wil6210: protect list of pending wmi events during flush

When flush is done, pending events list is manipulated
without taking the proper spinlock, which could lead to
memory corruption if list is manipulated by wmi worker
or by interrupt routine.

Signed-off-by: Hamad Kadmany <qca_hkadmany@qca.qualcomm.com>
Signed-off-by: Maya Erez <qca_merez@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>

diff --git a/drivers/net/wireless/ath/wil6210/wmi.c b/drivers/net/wireless/ath/wil6210/wmi.c
index a2a895bee6d888edfcb2922a33bc552e400983d9..02ccdaee6da962c118e704571e6d4aa64cfb6513 100644 (file)
--- a/drivers/net/wireless/ath/wil6210/wmi.c
+++ b/drivers/net/wireless/ath/wil6210/wmi.c
@@ -1738,14 +1738,19 @@ int wmi_new_sta(struct wil6210_priv *wil, const u8 *mac, u8 aid)
 
 void wmi_event_flush(struct wil6210_priv *wil)
 {
+       ulong flags;
        struct pending_wmi_event *evt, *t;
 
        wil_dbg_wmi(wil, "event_flush\n");
 
+       spin_lock_irqsave(&wil->wmi_ev_lock, flags);
+
        list_for_each_entry_safe(evt, t, &wil->pending_wmi_ev, list) {
                list_del(&evt->list);
                kfree(evt);
        }
+
+       spin_unlock_irqrestore(&wil->wmi_ev_lock, flags);
 }
 
 static bool wmi_evt_call_handler(struct wil6210_priv *wil, int id,