Merge "wlan: Fix integer overflow in rrm_fill_beacon_ies()" into wlan-driver.lnx.1.0
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 0094c7f..c59338c 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -8661,7 +8661,8 @@
.info.vendor_id = QCA_NL80211_VENDOR_ID,
.info.subcmd = QCA_NL80211_VENDOR_SUBCMD_TDLS_GET_STATUS,
.flags = WIPHY_VENDOR_CMD_NEED_WDEV |
- WIPHY_VENDOR_CMD_NEED_NETDEV,
+ WIPHY_VENDOR_CMD_NEED_NETDEV |
+ WIPHY_VENDOR_CMD_NEED_RUNNING,
.doit = wlan_hdd_cfg80211_exttdls_get_status
},
{
@@ -8675,7 +8676,8 @@
.info.vendor_id = QCA_NL80211_VENDOR_ID,
.info.subcmd = QCA_NL80211_VENDOR_SUBCMD_NO_DFS_FLAG,
.flags = WIPHY_VENDOR_CMD_NEED_WDEV |
- WIPHY_VENDOR_CMD_NEED_NETDEV,
+ WIPHY_VENDOR_CMD_NEED_NETDEV |
+ WIPHY_VENDOR_CMD_NEED_RUNNING,
.doit = wlan_hdd_cfg80211_disable_dfs_channels
},
{
diff --git a/CORE/HDD/src/wlan_hdd_early_suspend.c b/CORE/HDD/src/wlan_hdd_early_suspend.c
index e68aa7a..43db794 100644
--- a/CORE/HDD/src/wlan_hdd_early_suspend.c
+++ b/CORE/HDD/src/wlan_hdd_early_suspend.c
@@ -443,7 +443,6 @@
VOS_STATUS hdd_exit_deep_sleep(hdd_context_t *pHddCtx, hdd_adapter_t *pAdapter)
{
VOS_STATUS vosStatus;
- eHalStatus halStatus;
VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO,
"%s: calling hdd_set_sme_config",__func__);
@@ -480,24 +479,8 @@
goto err_voss_stop;
}
-
- //Open a SME session for future operation
- halStatus = sme_OpenSession( pHddCtx->hHal, hdd_smeRoamCallback, pHddCtx,
- (tANI_U8 *)&pAdapter->macAddressCurrent,
- &pAdapter->sessionId);
- if ( !HAL_STATUS_SUCCESS( halStatus ) )
- {
- hddLog(VOS_TRACE_LEVEL_FATAL,"sme_OpenSession() failed with status code %08d [x%08x]",
- halStatus, halStatus );
- goto err_voss_stop;
-
- }
-
pHddCtx->hdd_ps_state = eHDD_SUSPEND_NONE;
- //Trigger the initial scan
- hdd_wlan_initial_scan(pAdapter);
-
return VOS_STATUS_SUCCESS;
err_voss_stop:
diff --git a/CORE/HDD/src/wlan_hdd_hostapd.c b/CORE/HDD/src/wlan_hdd_hostapd.c
index 29daf50..750edef 100644
--- a/CORE/HDD/src/wlan_hdd_hostapd.c
+++ b/CORE/HDD/src/wlan_hdd_hostapd.c
@@ -174,19 +174,64 @@
int __hdd_hostapd_open (struct net_device *dev)
{
hdd_adapter_t *pAdapter = WLAN_HDD_GET_PRIV_PTR(dev);
+ hdd_context_t *pHddCtx;
+ VOS_STATUS status;
+ v_BOOL_t in_standby = TRUE;
+ hdd_adapter_list_node_t *pAdapterNode = NULL, *pNext = NULL;
ENTER();
- if(!test_bit(SOFTAP_BSS_STARTED, &pAdapter->event_flags))
- {
- //WMM_INIT OR BSS_START not completed
- hddLog( LOGW, "Ignore hostadp open request");
- EXIT();
- return 0;
+ if (test_bit(DEVICE_IFACE_OPENED, &pAdapter->event_flags)) {
+ hddLog(VOS_TRACE_LEVEL_DEBUG, "%s: session already opened for the adapter",
+ __func__);
+ return 0;
