Balaji Pothunoori <quic_bpothuno@xxxxxxxxxxx> wrote: > Currently struct ath11k_hal::srng_config pointer is not assigned > to NULL after freeing the memory in ath11k_hal_srng_deinit(). > This could lead to double free issue in a scenario where > ath11k_hal_srng_deinit() is invoked back to back. > > In the current code, although the chances are very low, the above > said scenario could happen when hardware recovery has failed and > then there is another FW assert where ath11k_hal_srng_deinit() is > invoked once again as part of recovery. > > Fix this by assigning the struct ath11k_hal::srng_config pointer > to NULL after freeing the memory. > > Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1 > Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.16 > Tested-on: IPQ5018 hw1.0 AHB WLAN.HK.2.6.0.1-00861-QCAHKSWPL_SILICONZ-1 > Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 > > Signed-off-by: Manikanta Pubbisetty <quic_mpubbise@xxxxxxxxxxx> > Signed-off-by: Balaji Pothunoori <quic_bpothuno@xxxxxxxxxxx> > Acked-by: Jeff Johnson <quic_jjohnson@xxxxxxxxxxx> > Signed-off-by: Kalle Valo <quic_kvalo@xxxxxxxxxxx> Patch applied to ath-next branch of ath.git, thanks. 5094204ff5ae wifi: ath11k: Fix double free issue during SRNG deinit -- https://patchwork.kernel.org/project/linux-wireless/patch/20240826053326.8878-1-quic_bpothuno@xxxxxxxxxxx/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches https://docs.kernel.org/process/submitting-patches.html
