qcacmn: Add fix to free roaming info from copied reassoc response

In current scenario during OWE roaming when HB failure occurs, it should clean copied reassoc response and roaming info. But it is not getting freed which leads to memory leak and host driver crash while on idle shutdown. Free copied reassoc response at mlo_dev_ctx_deinit(). Change-Id: I1a25e4ad1ba62d3d6b90da38cb5b7ab7c3f8e91a CRs-Fixed: 3530058
2023-06-06 23:38:56 +05:30
--- a/umac/mlme/connection_mgr/core/src/wlan_cm_main_api.h
+++ b/umac/mlme/connection_mgr/core/src/wlan_cm_main_api.h
@@ -1314,7 +1314,6 @@ bool cm_is_connect_req_reassoc(struct wlan_cm_connect_req *req);
 QDF_STATUS cm_get_rnr(struct wlan_objmgr_vdev *vdev, wlan_cm_id cm_id,
 		      struct reduced_neighbor_report *rnr);

-#ifdef CONN_MGR_ADV_FEATURE
 /**
 * cm_free_connect_rsp_ies() - Function to free all connection IEs.
 * @connect_rsp: pointer to connect rsp
@@ -1325,6 +1324,27 @@ QDF_STATUS cm_get_rnr(struct wlan_objmgr_vdev *vdev, wlan_cm_id cm_id,
 */
 void cm_free_connect_rsp_ies(struct wlan_cm_connect_resp *connect_rsp);

+/**
+ * cm_free_connect_req() - Function to free up connect request and its sub memory.
+ * @connect_req: pointer to connect req
+ *
+ * Function to free up connect request and its sub memory.
+ *
+ * Return: void
+ */
+void cm_free_connect_req(struct wlan_cm_connect_req *connect_req);
+
+/**
+ * cm_free_connect_rsp() - Function to free up connect response and its sub memory.
+ * @connect_rsp: pointer to connect rsp
+ *
+ * Function to free up connect response and its sub memory.
+ *
+ * Return: void
+ */
+void cm_free_connect_rsp(struct wlan_cm_connect_resp *connect_rsp);
+
+#ifdef CONN_MGR_ADV_FEATURE
 /**
 * cm_store_first_candidate_rsp() - store the connection failure response
 * @cm_ctx: connection manager context
@@ -1368,11 +1388,6 @@ cm_get_first_candidate_rsp(struct cnx_mgr *cm_ctx, wlan_cm_id cm_id,
 */
 void cm_store_n_send_failed_candidate(struct cnx_mgr *cm_ctx, wlan_cm_id cm_id);
 #else
-static inline
-void cm_free_connect_rsp_ies(struct wlan_cm_connect_resp *connect_rsp)
-{
-}
-
 static inline
 void cm_store_first_candidate_rsp(struct cnx_mgr *cm_ctx, wlan_cm_id cm_id,
 				  struct wlan_cm_connect_resp *resp)
--- a/umac/mlme/connection_mgr/core/src/wlan_cm_util.c
+++ b/umac/mlme/connection_mgr/core/src/wlan_cm_util.c
@@ -875,7 +875,6 @@ static void cm_zero_and_free_memory(uint8_t *ptr, uint32_t len)
 	qdf_mem_free(ptr);
 }

-#ifdef CONN_MGR_ADV_FEATURE
 #ifdef WLAN_FEATURE_ROAM_OFFLOAD
 /**
 * cm_free_roaming_info() - Function to free all params in roaming info
@@ -962,6 +961,30 @@ void cm_free_connect_rsp_ies(struct wlan_cm_connect_resp *connect_rsp)
 	cm_free_roaming_info(connect_rsp);
 }

+static void cm_free_connect_req_param(struct wlan_cm_connect_req *req)
+{
+	cm_zero_and_free_memory(req->assoc_ie.ptr, req->assoc_ie.len);
+	cm_zero_and_free_memory(req->scan_ie.ptr, req->scan_ie.len);
+
+	cm_zero_and_free_memory(req->crypto.wep_keys.key,
+				req->crypto.wep_keys.key_len);
+	cm_zero_and_free_memory(req->crypto.wep_keys.seq,
+				req->crypto.wep_keys.seq_len);
+}
+
+void cm_free_connect_req(struct wlan_cm_connect_req *req)
+{
+	cm_free_connect_req_param(req);
+	cm_zero_and_free_memory((uint8_t *)req, sizeof(*req));
+}
+
+void cm_free_connect_rsp(struct wlan_cm_connect_resp *connect_rsp)
+{
+	cm_free_connect_rsp_ies(connect_rsp);
+	cm_zero_and_free_memory((uint8_t *)connect_rsp, sizeof(*connect_rsp));
+}
+
+#ifdef CONN_MGR_ADV_FEATURE
 /**
 * cm_free_first_connect_rsp() - Function to free all params in connect rsp
 * @req: pointer to connect req struct
@@ -978,8 +1001,7 @@ void cm_free_first_connect_rsp(struct cm_connect_req *req)
 	if (!connect_rsp)
 		return;

-	cm_free_connect_rsp_ies(connect_rsp);
-	cm_zero_and_free_memory((uint8_t *)connect_rsp, sizeof(*connect_rsp));
+	cm_free_connect_rsp(connect_rsp);
 }
 #else
 static inline
@@ -997,13 +1019,7 @@ void cm_free_connect_req_mem(struct cm_connect_req *connect_req)
 	if (connect_req->candidate_list)
 		wlan_scan_purge_results(connect_req->candidate_list);

-	cm_zero_and_free_memory(req->assoc_ie.ptr, req->assoc_ie.len);
-	cm_zero_and_free_memory(req->scan_ie.ptr, req->scan_ie.len);
-
-	cm_zero_and_free_memory(req->crypto.wep_keys.key,
-				req->crypto.wep_keys.key_len);
-	cm_zero_and_free_memory(req->crypto.wep_keys.seq,
-				req->crypto.wep_keys.seq_len);
+	cm_free_connect_req_param(req);

 	cm_free_first_connect_rsp(connect_req);

--- a/umac/mlme/connection_mgr/dispatcher/inc/wlan_cm_api.h
+++ b/umac/mlme/connection_mgr/dispatcher/inc/wlan_cm_api.h
@@ -205,6 +205,22 @@ bool wlan_cm_is_vdev_disconnected(struct wlan_objmgr_vdev *vdev);
 */
 bool wlan_cm_is_vdev_roaming(struct wlan_objmgr_vdev *vdev);

+/**
+ * wlan_cm_free_connect_req() - free up connect request and its sub memory
+ * @connect_req: Connect request
+ *
+ * Return: void
+ */
+void wlan_cm_free_connect_req(struct wlan_cm_connect_req *connect_req);
+
+/**
+ * wlan_cm_free_connect_resp() - free up connect response and its sub memory
+ * @connect_rsp: Connect response
+ *
+ * Return: void
+ */
+void wlan_cm_free_connect_resp(struct wlan_cm_connect_resp *connect_rsp);
+
 #ifdef WLAN_FEATURE_ROAM_OFFLOAD
 /**
 * wlan_cm_is_vdev_roam_started() - check if vdev is in roaming state and
--- a/umac/mlme/connection_mgr/dispatcher/src/wlan_cm_api.c
+++ b/umac/mlme/connection_mgr/dispatcher/src/wlan_cm_api.c
@@ -131,6 +131,22 @@ QDF_STATUS wlan_cm_reassoc_rsp(struct wlan_objmgr_vdev *vdev,
 }
 #endif

+void wlan_cm_free_connect_req(struct wlan_cm_connect_req *connect_req)
+{
+	if (!connect_req)
+		return;
+
+	cm_free_connect_req(connect_req);
+}
+
+void wlan_cm_free_connect_resp(struct wlan_cm_connect_resp *connect_rsp)
+{
+	if (!connect_rsp)
+		return;
+
+	cm_free_connect_rsp(connect_rsp);
+}
+
 void wlan_cm_set_max_connect_attempts(struct wlan_objmgr_vdev *vdev,
 				      uint8_t max_connect_attempts)
 {
--- a/umac/mlo_mgr/src/wlan_mlo_mgr_main.c
+++ b/umac/mlo_mgr/src/wlan_mlo_mgr_main.c
@@ -30,6 +30,7 @@
 #include "wlan_mlo_mgr_msgq.h"
 #include <target_if_mlo_mgr.h>
 #include <wlan_mlo_t2lm.h>
+#include <wlan_cm_api.h>

 static void mlo_global_ctx_deinit(void)
 {
@@ -778,6 +779,18 @@ static inline void mlo_t2lm_ctx_deinit(struct wlan_objmgr_vdev *vdev)
 	wlan_mlo_t2lm_timer_deinit(vdev);
 }

+#ifdef WLAN_FEATURE_ROAM_OFFLOAD
+static void ml_free_copied_reassoc_rsp(struct wlan_mlo_sta *sta_ctx)
+{
+	wlan_cm_free_connect_resp(sta_ctx->copied_reassoc_rsp);
+}
+#else
+static void ml_free_copied_reassoc_rsp(struct wlan_mlo_sta *sta_ctx)
+{
+	return;
+}
+#endif
+
 static QDF_STATUS mlo_dev_ctx_deinit(struct wlan_objmgr_vdev *vdev)
 {
 	struct wlan_mlo_dev_context *ml_dev;
@@ -827,18 +840,7 @@ static QDF_STATUS mlo_dev_ctx_deinit(struct wlan_objmgr_vdev *vdev)
 				     &ml_dev->node);
 		if (wlan_vdev_mlme_get_opmode(vdev) == QDF_STA_MODE) {
 			connect_req = ml_dev->sta_ctx->connect_req;
-			if (connect_req) {
-				if (connect_req->scan_ie.ptr) {
-					qdf_mem_free(connect_req->scan_ie.ptr);
-					connect_req->scan_ie.ptr = NULL;
-				}
-
-				if (connect_req->assoc_ie.ptr) {
-					qdf_mem_free(connect_req->assoc_ie.ptr);
-					connect_req->assoc_ie.ptr = NULL;
-				}
-				qdf_mem_free(ml_dev->sta_ctx->connect_req);
-			}
+			wlan_cm_free_connect_req(connect_req);

 			if (ml_dev->sta_ctx->disconn_req)
 				qdf_mem_free(ml_dev->sta_ctx->disconn_req);
@@ -846,6 +848,8 @@ static QDF_STATUS mlo_dev_ctx_deinit(struct wlan_objmgr_vdev *vdev)
 			if (ml_dev->sta_ctx->assoc_rsp.ptr)
 				qdf_mem_free(ml_dev->sta_ctx->assoc_rsp.ptr);

+			ml_free_copied_reassoc_rsp(ml_dev->sta_ctx);
+
 			copied_conn_req_lock_destroy(ml_dev->sta_ctx);

 			qdf_mem_free(ml_dev->sta_ctx);