}
- MTRACE(vos_trace(VOS_MODULE_ID_HDD,
- TRACE_CODE_HDD_HOSTAPD_OPEN_REQUEST, NO_SESSION, 0));
+ pHddCtx = (hdd_context_t*)pAdapter->pHddCtx;
+ MTRACE(vos_trace(VOS_MODULE_ID_HDD, TRACE_CODE_HDD_OPEN_REQUEST,
+ pAdapter->sessionId, pAdapter->device_mode));
+ if (NULL == pHddCtx)
+ {
+ VOS_TRACE( VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_FATAL,
+ "%s: HDD context is Null", __func__);
+ return -ENODEV;
+ }
+ status = hdd_get_front_adapter ( pHddCtx, &pAdapterNode );
+ while ( (NULL != pAdapterNode) && (VOS_STATUS_SUCCESS == status) )
+ {
+ if (test_bit(DEVICE_IFACE_OPENED, &pAdapterNode->pAdapter->event_flags))
+ {
+ hddLog(VOS_TRACE_LEVEL_INFO, "%s: chip already out of standby",
+ __func__);
+ in_standby = FALSE;
+ break;
+ }
+ else
+ {
+ status = hdd_get_next_adapter ( pHddCtx, pAdapterNode, &pNext );
+ pAdapterNode = pNext;
+ }
+ }
+
+ if (TRUE == in_standby)
+ {
+ if (VOS_STATUS_SUCCESS != wlan_hdd_exit_lowpower(pHddCtx, pAdapter))
+ {
+ hddLog(VOS_TRACE_LEVEL_ERROR, "%s: Failed to bring "
+ "wlan out of power save", __func__);
+ return -EINVAL;
+ }
+ }
+
+ status = hdd_init_ap_mode( pAdapter, false);
+ if( VOS_STATUS_SUCCESS != status ) {
+ hddLog(VOS_TRACE_LEVEL_ERROR, "%s: Failed to create session for station mode",
+ __func__);
+ return -EINVAL;
+ }
+
+ set_bit(DEVICE_IFACE_OPENED, &pAdapter->event_flags);
+
//Turn ON carrier state
netif_carrier_on(dev);
//Enable all Tx queues
@@ -239,6 +284,14 @@
//Turn OFF carrier state
netif_carrier_off(dev);
+ if (test_bit(SME_SESSION_OPENED, &adapter->event_flags)) {
+ hdd_stop_adapter(hdd_ctx, adapter, VOS_TRUE);
+ hdd_deinit_adapter(hdd_ctx, adapter, TRUE);
+ }
+
+ clear_bit(DEVICE_IFACE_OPENED, &adapter->event_flags);
+ adapter->dev->wireless_handlers = NULL;
+
if (!hdd_is_cli_iface_up(hdd_ctx))
sme_ScanFlushResult(hdd_ctx->hHal, 0);
@@ -668,9 +721,10 @@
static int __hdd_hostapd_set_mac_address(struct net_device *dev, void *addr)
{
struct sockaddr *psta_mac_addr = addr;
- hdd_adapter_t *pAdapter;
+ hdd_adapter_t *pAdapter, *adapter_temp;
hdd_context_t *pHddCtx;
- int ret = 0;
+ int ret = 0, i;
+ v_MACADDR_t mac_addr;
ENTER();
pAdapter = WLAN_HDD_GET_PRIV_PTR(dev);
@@ -683,10 +737,49 @@
pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
ret = wlan_hdd_validate_context(pHddCtx);
if (0 != ret)
- {
return ret;
+
+
+ memcpy(&mac_addr, psta_mac_addr->sa_data, sizeof(mac_addr));
+ if(vos_is_macaddr_zero(&mac_addr)) {
+ hddLog(VOS_TRACE_LEVEL_ERROR, "Zero Mac address");
+ return -EINVAL;
}
+
+ if (vos_is_macaddr_broadcast(&mac_addr)) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,"MAC is Broadcast");
+ return -EINVAL;
+ }
+
