Fix(esp_wifi): Fix race conditions in btm task deletion

This commit is contained in:
Kapil Gupta 2023-07-07 15:39:09 +05:30 committed by jgujarathi
parent a300e79589
commit d938559efb

View File

@ -40,6 +40,7 @@ struct wpa_supplicant g_wpa_supp;
static void *s_supplicant_task_hdl = NULL;
static void *s_supplicant_evt_queue = NULL;
static void *s_supplicant_api_lock = NULL;
static bool s_supplicant_task_init_done;
#define SUPPLICANT_API_LOCK() os_mutex_lock(s_supplicant_api_lock)
#define SUPPLICANT_API_UNLOCK() os_mutex_unlock(s_supplicant_api_lock)
#define SUPPLICANT_TASK_STACK_SIZE (6144 + TASK_STACK_SIZE_ADD)
@ -155,11 +156,6 @@ static void btm_rrm_task(void *pvParameters)
os_queue_delete(s_supplicant_evt_queue);
s_supplicant_evt_queue = NULL;
if (s_supplicant_api_lock) {
os_semphr_delete(s_supplicant_api_lock);
s_supplicant_api_lock = NULL;
}
/* At this point, we completed */
os_task_delete(NULL);
}
@ -325,7 +321,10 @@ int esp_supplicant_common_init(struct wpa_funcs *wpa_cb)
#if defined(CONFIG_IEEE80211KV) || defined(CONFIG_IEEE80211R) || defined(CONFIG_SAE_PK)
#ifdef CONFIG_SUPPLICANT_TASK
s_supplicant_api_lock = os_recursive_mutex_create();
if (!s_supplicant_api_lock) {
s_supplicant_api_lock = os_recursive_mutex_create();
}
if (!s_supplicant_api_lock) {
wpa_printf(MSG_ERROR, "%s: failed to create Supplicant API lock", __func__);
ret = -1;
@ -345,6 +344,7 @@ int esp_supplicant_common_init(struct wpa_funcs *wpa_cb)
ret = -1;
goto err;
}
s_supplicant_task_init_done = true;
#endif /* CONFIG_SUPPLICANT_TASK */
#ifdef CONFIG_IEEE80211KV
wpas_rrm_reset(wpa_s);
@ -390,7 +390,8 @@ void esp_supplicant_common_deinit(void)
}
#if defined(CONFIG_IEEE80211KV) || defined(CONFIG_IEEE80211R)
#ifdef CONFIG_SUPPLICANT_TASK
if (!s_supplicant_task_hdl && esp_supplicant_post_evt(SIG_SUPPLICANT_DEL_TASK, 0) != 0) {
/* We have failed to create task, delete queue and exit */
if (!s_supplicant_task_hdl) {
if (s_supplicant_evt_queue) {
os_queue_delete(s_supplicant_evt_queue);
s_supplicant_evt_queue = NULL;
@ -399,7 +400,14 @@ void esp_supplicant_common_deinit(void)
os_semphr_delete(s_supplicant_api_lock);
s_supplicant_api_lock = NULL;
}
} else if (esp_supplicant_post_evt(SIG_SUPPLICANT_DEL_TASK, 0) != 0) {
/* failed to post delete event, just delete event queue and exit */
if (s_supplicant_evt_queue) {
os_queue_delete(s_supplicant_evt_queue);
s_supplicant_evt_queue = NULL;
}
}
s_supplicant_task_init_done = false;
#endif /* CONFIG_SUPPLICANT_TASK */
#endif /* defined(CONFIG_IEEE80211KV) || defined(CONFIG_IEEE80211R) */
}
@ -790,27 +798,32 @@ cleanup:
int esp_supplicant_post_evt(uint32_t evt_id, uint32_t data)
{
supplicant_event_t *evt = os_zalloc(sizeof(supplicant_event_t));
if (evt == NULL) {
if (!evt) {
wpa_printf(MSG_ERROR, "Failed to allocated memory");
return -1;
}
evt->id = evt_id;
evt->data = data;
/* Make sure lock exists before taking it */
if (s_supplicant_api_lock) {
SUPPLICANT_API_LOCK();
} else {
SUPPLICANT_API_LOCK();
/* Make sure no event can be sent when deletion event is sent or task not initialized */
if (!s_supplicant_task_init_done) {
SUPPLICANT_API_UNLOCK();
os_free(evt);
return -1;
}
if (os_queue_send(s_supplicant_evt_queue, &evt, os_task_ms_to_tick(10)) != TRUE) {
SUPPLICANT_API_UNLOCK();
os_free(evt);
return -1;
}
if (evt_id != SIG_SUPPLICANT_DEL_TASK) {
SUPPLICANT_API_UNLOCK();
if (evt_id == SIG_SUPPLICANT_DEL_TASK) {
s_supplicant_task_init_done = false;
}
SUPPLICANT_API_UNLOCK();
return 0;
}
#endif /* CONFIG_SUPPLICANT_TASK */