diff options
| author | Aditya Kodukula <quic_akodukul@quicinc.com> | 2019-12-05 18:54:13 +0800 |
|---|---|---|
| committer | Paul Chen <chenpaul@google.com> | 2022-09-22 09:58:20 +0000 |
| commit | dd9f704fa6e07ebeb2efee6272f56e07ede67702 (patch) | |
| tree | 7d87dddd8109281051a182cf896e83d4e61e09e2 | |
| parent | 135cf26db22bca332d101c2b732715b221325ea3 (diff) | |
| download | qcacld-android-msm-sunfish-4.14-t-qpr3-beta-2.tar.gz | |
qcacld-3.0: Lock all the entry of ch power infoandroid-t-qpr3-beta-3_r0.1android-t-qpr3-beta-3.1_r0.1android-t-qpr3-beta-2_r0.1android-t-qpr2-beta-3_r0.1android-t-qpr2-beta-3.2_r0.2android-t-qpr2-beta-2_r0.1android-t-qpr2-beta-1_r0.2android-t-qpr1-beta-3_r0.2android-13.0.0_r0.80android-13.0.0_r0.71android-13.0.0_r0.66android-13.0.0_r0.61android-13.0.0_r0.56android-13.0.0_r0.51android-13.0.0_r0.46android-msm-sunfish-4.14-t-qpr3-beta-3android-msm-sunfish-4.14-t-qpr3-beta-2android-msm-sunfish-4.14-t-qpr2-beta-3.2android-msm-sunfish-4.14-t-qpr2-beta-1android-msm-sunfish-4.14-android13-qpr2-betaandroid-msm-sunfish-4.14-android13-qpr2android-msm-sunfish-4.14-android13-qpr1-beta3android-msm-sunfish-4.14-android13-qpr1
If the entry of ch power info is not locked, free after use may be
happened. For example, csr_save_to_channel_power2_g_5_g does
csr_purge_channel_power, while csr_save_tx_power_to_cfg is called
in another thread and it calls csr_ll_peek_head then does some
operation on the entry.
Change-Id: If6cc4d8e0072e97288b60d3c72499b79c0a2bf67
CRs-Fixed: 2580147
Bug: 245611633
Signed-off-by: Aditya Kodukula <quic_akodukul@quicinc.com>
| -rw-r--r-- | core/sme/src/csr/csr_api_scan.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/core/sme/src/csr/csr_api_scan.c b/core/sme/src/csr/csr_api_scan.c index 426c75173f..7e7bdc83d9 100644 --- a/core/sme/src/csr/csr_api_scan.c +++ b/core/sme/src/csr/csr_api_scan.c @@ -760,7 +760,8 @@ static void csr_get_channel_power_info(tpAniSirGlobal pMac, tDblLinkList *list, struct csr_channel_powerinfo *ch_set; /* Get 2.4Ghz first */ - entry = csr_ll_peek_head(list, LL_ACCESS_LOCK); + csr_ll_lock(list); + entry = csr_ll_peek_head(list, LL_ACCESS_NOLOCK); while (entry && (chn_idx < *num_ch)) { ch_set = GET_BASE_ADDR(entry, struct csr_channel_powerinfo, link); @@ -771,8 +772,9 @@ static void csr_get_channel_power_info(tpAniSirGlobal pMac, tDblLinkList *list, + (idx * ch_set->interChannelOffset)); chn_pwr_info[chn_idx++].tx_power = ch_set->txPower; } - entry = csr_ll_next(list, entry, LL_ACCESS_LOCK); + entry = csr_ll_next(list, entry, LL_ACCESS_NOLOCK); } + csr_ll_unlock(list); *num_ch = chn_idx; } @@ -1615,7 +1617,8 @@ static void csr_save_tx_power_to_cfg(tpAniSirGlobal pMac, tDblLinkList *pList, return; ch_pwr_set = (tSirMacChanInfo *) (pBuf); - pEntry = csr_ll_peek_head(pList, LL_ACCESS_LOCK); + csr_ll_lock(pList); + pEntry = csr_ll_peek_head(pList, LL_ACCESS_NOLOCK); /* * write the tuples (startChan, numChan, txPower) for each channel found * in the channel power list. @@ -1685,8 +1688,9 @@ static void csr_save_tx_power_to_cfg(tpAniSirGlobal pMac, tDblLinkList *pList, cbLen += sizeof(tSirMacChanInfo); ch_pwr_set++; } - pEntry = csr_ll_next(pList, pEntry, LL_ACCESS_LOCK); + pEntry = csr_ll_next(pList, pEntry, LL_ACCESS_NOLOCK); } + csr_ll_unlock(pList); if (cbLen) cfg_set_str(pMac, cfgId, (uint8_t *) pBuf, cbLen); |