+ if (vos_is_macaddr_multicast(&mac_addr)) {
+ hddLog(VOS_TRACE_LEVEL_ERROR, "Multicast Mac address");
+ return -EINVAL;
+ }
+
+
+ adapter_temp = hdd_get_adapter_by_macaddr(pHddCtx, mac_addr.bytes);
+ if (adapter_temp) {
+ if (!strcmp(adapter_temp->dev->name, dev->name))
+ return 0;
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s: WLAN Mac Addr: "
+ MAC_ADDRESS_STR, __func__,
+ MAC_ADDR_ARRAY(mac_addr.bytes));
+ return -EINVAL;
+ }
+
+ for (i = 0; i < VOS_MAX_CONCURRENCY_PERSONA; i++) {
+ if (!vos_mem_compare(&pAdapter->macAddressCurrent.bytes,
+ &pHddCtx->cfg_ini->intfMacAddr[i].bytes[0], VOS_MAC_ADDR_SIZE)) {
+ memcpy(&pHddCtx->cfg_ini->intfMacAddr[i].bytes[0], mac_addr.bytes,
+ VOS_MAC_ADDR_SIZE);
+ break;
+ }
+ }
+
+ memcpy(&pAdapter->macAddressCurrent, psta_mac_addr->sa_data, ETH_ALEN);
memcpy(dev->dev_addr, psta_mac_addr->sa_data, ETH_ALEN);
+
EXIT();
return 0;
}
diff --git a/CORE/HDD/src/wlan_hdd_main.c b/CORE/HDD/src/wlan_hdd_main.c
index ccbd87c..0034d5c 100644
--- a/CORE/HDD/src/wlan_hdd_main.c
+++ b/CORE/HDD/src/wlan_hdd_main.c
@@ -8065,6 +8065,12 @@
return -ENODEV;
}
+ if (test_bit(DEVICE_IFACE_OPENED, &pAdapter->event_flags)) {
+ hddLog(VOS_TRACE_LEVEL_DEBUG, "%s: session already opened for the adapter",
+ __func__);
+ return 0;
+ }
+
status = hdd_get_front_adapter ( pHddCtx, &pAdapterNode );
while ( (NULL != pAdapterNode) && (VOS_STATUS_SUCCESS == status) )
{
@@ -8091,7 +8097,14 @@
return -EINVAL;
}
}
-
+
+ status = hdd_init_station_mode( pAdapter );
+ if( VOS_STATUS_SUCCESS != status ) {
+ hddLog(VOS_TRACE_LEVEL_ERROR, "%s: Failed to create session for station mode",
+ __func__);
+ return -EINVAL;
+ }
+
set_bit(DEVICE_IFACE_OPENED, &pAdapter->event_flags);
if (hdd_connIsConnected(WLAN_HDD_GET_STATION_CTX_PTR(pAdapter)))
{
@@ -8264,8 +8277,6 @@
wlan_hdd_stop_mon(pHddCtx, true);
}
- /* Make sure the interface is marked as closed */
- clear_bit(DEVICE_IFACE_OPENED, &pAdapter->event_flags);
hddLog(VOS_TRACE_LEVEL_INFO, "%s: Disabling OS Tx queues", __func__);
/* Disable TX on the interface, after this hard_start_xmit() will not
@@ -8286,7 +8297,8 @@
* Notice that the hdd_stop_adapter is requested not to close the session
* That is intentional to be able to scan if it is a STA/P2P interface
*/
- hdd_stop_adapter(pHddCtx, pAdapter, VOS_FALSE);
+ hdd_stop_adapter(pHddCtx, pAdapter, VOS_TRUE);
+ clear_bit(DEVICE_IFACE_OPENED, &pAdapter->event_flags);
#ifdef FEATURE_WLAN_TDLS
mutex_lock(&pHddCtx->tdls_lock);
#endif
@@ -8339,13 +8351,15 @@
}
}
+ pAdapter->dev->wireless_handlers = NULL;
+
/*
* Upon wifi turn off, DUT has to flush the scan results so if
* this is the last cli iface, flush the scan database.
