bcmdhd: caches the memdump_type before accessing it in other contexts

the signature is displayed incorrectly when fw trap occurs.

This is an issue that occurs because the timing of the operation is changed due to the change.
During the 1st dhd_mem_dump (fw trap), 2nd dhd_mem_dump(GET_RING_DATA) is scheduled with overwriting memdump_type from DUMP_TYPE_DONGLE_TRAP to DUMP_TYPE_BY_SYSDUMP.

DHD schedules dhd_mem_dump() after assigning "dhdp->memdump_type"
so, memdump_type can be modified during dhd_mem_dump() in one context when scheduling dhd_mem_dump() in another context.

Bug: 255677200
Test: FW trap test with "wl bus:disconnect 99" and it display the signature properly.

Change-Id: I51b52ccf527ba4842885fff0007eb58f9952cd2e
Signed-off-by: Dennis Jeon <dennis.jeon@broadcom.corp-partner.google.com>

1 files changed, 10 insertions, 12 deletions

diff --git a/dhd_linux.c b/dhd_linux.c
index 56f016c..db11bcb 100644
--- a/dhd_linux.c
+++ b/dhd_linux.c
@@ -19063,8 +19063,8 @@ dhd_mem_dump(void *handle, void *event_info, u8 event)
 	char pc_fn[DHD_FUNC_STR_LEN] = "\0";
 	char lr_fn[DHD_FUNC_STR_LEN] = "\0";
 	trap_t *tr;
-	uint32 memdump_type;
 #endif /* DHD_COREDUMP */
+	uint32 memdump_type;
 
 	DHD_ERROR(("%s: ENTER \n", __FUNCTION__));
 
@@ -19078,6 +19078,8 @@ dhd_mem_dump(void *handle, void *event_info, u8 event)
 		DHD_ERROR(("%s: dhdp is NULL\n", __FUNCTION__));
 		return;
 	}
+	/* keep it locally to avoid overwriting in other contexts */
+	memdump_type = dhdp->memdump_type;
 
 	DHD_GENERAL_LOCK(dhdp, flags);
 	if (DHD_BUS_CHECK_DOWN_OR_DOWN_IN_PROGRESS(dhdp)) {
@@ -19170,14 +19172,11 @@ dhd_mem_dump(void *handle, void *event_info, u8 event)
 		memdump_type = DUMP_TYPE_BY_DSACK_HC_DUE_TO_ISR_DELAY;
 	} else if (dhdp->dsack_hc_due_to_dpc_delay) {
 		memdump_type = DUMP_TYPE_BY_DSACK_HC_DUE_TO_DPC_DELAY;
-	} else {
-		memdump_type = dhdp->memdump_type;
 	}
-
 	dhd_convert_memdump_type_to_str(memdump_type, dhdp->memdump_str,
 		DHD_MEMDUMP_LONGSTR_LEN, dhdp->debug_dump_subcmd);
 
-	if (dhdp->memdump_type == DUMP_TYPE_DONGLE_TRAP &&
+	if (memdump_type == DUMP_TYPE_DONGLE_TRAP &&
 		dhdp->dongle_trap_occured == TRUE) {
 		if (!dhdp->dsack_hc_due_to_isr_delay &&
 				!dhdp->dsack_hc_due_to_dpc_delay) {
@@ -19200,8 +19199,7 @@ dhd_mem_dump(void *handle, void *event_info, u8 event)
 			__FUNCTION__));
 	}
 #endif /* DHD_SSSR_COREDUMP */
-	if ((dhdp->memdump_type == DUMP_TYPE_BY_SYSDUMP) &&
-		(dhdp->dongle_trap_occured == false)) {
+	if (memdump_type == DUMP_TYPE_BY_SYSDUMP) {
 		DHD_LOG_MEM(("%s: coredump is not supported for BY_SYSDUMP/non trap cases\n",
 			__FUNCTION__));
 	} else {
@@ -19263,7 +19261,7 @@ dhd_mem_dump(void *handle, void *event_info, u8 event)
 	*/
 #ifdef DHD_LOG_DUMP
 	if (dhd->scheduled_memdump &&
-		dhdp->memdump_type != DUMP_TYPE_BY_SYSDUMP) {
+		memdump_type != DUMP_TYPE_BY_SYSDUMP) {
 		log_dump_type_t *flush_type = MALLOCZ(dhdp->osh,
 				sizeof(log_dump_type_t));
 		if (flush_type) {
@@ -19299,16 +19297,16 @@ dhd_mem_dump(void *handle, void *event_info, u8 event)
 
 	if (dhd->pub.memdump_enabled == DUMP_MEMFILE_BUGON &&
 #ifdef DHD_LOG_DUMP
-		dhd->pub.memdump_type != DUMP_TYPE_BY_SYSDUMP &&
+		memdump_type != DUMP_TYPE_BY_SYSDUMP &&
 #endif /* DHD_LOG_DUMP */
-		dhd->pub.memdump_type != DUMP_TYPE_BY_USER &&
+		memdump_type != DUMP_TYPE_BY_USER &&
 #ifdef DHD_DEBUG_UART
 		dhd->pub.memdump_success == TRUE &&
 #endif	/* DHD_DEBUG_UART */
 #ifdef DNGL_EVENT_SUPPORT
-		dhd->pub.memdump_type != DUMP_TYPE_DONGLE_HOST_EVENT &&
+		memdump_type != DUMP_TYPE_DONGLE_HOST_EVENT &&
 #endif /* DNGL_EVENT_SUPPORT */
-		dhd->pub.memdump_type != DUMP_TYPE_CFG_VENDOR_TRIGGERED) {
+		memdump_type != DUMP_TYPE_CFG_VENDOR_TRIGGERED) {
 #ifdef SHOW_LOGTRACE
 		/* Wait till logtrace context is flushed */
 		dhd_flush_logtrace_process(dhd);