif
+
+
 /*
  * FUNCTION: hdd_cfg80211_scan_done_callback
  * scanning callback function, called after finishing scan
@@ -17489,9 +17525,17 @@ static eHalStatus hdd_cfg80211_scan_done_callback(tHalHandle halHandle,
     /* Scan is no longer pending */
     pScanInfo->mScanPending = VOS_FALSE;
 
-    if (!req || req->wiphy == NULL)
+    if (!wlan_hdd_cfg80211_validate_scan_req(req))
     {
-        hddLog(VOS_TRACE_LEVEL_ERROR, "request is became NULL");
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
+            hddLog(VOS_TRACE_LEVEL_ERROR, FL("interface state %s"),
+                   iface_down ? "up" : "down");
+#endif
+        if (pAdapter->dev)
+        {
+            hddLog(VOS_TRACE_LEVEL_ERROR, FL("device name %s"),
+                   pAdapter->dev->name);
+        }
         complete(&pScanInfo->abortscan_event_var);
         goto allow_suspend;
     }
-- 
cgit v1.2.3