*/
if (!hdd_is_cli_iface_up(pHddCtx))
sme_ScanFlushResult(pHddCtx->hHal, 0);
-
+
EXIT();
return 0;
}
@@ -8901,10 +8915,11 @@
static int __hdd_set_mac_address(struct net_device *dev, void *addr)
{
hdd_adapter_t *pAdapter;
+ hdd_adapter_t *adapter_temp;
hdd_context_t *pHddCtx;
struct sockaddr *psta_mac_addr = addr;
- eHalStatus halStatus = eHAL_STATUS_SUCCESS;
- int ret = 0;
+ int ret = 0, i;
+ v_MACADDR_t mac_addr;
ENTER();
pAdapter = WLAN_HDD_GET_PRIV_PTR(dev);
@@ -8917,15 +8932,47 @@
pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
ret = wlan_hdd_validate_context(pHddCtx);
if (0 != ret)
- {
return ret;
+
+ memcpy(&mac_addr, psta_mac_addr->sa_data, sizeof(mac_addr));
+ if(vos_is_macaddr_zero(&mac_addr)) {
+ hddLog(VOS_TRACE_LEVEL_ERROR, "Zero Mac address");
+ return -EINVAL;
}
+ if (vos_is_macaddr_broadcast(&mac_addr)) {
+ hddLog(VOS_TRACE_LEVEL_ERROR,"MAC is Broadcast");
+ return -EINVAL;
+ }
+
+ if (vos_is_macaddr_multicast(&mac_addr)) {
+ hddLog(VOS_TRACE_LEVEL_ERROR, "Multicast Mac address");
+ return -EINVAL;
+ }
+ adapter_temp = hdd_get_adapter_by_macaddr(pHddCtx, mac_addr.bytes);
+ if (adapter_temp) {
+ if (!strcmp(adapter_temp->dev->name, dev->name))
+ return 0;
+ hddLog(VOS_TRACE_LEVEL_ERROR,
+ "%s: WLAN Mac Addr: "
+ MAC_ADDRESS_STR, __func__,
+ MAC_ADDR_ARRAY(mac_addr.bytes));
+ return -EINVAL;
+ }
+
+ for (i = 0; i < VOS_MAX_CONCURRENCY_PERSONA; i++) {
+ if (!vos_mem_compare(&pAdapter->macAddressCurrent.bytes,
+ &pHddCtx->cfg_ini->intfMacAddr[i].bytes[0], VOS_MAC_ADDR_SIZE)) {
+ memcpy(&pHddCtx->cfg_ini->intfMacAddr[i].bytes[0], mac_addr.bytes,
+ VOS_MAC_ADDR_SIZE);
+ break;
+ }
+ }
memcpy(&pAdapter->macAddressCurrent, psta_mac_addr->sa_data, ETH_ALEN);
memcpy(dev->dev_addr, psta_mac_addr->sa_data, ETH_ALEN);
EXIT();
- return halStatus;
+ return 0;
}
/**---------------------------------------------------------------------------
@@ -9803,9 +9850,6 @@
#endif
hdd_initialize_adapter_common(pAdapter);
- status = hdd_init_station_mode( pAdapter );
- if( VOS_STATUS_SUCCESS != status )
- goto err_free_netdev;
status = hdd_register_interface( pAdapter, rtnl_held );
if( VOS_STATUS_SUCCESS != status )
@@ -9862,16 +9906,12 @@
pAdapter->device_mode = session_type;
hdd_initialize_adapter_common(pAdapter);
- status = hdd_init_ap_mode(pAdapter, false);
- if( VOS_STATUS_SUCCESS != status )
- goto err_free_netdev;
status = hdd_sta_id_hash_attach(pAdapter);
if (VOS_STATUS_SUCCESS != status)
{
hddLog(VOS_TRACE_LEVEL_FATAL,
FL("failed to attach hash for session %d"), session_type);
- hdd_deinit_adapter(pHddCtx, pAdapter, rtnl_held);
goto err_free_netdev;
}
diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c
index 74ad4c1..17c7ee4 100644
