qcacld-3.0: Free LIM Deauth/Disassoc requests during lim cleanup
If Deauth/Disassoc timer is currently running when lim_cleanup
happens due to SSR, the memory allocated for Disassoc/Deauth Req in
mac context is not freed leading to memory leak.
Free Deauth/Disassoc Requests stored in mac context in lim_cleanup
Also check for existing Deauth/Disassoc Request pointers stored in
mac context and free it before assigning it to point to the
current request.
Change-Id: Id7e221bd9d5061ecaa9b73a4fe1dc0f465f68aa9
CRs-Fixed: 2191131
diff --git a/core/mac/src/pe/lim/lim_api.c b/core/mac/src/pe/lim/lim_api.c
index 6387ea7..0143c48 100644
--- a/core/mac/src/pe/lim/lim_api.c
+++ b/core/mac/src/pe/lim/lim_api.c
@@ -682,6 +682,17 @@
qdf_mem_free(pMac->lim.gpLimMlmScanReq);
pMac->lim.gpLimMlmScanReq = NULL;
}
+
+ if (pMac->lim.limDisassocDeauthCnfReq.pMlmDisassocReq) {
+ qdf_mem_free(pMac->lim.limDisassocDeauthCnfReq.pMlmDisassocReq);
+ pMac->lim.limDisassocDeauthCnfReq.pMlmDisassocReq = NULL;
+ }
+
+ if (pMac->lim.limDisassocDeauthCnfReq.pMlmDeauthReq) {
+ qdf_mem_free(pMac->lim.limDisassocDeauthCnfReq.pMlmDeauthReq);
+ pMac->lim.limDisassocDeauthCnfReq.pMlmDeauthReq = NULL;
+ }
+
/* Now, finally reset the deferred message queue pointers */
lim_reset_deferred_msg_q(pMac);
diff --git a/core/mac/src/pe/lim/lim_process_mlm_req_messages.c b/core/mac/src/pe/lim/lim_process_mlm_req_messages.c
index 23cc982..54e025f 100644
--- a/core/mac/src/pe/lim/lim_process_mlm_req_messages.c
+++ b/core/mac/src/pe/lim/lim_process_mlm_req_messages.c
@@ -1476,6 +1476,7 @@
qdf_mem_malloc(sizeof(tSirSmeDisassocRsp));
if (NULL == sme_disassoc_rsp) {
pe_err("memory allocation failed for disassoc rsp");
+ qdf_mem_free(mlm_disassocreq);
return;
}
@@ -1497,6 +1498,7 @@
lim_send_sme_disassoc_deauth_ntf(mac_ctx,
QDF_STATUS_SUCCESS, msg);
+ qdf_mem_free(mlm_disassocreq);
return;
}
@@ -1560,6 +1562,11 @@
/* Send Disassociate frame to peer entity */
if (send_disassoc_frame && (mlm_disassocreq->reasonCode !=
eSIR_MAC_DISASSOC_DUE_TO_FTHANDOFF_REASON)) {
+ if (mac_ctx->lim.limDisassocDeauthCnfReq.pMlmDisassocReq) {
+ pe_err("pMlmDisassocReq is not NULL, freeing");
+ qdf_mem_free(mac_ctx->lim.limDisassocDeauthCnfReq.
+ pMlmDisassocReq);
+ }
mac_ctx->lim.limDisassocDeauthCnfReq.pMlmDisassocReq =
mlm_disassocreq;
/*
@@ -1820,6 +1827,7 @@
qdf_mem_malloc(sizeof(tSirSmeDeauthRsp));
if (NULL == sme_deauth_rsp) {
pe_err("memory allocation failed for deauth rsp");
+ qdf_mem_free(mlm_deauth_req);
return;
}
@@ -1846,6 +1854,7 @@
lim_send_sme_disassoc_deauth_ntf(mac_ctx,
QDF_STATUS_SUCCESS, msg_buf);
+ qdf_mem_free(mlm_deauth_req);
return;
}
@@ -1956,7 +1965,14 @@
sta_ds->mlmStaContext.disassocReason = (tSirMacReasonCodes)
mlm_deauth_req->reasonCode;
sta_ds->mlmStaContext.cleanupTrigger = mlm_deauth_req->deauthTrigger;
+
+ if (mac_ctx->lim.limDisassocDeauthCnfReq.pMlmDeauthReq) {
+ pe_err("pMlmDeauthReq is not NULL, freeing");
+ qdf_mem_free(mac_ctx->lim.limDisassocDeauthCnfReq.
+ pMlmDeauthReq);
+ }
mac_ctx->lim.limDisassocDeauthCnfReq.pMlmDeauthReq = mlm_deauth_req;
+
/*
* Set state to mlm State to eLIM_MLM_WT_DEL_STA_RSP_STATE
* This is to address the issue of race condition between