projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 752ed2a)
ath10k: disable napi before resource cleanup to avoid "use after free"
authorGovind Singh <govinds@codeaurora.org>
Thu, 20 Sep 2018 05:04:26 +0000 (10:34 +0530)
committerKalle Valo <kvalo@codeaurora.org>
Mon, 1 Oct 2018 14:04:34 +0000 (17:04 +0300)
CE buffers are cleaned up prior to napi disable and this is causing
NULL pointer dereference due to "use after free".

Disable napi before resource cleanup to avoid "use after free".

Signed-off-by: Govind Singh <govinds@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
drivers/net/wireless/ath/ath10k/snoc.c patch | blob | history

diff --git a/drivers/net/wireless/ath/ath10k/snoc.c b/drivers/net/wireless/ath/ath10k/snoc.c
index 34703101f569aea0867bc2598cf97707b82860bf..f7b5b855aab288daaa6ca56b97f1ca4ce359dc10 100644 (file)
--- a/drivers/net/wireless/ath/ath10k/snoc.c
+++ b/drivers/net/wireless/ath/ath10k/snoc.c
@@ -731,9 +731,9 @@ static void ath10k_snoc_buffer_cleanup(struct ath10k *ar)
 static void ath10k_snoc_hif_stop(struct ath10k *ar)
 {
        ath10k_snoc_irq_disable(ar);
-       ath10k_snoc_buffer_cleanup(ar);
        napi_synchronize(&ar->napi);
        napi_disable(&ar->napi);
+       ath10k_snoc_buffer_cleanup(ar);
        ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot hif stop\n");
 }
 
John Crispins staging tree