--- a/CORE/SME/src/csr/csrApiRoam.c
+++ b/CORE/SME/src/csr/csrApiRoam.c
@@ -4651,7 +4651,7 @@
eCsrJoinState eRoamState = eCsrStopRoaming;
tScanResultList *pBSSList = (tScanResultList *)pCommand->u.roamCmd.hBSSList;
tANI_BOOLEAN fDone = eANI_BOOLEAN_FALSE;
- tCsrRoamInfo roamInfo, *pRoamInfo = NULL;
+ tCsrRoamInfo *roamInfo, *pRoamInfo = NULL;
#ifndef WLAN_MDM_CODE_REDUCTION_OPT
v_U8_t acm_mask = 0;
#endif
@@ -4665,14 +4665,21 @@
smsLog(pMac, LOGE, FL(" session %d not found "), sessionId);
return (eCsrStopRoaming);
}
-
+
+ roamInfo = vos_mem_malloc(sizeof(tCsrRoamInfo));
+ if (!roamInfo) {
+ smsLog(pMac, LOGE, FL("roamInfo empty"));
+ return (eCsrStopRoaming);
+ }
+
do
{
// Check for Cardbus eject condition, before trying to Roam to any BSS
//***if( !balIsCardPresent(pAdapter) ) break;
- vos_mem_set(&roamInfo, sizeof(roamInfo), 0);
- vos_mem_copy (&roamInfo.bssid, &pSession->joinFailStatusCode.bssId, sizeof(tSirMacAddr));
+ vos_mem_copy (roamInfo->bssid, &pSession->joinFailStatusCode.bssId,
+ sizeof(tSirMacAddr));
+
if(NULL != pBSSList)
{
// When handling AP's capability change, continue to associate to
@@ -4697,11 +4704,13 @@
else
{
//We need to indicate to HDD that we are done with this one.
- //vos_mem_set(&roamInfo, sizeof(tCsrRoamInfo), 0);
- roamInfo.pBssDesc = pCommand->u.roamCmd.pLastRoamBss; //this shall not be NULL
- roamInfo.statusCode = pSession->joinFailStatusCode.statusCode;
- roamInfo.reasonCode = pSession->joinFailStatusCode.reasonCode;
- pRoamInfo = &roamInfo;
+ //this shall not be NULL
+ roamInfo->pBssDesc = pCommand->u.roamCmd.pLastRoamBss;
+ roamInfo->statusCode =
+ pSession->joinFailStatusCode.statusCode;
+ roamInfo->reasonCode =
+ pSession->joinFailStatusCode.reasonCode;
+ pRoamInfo = roamInfo;
}
}
while(pCommand->u.roamCmd.pRoamBssEntry)
@@ -4786,7 +4795,7 @@
csrSetAbortRoamingCommand(pMac, pCommand);
break;
}
- vos_mem_set(&roamInfo, sizeof(roamInfo), 0);
+ vos_mem_set(roamInfo, sizeof(roamInfo), 0);
if(pScanResult)
{
tDot11fBeaconIEs *pIesLocal = (tDot11fBeaconIEs *)pScanResult->Result.pvIes;
@@ -4797,8 +4806,8 @@
eRoamState = eCsrStopRoaming;
break;
}
- roamInfo.pBssDesc = &pScanResult->Result.BssDescriptor;
- pCommand->u.roamCmd.pLastRoamBss = roamInfo.pBssDesc;
+ roamInfo->pBssDesc = &pScanResult->Result.BssDescriptor;
+ pCommand->u.roamCmd.pLastRoamBss = roamInfo->pBssDesc;
//No need to put uapsd_mask in if the BSS doesn't support uAPSD
if( pCommand->u.roamCmd.roamProfile.uapsd_mask &&
CSR_IS_QOS_BSS(pIesLocal) &&
@@ -4822,10 +4831,12 @@
{
pCommand->u.roamCmd.roamProfile.uapsd_mask = 0;
}
- roamInfo.pProfile = pProfile;
+ roamInfo->pProfile = pProfile;
pSession->bRefAssocStartCnt++;
