From 9b9475d3b5908f3e1a8c758e680ddf836570bf2e Mon Sep 17 00:00:00 2001
From: Hanumantha Reddy Pothula <c_hpothu@qti.qualcomm.com>
Date: Tue, 24 Feb 2015 14:24:55 -0800
Subject: qcacld-2.0: validate QOS context before updating status

This is prima to qcacld-2.0 propagation.

There is a possibility of updating lastStatus in QOS context after
QOS context is freed. Hence validate QOS context by checking magic
number before updating lastStatus.

Change-Id: I182d0008206471e2cbf7695e3461931b1e2f3f5d
CRs-Fixed: 799671
---
 CORE/HDD/src/wlan_hdd_wmm.c | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/CORE/HDD/src/wlan_hdd_wmm.c b/CORE/HDD/src/wlan_hdd_wmm.c
index ce5dfc0869f9..629cba6522d1 100644
--- a/CORE/HDD/src/wlan_hdd_wmm.c
+++ b/CORE/HDD/src/wlan_hdd_wmm.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2014 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2013-2015 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -2453,8 +2453,12 @@ hdd_wlan_wmm_status_e hdd_wmm_addts( hdd_adapter_t* pAdapter,
           return HDD_WLAN_WMM_STATUS_MODIFY_FAILED;
       }
 
-      // we were successful, save the status
-      pQosContext->lastStatus = status;
+      /* we were successful, save the status */
+      mutex_lock(&pAdapter->hddWmmStatus.wmmLock);
+      if (pQosContext->magic == HDD_WMM_CTX_MAGIC)
+          pQosContext->lastStatus = status;
+      mutex_unlock(&pAdapter->hddWmmStatus.wmmLock);
+
       return status;
    }
 
@@ -2542,8 +2546,11 @@ hdd_wlan_wmm_status_e hdd_wmm_addts( hdd_adapter_t* pAdapter,
    }
 #endif
 
-   // we were successful, save the status
-   pQosContext->lastStatus = status;
+   /* we were successful, save the status */
+   mutex_lock(&pAdapter->hddWmmStatus.wmmLock);
+   if (pQosContext->magic == HDD_WMM_CTX_MAGIC)
+       pQosContext->lastStatus = status;
+   mutex_unlock(&pAdapter->hddWmmStatus.wmmLock);
 
    return status;
 }
@@ -2653,7 +2660,11 @@ hdd_wlan_wmm_status_e hdd_wmm_delts( hdd_adapter_t* pAdapter,
    }
 
 #endif
-   pQosContext->lastStatus = status;
+   mutex_lock(&pAdapter->hddWmmStatus.wmmLock);
+   if (pQosContext->magic == HDD_WMM_CTX_MAGIC)
+       pQosContext->lastStatus = status;
+   mutex_unlock(&pAdapter->hddWmmStatus.wmmLock);
+
    return status;
 }
 
-- 
cgit v1.2.3