mochabin/mwifiex
1
0
Fork 0
mirror of https://github.com/nxp-imx/mwifiex.git synced 2024-05-16 18:19:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Issue: WCSWREL-352 Fix for driver kernel panic with use after free print

Browse source 
[Description]
Accessing "pmbuf" after mlan_send_packet results in kernel panic with
"use after free" print.

[Fix]
Moved the link layer statistics related code which accesses "pmbuf" to
the front of mlan_send_packet function.

Signed-off-by: Meet Patel <meet.patel@nxp.com>
This commit is contained in:
Meet Patel 2022-06-24 00:47:49 +05:30 committed by yunjie
parent 3a50175cae
commit 64421ad41f
1 changed files with 10 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
mxm_wifiex/wlan_src/mlinux/moal_main.c
View file

@ -7055,18 +7055,19 @@ static int woal_start_xmit(moal_private *priv, struct sk_buff *skb)
index = skb_get_queue_mapping(skb);
#endif
if (is_zero_timeval(priv->phandle->tx_time_start)) {
priv->phandle->tx_time_start.time_sec =
pmbuf->in_ts_sec;
priv->phandle->tx_time_start.time_usec =
pmbuf->in_ts_usec;
PRINTM(MINFO, "%s : start_timeval=%d:%d \n", __func__,
priv->phandle->tx_time_start.time_sec,
priv->phandle->tx_time_start.time_usec);
}
status = mlan_send_packet(priv->phandle->pmlan_adapter, pmbuf);
switch (status) {
case MLAN_STATUS_PENDING:
if (is_zero_timeval(priv->phandle->tx_time_start)) {
priv->phandle->tx_time_start.time_sec =
pmbuf->in_ts_sec;
priv->phandle->tx_time_start.time_usec =
pmbuf->in_ts_usec;
PRINTM(MINFO, "%s : start_timeval=%d:%d \n", __func__,
priv->phandle->tx_time_start.time_sec,
priv->phandle->tx_time_start.time_usec);
}
atomic_inc(&priv->phandle->tx_pending);
#if LINUX_VERSION_CODE > KERNEL_VERSION(2, 6, 29)