- csrRoamCallCallback( pMac, sessionId, &roamInfo, pCommand->u.roamCmd.roamId,
- eCSR_ROAM_ASSOCIATION_START, eCSR_ROAM_RESULT_NONE );
+ csrRoamCallCallback(pMac, sessionId, roamInfo,
+ pCommand->u.roamCmd.roamId,
+ eCSR_ROAM_ASSOCIATION_START,
+ eCSR_ROAM_RESULT_NONE );
}
if ( NULL == pCommand->u.roamCmd.pRoamBssEntry )
{
@@ -4929,13 +4940,14 @@
{
pSession->bRefAssocStartCnt--;
//Complete the last association attemp because a new one is about to be tried
- pRoamInfo = &roamInfo;
+ pRoamInfo = roamInfo;
csrRoamCallCallback(pMac, sessionId, pRoamInfo, pCommand->u.roamCmd.roamId,
eCSR_ROAM_ASSOCIATION_COMPLETION,
eCSR_ROAM_RESULT_NOT_ASSOCIATED);
}
}
+ vos_mem_free(roamInfo);
return( eRoamState );
}
@@ -5058,7 +5070,7 @@
eHalStatus csrRoamProcessCommand( tpAniSirGlobal pMac, tSmeCmd *pCommand )
{
eHalStatus status = eHAL_STATUS_SUCCESS;
- tCsrRoamInfo roamInfo;
+ tCsrRoamInfo *roamInfo;
tANI_U32 sessionId = pCommand->sessionId;
tCsrRoamSession *pSession = CSR_GET_SESSION( pMac, sessionId );
@@ -5067,6 +5079,7 @@
smsLog(pMac, LOGE, FL(" session %d not found "), sessionId);
return eHAL_STATUS_FAILURE;
}
+
smsLog(pMac, LOG1, FL("Roam Reason : %d, sessionId: %d"),
pCommand->u.roamCmd.roamReason, sessionId);
switch ( pCommand->u.roamCmd.roamReason )
@@ -5106,15 +5119,24 @@
}
else
{
- roamInfo.reasonCode = eCsrRoamReasonStaCapabilityChanged;
- csrRoamCallCallback(pMac, pSession->sessionId, &roamInfo, 0, eCSR_ROAM_ROAMING_START, eCSR_ROAM_RESULT_NONE);
+ roamInfo = vos_mem_malloc(sizeof(tCsrRoamInfo));
+ if (!roamInfo) {
+ smsLog(pMac, LOGE, FL("roamInfo empty"));
+ return eHAL_STATUS_FAILURE;
+ }
+
+ roamInfo->reasonCode = eCsrRoamReasonStaCapabilityChanged;
+ csrRoamCallCallback(pMac, pSession->sessionId, roamInfo, 0,
+ eCSR_ROAM_ROAMING_START,
+ eCSR_ROAM_RESULT_NONE);
pSession->roamingReason = eCsrReassocRoaming;
- roamInfo.pBssDesc = pSession->pConnectBssDesc;
- roamInfo.pProfile = &pCommand->u.roamCmd.roamProfile;
+ roamInfo->pBssDesc = pSession->pConnectBssDesc;
+ roamInfo->pProfile = &pCommand->u.roamCmd.roamProfile;
pSession->bRefAssocStartCnt++;
- csrRoamCallCallback( pMac, sessionId, &roamInfo, pCommand->u.roamCmd.roamId,
+ csrRoamCallCallback(pMac, sessionId, roamInfo, pCommand->u.roamCmd.roamId,
eCSR_ROAM_ASSOCIATION_START, eCSR_ROAM_RESULT_NONE );
+ vos_mem_free(roamInfo);
smsLog(pMac, LOG1, FL(" calling csrRoamIssueReassociate"));
status = csrRoamIssueReassociate( pMac, sessionId, pSession->pConnectBssDesc, pIes,
&pCommand->u.roamCmd.roamProfile );
@@ -5207,6 +5229,7 @@
}
break;
}
+
return (status);
}
@@ -8675,7 +8698,7 @@
tScanResultHandle hBSSList;
tANI_BOOLEAN fCallCallback, fRemoveCmd;
eHalStatus status;
- tCsrRoamInfo roamInfo;
+ tCsrRoamInfo *roamInfo;
