diff mbox series

[2/2] ath10k: Disable napi before resource cleanup to avoid "use after free"

Message ID 20180920050426.4113-2-govinds@codeaurora.org (mailing list archive)
State Accepted
Commit 393b9b0f830efc21c26a4ef9a9ce4d517eb98463
Delegated to: Kalle Valo
Headers show
Series [1/2] ath10k: Move napi_enable to hif_start for consistent pairing | expand

Commit Message

Govind Singh Sept. 20, 2018, 5:04 a.m. UTC
CE buffers are cleaned up prior to napi disable and this is causing
NULL pointer dereference due to "use after free".

Disable napi before resource cleanup to avoid "use after free".

Signed-off-by: Govind Singh <govinds@codeaurora.org>
---
 drivers/net/wireless/ath/ath10k/snoc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/drivers/net/wireless/ath/ath10k/snoc.c b/drivers/net/wireless/ath/ath10k/snoc.c
index dd043b858c8e..6da951eea345 100644
--- a/drivers/net/wireless/ath/ath10k/snoc.c
+++ b/drivers/net/wireless/ath/ath10k/snoc.c
@@ -911,9 +911,9 @@  static void ath10k_snoc_buffer_cleanup(struct ath10k *ar)
 static void ath10k_snoc_hif_stop(struct ath10k *ar)
 {
 	ath10k_snoc_irq_disable(ar);
-	ath10k_snoc_buffer_cleanup(ar);
 	napi_synchronize(&ar->napi);
 	napi_disable(&ar->napi);
+	ath10k_snoc_buffer_cleanup(ar);
 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot hif stop\n");
 }