From 90574c5a0c5c4d6548026d1838c2da9dd650f7a4 Mon Sep 17 00:00:00 2001 From: Meet Patel Date: Fri, 24 Jun 2022 00:47:49 +0530 Subject: [PATCH] Issue: WCSWREL-352 Fix for driver kernel panic with use after free print [Description] Accessing "pmbuf" after mlan_send_packet results in kernel panic with "use after free" print. [Fix] Moved the link layer statistics related code which accesses "pmbuf" to the front of mlan_send_packet function. Signed-off-by: Meet Patel --- mxm_wifiex/wlan_src/mlinux/moal_main.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/mxm_wifiex/wlan_src/mlinux/moal_main.c b/mxm_wifiex/wlan_src/mlinux/moal_main.c index b29a8f1..5844590 100644 --- a/mxm_wifiex/wlan_src/mlinux/moal_main.c +++ b/mxm_wifiex/wlan_src/mlinux/moal_main.c @@ -7055,18 +7055,19 @@ static int woal_start_xmit(moal_private *priv, struct sk_buff *skb) index = skb_get_queue_mapping(skb); #endif + if (is_zero_timeval(priv->phandle->tx_time_start)) { + priv->phandle->tx_time_start.time_sec = + pmbuf->in_ts_sec; + priv->phandle->tx_time_start.time_usec = + pmbuf->in_ts_usec; + PRINTM(MINFO, "%s : start_timeval=%d:%d \n", __func__, + priv->phandle->tx_time_start.time_sec, + priv->phandle->tx_time_start.time_usec); + } + status = mlan_send_packet(priv->phandle->pmlan_adapter, pmbuf); switch (status) { case MLAN_STATUS_PENDING: - if (is_zero_timeval(priv->phandle->tx_time_start)) { - priv->phandle->tx_time_start.time_sec = - pmbuf->in_ts_sec; - priv->phandle->tx_time_start.time_usec = - pmbuf->in_ts_usec; - PRINTM(MINFO, "%s : start_timeval=%d:%d \n", __func__, - priv->phandle->tx_time_start.time_sec, - priv->phandle->tx_time_start.time_usec); - } atomic_inc(&priv->phandle->tx_pending); #if LINUX_VERSION_CODE > KERNEL_VERSION(2, 6, 29)