tCsrScanResultFilter *pScanFilter = NULL;
tANI_U32 roamId = 0;
tCsrRoamProfile *pCurRoamProfile = NULL;
@@ -8684,13 +8707,19 @@
#endif
tANI_U32 sessionId;
tCsrRoamSession *pSession = NULL;
+ tSirSmeDisassocRsp *SmeDisassocRsp = NULL;
- tSirSmeDisassocRsp SmeDisassocRsp;
+ SmeDisassocRsp = vos_mem_malloc(sizeof(tSirSmeDisassocRsp));
+ if (!SmeDisassocRsp) {
+ smsLog(pMac, LOGE, FL("SmeDisassocRsp empty"));
+ return;
+ }
- csrSerDesUnpackDiassocRsp((tANI_U8 *)pSmeRsp, &SmeDisassocRsp);
- sessionId = SmeDisassocRsp.sessionId;
- statusCode = SmeDisassocRsp.statusCode;
+ csrSerDesUnpackDiassocRsp((tANI_U8 *)pSmeRsp, SmeDisassocRsp);
+ sessionId = SmeDisassocRsp->sessionId;
+ statusCode = SmeDisassocRsp->statusCode;
+ vos_mem_free(SmeDisassocRsp);
smsLog( pMac, LOG2, "csrRoamRoamingStateDisassocRspProcessor sessionId %d", sessionId);
if ( csrIsConnStateInfra( pMac, sessionId ) )
@@ -8704,7 +8733,7 @@
smsLog(pMac, LOGE, FL(" session %d not found "), sessionId);
return;
}
-
+
if ( CSR_IS_ROAM_SUBSTATE_DISASSOC_NO_JOIN( pMac, sessionId ) )
{
smsLog( pMac, LOG2, "***eCsrNothingToJoin***");
@@ -8806,15 +8835,22 @@
smsLog( pMac, LOGE, "%s: NO commands are active", __func__ );
}
+ roamInfo = vos_mem_malloc(sizeof(tCsrRoamInfo));
+ if (!roamInfo) {
+ smsLog(pMac, LOGE, FL("roamInfo empty"));
+ goto POST_ROAM_FAILURE;
+ }
/* Notify HDD about handoff and provide the BSSID too */
- roamInfo.reasonCode = eCsrRoamReasonBetterAP;
+ roamInfo->reasonCode = eCsrRoamReasonBetterAP;
- vos_mem_copy(roamInfo.bssid,
+ vos_mem_copy(roamInfo->bssid,
pMac->roam.neighborRoamInfo.csrNeighborRoamProfile.BSSIDs.bssid,
sizeof(tSirMacAddr));
- csrRoamCallCallback(pMac,sessionId, &roamInfo, 0,
- eCSR_ROAM_ROAMING_START, eCSR_ROAM_RESULT_NONE);
+ csrRoamCallCallback(pMac, sessionId, roamInfo, 0,
+ eCSR_ROAM_ROAMING_START, eCSR_ROAM_RESULT_NONE);
+
+ vos_mem_free(roamInfo);
/* Copy the connected profile to apply the same for this connection as well */
pCurRoamProfile = vos_mem_malloc(sizeof(tCsrRoamProfile));
@@ -8853,11 +8889,17 @@
if (pCurRoamProfile)
vos_mem_free(pCurRoamProfile);
- /* Inform the upper layers that the reassoc failed */
- vos_mem_zero(&roamInfo, sizeof(tCsrRoamInfo));
- csrRoamCallCallback(pMac, sessionId,
- &roamInfo, 0, eCSR_ROAM_FT_REASSOC_FAILED, eSIR_SME_SUCCESS);
+ roamInfo = vos_mem_malloc(sizeof(tCsrRoamInfo));
+ if (!roamInfo) {
+ smsLog(pMac, LOGE, FL("roamInfo empty"));
+ return;
+ }
+ /* Inform the upper layers that the reassoc failed */
+ csrRoamCallCallback(pMac, sessionId, roamInfo, 0,
+ eCSR_ROAM_FT_REASSOC_FAILED, eSIR_SME_SUCCESS);
+
+ vos_mem_free(roamInfo);
/*
* Issue a disassoc request so that PE/LIM uses this to clean-up the FT session.
