wlan: Free FW caps object after unregistering interrupts
Presently, variable holding FW caps is freed prior to unregistering
interrupts. But as DXE RX ISR access this variable, there is a possibility
of accessing the variable after it's freed.
Free variable holding FW caps after interrupts are deregistered.
Change-Id: Ic25202063eb1f425ce57d01328fc9766dd8b7f8a
CRs-Fixed: 2177131
diff --git a/CORE/WDI/CP/src/wlan_qct_wdi.c b/CORE/WDI/CP/src/wlan_qct_wdi.c
index d3db18d..3a57b30 100644
--- a/CORE/WDI/CP/src/wlan_qct_wdi.c
+++ b/CORE/WDI/CP/src/wlan_qct_wdi.c
@@ -2555,12 +2555,6 @@
/*We have completed cleaning unlock now*/
wpalMutexRelease(&pWDICtx->wptMutex);
- /* Free the global variables */
- wpalMemoryFree(gpHostWlanFeatCaps);
- wpalMemoryFree(gpFwWlanFeatCaps);
- gpHostWlanFeatCaps = NULL;
- gpFwWlanFeatCaps = NULL;
-
/*------------------------------------------------------------------------
Fill in Event data and post to the Main FSM
------------------------------------------------------------------------*/
@@ -8544,7 +8538,7 @@
wpt_uint8* pSendBuffer = NULL;
wpt_uint16 usDataOffset = 0;
wpt_uint16 usSendSize = 0;
- wpt_status status;
+ wpt_status status = WDI_STATUS_E_FAILURE;
tHalMacStopReqMsg halStopReq;
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
@@ -8558,7 +8552,7 @@
WPAL_TRACE( eWLAN_MODULE_DAL_CTRL, eWLAN_PAL_TRACE_LEVEL_WARN,
"%s: Invalid parameters", __func__);
WDI_ASSERT(0);
- goto failRequest;
+ goto free_wlan_feat_caps;
}
/*-----------------------------------------------------------------------
@@ -8573,7 +8567,7 @@
"Unable to get send buffer in stop req %pK %pK %pK",
pEventData, pwdiStopParams, wdiStopRspCb);
WDI_ASSERT(0);
- goto failRequest;
+ goto free_wlan_feat_caps;
}
/*-----------------------------------------------------------------------
@@ -8633,17 +8627,22 @@
/*-------------------------------------------------------------------------
Send Stop Request to HAL
-------------------------------------------------------------------------*/
- return WDI_SendMsg( pWDICtx, pSendBuffer, usSendSize,
+ status = WDI_SendMsg( pWDICtx, pSendBuffer, usSendSize,
wdiStopRspCb, pEventData->pUserData, WDI_STOP_RESP);
-
+ goto free_wlan_feat_caps;
fail:
// Release the message buffer so we don't leak
wpalMemoryFree(pSendBuffer);
-failRequest:
- //WDA should have failure check to avoid the memory leak
- return WDI_STATUS_E_FAILURE;
+free_wlan_feat_caps:
+ /* Free global wlan feature caps variables */
+ wpalMemoryFree(gpHostWlanFeatCaps);
+ wpalMemoryFree(gpFwWlanFeatCaps);
+ gpHostWlanFeatCaps = NULL;
+ gpFwWlanFeatCaps = NULL;
+ //WDA should have failure check to avoid the memory leak
+ return status;
}/*WDI_ProcessStopReq*/
/**
@@ -17031,6 +17030,7 @@
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
wdiStopRspCb = (WDI_StopRspCb)pWDICtx->pfncRspCB;
+
/*-------------------------------------------------------------------------
Sanity check
-------------------------------------------------------------------------*/