Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d586d86a authored by gaurank kathpalia's avatar gaurank kathpalia Committed by nshrivas
Browse files

qcacld-3.0: Fix potential memory leak issues in driver code 

Currently in these APIs, driver has a potential mem leak if
the code deviates from the success path:-
1. sme_ap_disable_intra_bss_fwd, param pSapDisableIntraFwd
was not freed in case of mutex acquire gets fail.
2. sme_set_wisa_params, param cds_msg_wisa_params was not freed
in case of mutex cquire fail, and in case of msg failed to
post to scheduler.
3. sme_update_sta_inactivity_timeout, param inactivity_time was
not freed in any case, and has to be freed after use.
4. wma_del_tdls_sta, param peerStateParams needs to be freed
in every failure case, in which the driver sends a del rsp in
error case.

Change-Id: Ibb6061dc399c0f408e7469e91d8084c82786a561
CRs-Fixed: 2466435
parent 26704ffd

core/sme/src/common/sme_api.c

+31 −20
Original line number Diff line number Diff line
@@ -9842,6 +9842,7 @@ QDF_STATUS sme_update_sta_inactivity_timeout(tHalHandle hal_handle, 


	wma_update_sta_inactivity_timeout(wma_handle,

				inactivity_time);

	qdf_mem_free(inactivity_time);

	return QDF_STATUS_SUCCESS;

}
@@ -10455,7 +10456,10 @@ QDF_STATUS sme_ap_disable_intra_bss_fwd(tHalHandle hHal, uint8_t sessionId, 
	pSapDisableIntraFwd->disableintrabssfwd = disablefwd;



	status = sme_acquire_global_lock(&pMac->sme);

	if (QDF_IS_STATUS_SUCCESS(status)) {

	if (QDF_IS_STATUS_ERROR(status)) {

		qdf_mem_free(pSapDisableIntraFwd);

		return QDF_STATUS_E_FAILURE;

	}

	/* serialize the req through MC thread */

	message.bodyptr = pSapDisableIntraFwd;

	message.type = WMA_SET_SAP_INTRABSS_DIS;
@@ -10463,12 +10467,12 @@ QDF_STATUS sme_ap_disable_intra_bss_fwd(tHalHandle hHal, uint8_t sessionId, 
					    QDF_MODULE_ID_WMA,

					    QDF_MODULE_ID_WMA,

					    &message);

		if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {

	if (QDF_IS_STATUS_ERROR(qdf_status)) {

		status = QDF_STATUS_E_FAILURE;

		qdf_mem_free(pSapDisableIntraFwd);

	}

	sme_release_global_lock(&pMac->sme);

	}



	return status;

}
@@ -11461,14 +11465,21 @@ QDF_STATUS sme_set_wisa_params(tHalHandle hal, 


	*cds_msg_wisa_params = *wisa_params;

	status = sme_acquire_global_lock(&mac->sme);

	if (QDF_IS_STATUS_SUCCESS(status)) {

	if (QDF_IS_STATUS_ERROR(status)) {

		qdf_mem_free(cds_msg_wisa_params);

		return QDF_STATUS_E_FAILURE;

	}



	message.bodyptr = cds_msg_wisa_params;

	message.type = WMA_SET_WISA_PARAMS;

	status = scheduler_post_message(QDF_MODULE_ID_SME,

					QDF_MODULE_ID_WMA,

					QDF_MODULE_ID_WMA, &message);

	sme_release_global_lock(&mac->sme);

	}



	if (QDF_IS_STATUS_ERROR(status))

		qdf_mem_free(cds_msg_wisa_params);



	return status;

}

core/wma/src/wma_dev_if.c

+1 −0
Original line number Diff line number Diff line
@@ -5404,6 +5404,7 @@ static void wma_del_tdls_sta(tp_wma_handle wma, tpDeleteStaParams del_sta) 
	if (wma_is_roam_synch_in_progress(wma, del_sta->smesessionId)) {

		WMA_LOGE("%s: roaming in progress, reject del sta!", __func__);

		del_sta->status = QDF_STATUS_E_PERM;

		qdf_mem_free(peerStateParams);

		goto send_del_rsp;

	}