* Upon success, we would re-enter this routine after receiving the disassoc
@@ -8959,7 +9001,7 @@
{
tSirSmeRsp *pSmeRsp;
tSmeIbssPeerInd *pIbssPeerInd;
- tCsrRoamInfo roamInfo;
+ tCsrRoamInfo *roamInfo;
// TODO Session Id need to be acquired in this function
tANI_U32 sessionId = 0;
pSmeRsp = (tSirSmeRsp *)pMsgBuf;
@@ -9046,26 +9088,35 @@
case eWNI_SME_IBSS_PEER_DEPARTED_IND:
pIbssPeerInd = (tSmeIbssPeerInd*)pSmeRsp;
smsLog(pMac, LOGE, "CSR: Peer departed notification from LIM in joining state");
- vos_mem_set(&roamInfo, sizeof(tCsrRoamInfo), 0);
- roamInfo.staId = (tANI_U8)pIbssPeerInd->staId;
- roamInfo.ucastSig = (tANI_U8)pIbssPeerInd->ucastSig;
- roamInfo.bcastSig = (tANI_U8)pIbssPeerInd->bcastSig;
- vos_mem_copy(&roamInfo.peerMac, pIbssPeerInd->peerAddr,
+ roamInfo = vos_mem_malloc(sizeof(tCsrRoamInfo));
+ if (!roamInfo) {
+ smsLog(pMac, LOGE, FL("roamInfo empty"));
+ return;
+ }
+ roamInfo->staId = (tANI_U8)pIbssPeerInd->staId;
+ roamInfo->ucastSig = (tANI_U8)pIbssPeerInd->ucastSig;
+ roamInfo->bcastSig = (tANI_U8)pIbssPeerInd->bcastSig;
+ vos_mem_copy(roamInfo->peerMac, pIbssPeerInd->peerAddr,
sizeof(tCsrBssid));
- csrRoamCallCallback(pMac, sessionId, &roamInfo, 0,
+ csrRoamCallCallback(pMac, sessionId, roamInfo, 0,
eCSR_ROAM_CONNECT_STATUS_UPDATE,
eCSR_ROAM_RESULT_IBSS_PEER_DEPARTED);
+ vos_mem_free(roamInfo);
break;
case eWNI_SME_LOST_LINK_PARAMS_IND:
{
tpSirSmeLostLinkParamsInd pLostLinkParamsInd = (tpSirSmeLostLinkParamsInd)pSmeRsp;
- tCsrRoamInfo roamInfo, *pRoamInfo = NULL;
eCsrRoamResult result = eCSR_ROAM_RESULT_NONE;
- vos_mem_set(&roamInfo, sizeof(tCsrRoamInfo), 0);
- roamInfo.u.pLostLinkParams = &pLostLinkParamsInd->info;
- pRoamInfo = &roamInfo;
+ roamInfo = vos_mem_malloc(sizeof(tCsrRoamInfo));
+ if (!roamInfo) {
+ smsLog(pMac, LOGE, FL("roamInfo empty"));
+ return;
+ }
+ roamInfo->u.pLostLinkParams = &pLostLinkParamsInd->info;
csrRoamCallCallback(pMac, pLostLinkParamsInd->sessionId,
- pRoamInfo, 0, eCSR_ROAM_LOST_LINK_PARAMS_IND, result);
+ roamInfo, 0, eCSR_ROAM_LOST_LINK_PARAMS_IND,
+ result);
+ vos_mem_free(roamInfo);
break;
}
case eWNI_SME_TRIGGER_SAE: