diff --git a/target_if/nan/src/target_if_nan.c b/target_if/nan/src/target_if_nan.c index 2f0c8305f5..1470c756b6 100644 --- a/target_if/nan/src/target_if_nan.c +++ b/target_if/nan/src/target_if_nan.c @@ -181,7 +181,7 @@ static int target_if_ndp_initiator_rsp_handler(ol_scn_t scn, uint8_t *data, struct wmi_unified *wmi_handle; struct wlan_objmgr_psoc *psoc; struct scheduler_msg msg = {0}; - struct nan_datapath_initiator_rsp *rsp = NULL; + struct nan_datapath_initiator_rsp *rsp; psoc = target_if_get_psoc_from_scn_hdl(scn); if (!psoc) { @@ -195,9 +195,16 @@ static int target_if_ndp_initiator_rsp_handler(ol_scn_t scn, uint8_t *data, return -EINVAL; } - status = wmi_extract_ndp_initiator_rsp(wmi_handle, data, &rsp); + rsp = qdf_mem_malloc(sizeof(*rsp)); + if (!rsp) { + target_if_err("malloc failed"); + return -ENOMEM; + } + + status = wmi_extract_ndp_initiator_rsp(wmi_handle, data, rsp); if (QDF_IS_STATUS_ERROR(status)) { target_if_err("parsing of event failed, %d", status); + qdf_mem_free(rsp); return -EINVAL; } @@ -209,7 +216,7 @@ static int target_if_ndp_initiator_rsp_handler(ol_scn_t scn, uint8_t *data, status = scheduler_post_msg(QDF_MODULE_ID_TARGET_IF, &msg); if (QDF_IS_STATUS_ERROR(status)) { target_if_err("failed to post msg, status: %d", status); - qdf_mem_free(rsp); + target_if_nan_event_flush_cb(&msg); return -EINVAL; } @@ -223,7 +230,7 @@ static int target_if_ndp_ind_handler(ol_scn_t scn, uint8_t *data, struct wlan_objmgr_psoc *psoc; struct wmi_unified *wmi_handle; struct scheduler_msg msg = {0}; - struct nan_datapath_indication_event *rsp = NULL; + struct nan_datapath_indication_event *rsp; psoc = target_if_get_psoc_from_scn_hdl(scn); if (!psoc) { @@ -237,9 +244,16 @@ static int target_if_ndp_ind_handler(ol_scn_t scn, uint8_t *data, return -EINVAL; } - status = wmi_extract_ndp_ind(wmi_handle, data, &rsp); + rsp = qdf_mem_malloc(sizeof(*rsp)); + if (!rsp) { + target_if_err("malloc failed"); + return -ENOMEM; + } + + status = wmi_extract_ndp_ind(wmi_handle, data, rsp); if (QDF_IS_STATUS_ERROR(status)) { target_if_err("parsing of event failed, %d", status); + qdf_mem_free(rsp); return -EINVAL; } @@ -251,7 +265,7 @@ static int target_if_ndp_ind_handler(ol_scn_t scn, uint8_t *data, status = scheduler_post_msg(QDF_MODULE_ID_TARGET_IF, &msg); if (QDF_IS_STATUS_ERROR(status)) { target_if_err("failed to post msg, status: %d", status); - qdf_mem_free(rsp); + target_if_nan_event_flush_cb(&msg); return -EINVAL; } @@ -265,7 +279,7 @@ static int target_if_ndp_confirm_handler(ol_scn_t scn, uint8_t *data, struct wlan_objmgr_psoc *psoc; struct wmi_unified *wmi_handle; struct scheduler_msg msg = {0}; - struct nan_datapath_confirm_event *rsp = NULL; + struct nan_datapath_confirm_event *rsp; psoc = target_if_get_psoc_from_scn_hdl(scn); if (!psoc) { @@ -279,9 +293,16 @@ static int target_if_ndp_confirm_handler(ol_scn_t scn, uint8_t *data, return -EINVAL; } - status = wmi_extract_ndp_confirm(wmi_handle, data, &rsp); + rsp = qdf_mem_malloc(sizeof(*rsp)); + if (!rsp) { + target_if_err("malloc failed"); + return -ENOMEM; + } + + status = wmi_extract_ndp_confirm(wmi_handle, data, rsp); if (QDF_IS_STATUS_ERROR(status)) { target_if_err("parsing of event failed, %d", status); + qdf_mem_free(rsp); return -EINVAL; } @@ -293,7 +314,7 @@ static int target_if_ndp_confirm_handler(ol_scn_t scn, uint8_t *data, status = scheduler_post_msg(QDF_MODULE_ID_TARGET_IF, &msg); if (QDF_IS_STATUS_ERROR(status)) { target_if_err("failed to post msg, status: %d", status); - qdf_mem_free(rsp); + target_if_nan_event_flush_cb(&msg); return -EINVAL; } @@ -356,7 +377,7 @@ static int target_if_ndp_responder_rsp_handler(ol_scn_t scn, uint8_t *data, struct wlan_objmgr_psoc *psoc; struct wmi_unified *wmi_handle; struct scheduler_msg msg = {0}; - struct nan_datapath_responder_rsp *rsp = NULL; + struct nan_datapath_responder_rsp *rsp; psoc = target_if_get_psoc_from_scn_hdl(scn); if (!psoc) { @@ -370,9 +391,16 @@ static int target_if_ndp_responder_rsp_handler(ol_scn_t scn, uint8_t *data, return -EINVAL; } - status = wmi_extract_ndp_responder_rsp(wmi_handle, data, &rsp); + rsp = qdf_mem_malloc(sizeof(*rsp)); + if (!rsp) { + target_if_err("malloc failed"); + return -ENOMEM; + } + + status = wmi_extract_ndp_responder_rsp(wmi_handle, data, rsp); if (QDF_IS_STATUS_ERROR(status)) { target_if_err("parsing of event failed, %d", status); + qdf_mem_free(rsp); return -EINVAL; } @@ -384,7 +412,7 @@ static int target_if_ndp_responder_rsp_handler(ol_scn_t scn, uint8_t *data, status = scheduler_post_msg(QDF_MODULE_ID_TARGET_IF, &msg); if (QDF_IS_STATUS_ERROR(status)) { target_if_err("failed to post msg, status: %d", status); - qdf_mem_free(rsp); + target_if_nan_event_flush_cb(&msg); return -EINVAL; } @@ -447,7 +475,7 @@ static int target_if_ndp_end_rsp_handler(ol_scn_t scn, uint8_t *data, struct wlan_objmgr_psoc *psoc; struct wmi_unified *wmi_handle; struct scheduler_msg msg = {0}; - struct nan_datapath_end_rsp_event *end_rsp = NULL; + struct nan_datapath_end_rsp_event *end_rsp; psoc = target_if_get_psoc_from_scn_hdl(scn); if (!psoc) { @@ -461,9 +489,16 @@ static int target_if_ndp_end_rsp_handler(ol_scn_t scn, uint8_t *data, return -EINVAL; } - status = wmi_extract_ndp_end_rsp(wmi_handle, data, &end_rsp); + end_rsp = qdf_mem_malloc(sizeof(*end_rsp)); + if (!end_rsp) { + target_if_err("malloc failed"); + return -ENOMEM; + } + + status = wmi_extract_ndp_end_rsp(wmi_handle, data, end_rsp); if (QDF_IS_STATUS_ERROR(status)) { target_if_err("parsing of event failed, %d", status); + qdf_mem_free(end_rsp); return -EINVAL; } @@ -475,7 +510,7 @@ static int target_if_ndp_end_rsp_handler(ol_scn_t scn, uint8_t *data, status = scheduler_post_msg(QDF_MODULE_ID_TARGET_IF, &msg); if (QDF_IS_STATUS_ERROR(status)) { target_if_err("failed to post msg, status: %d", status); - qdf_mem_free(end_rsp); + target_if_nan_event_flush_cb(&msg); return -EINVAL; } @@ -517,7 +552,7 @@ static int target_if_ndp_end_ind_handler(ol_scn_t scn, uint8_t *data, status = scheduler_post_msg(QDF_MODULE_ID_TARGET_IF, &msg); if (QDF_IS_STATUS_ERROR(status)) { target_if_err("failed to post msg, status: %d", status); - qdf_mem_free(rsp); + target_if_nan_event_flush_cb(&msg); return -EINVAL; } @@ -649,28 +684,7 @@ QDF_STATUS target_if_nan_deregister_events(struct wlan_objmgr_psoc *psoc) wmi_unified_t handle = GET_WMI_HDL_FROM_PSOC(psoc); ret = wmi_unified_unregister_event_handler(handle, - wmi_ndp_initiator_rsp_event_id); - if (ret) { - target_if_err("wmi event deregistration failed, ret: %d", ret); - status = ret; - } - - ret = wmi_unified_unregister_event_handler(handle, - wmi_ndp_indication_event_id); - if (ret) { - target_if_err("wmi event deregistration failed, ret: %d", ret); - status = ret; - } - - ret = wmi_unified_unregister_event_handler(handle, - wmi_ndp_confirm_event_id); - if (ret) { - target_if_err("wmi event deregistration failed, ret: %d", ret); - status = ret; - } - - ret = wmi_unified_unregister_event_handler(handle, - wmi_ndp_responder_rsp_event_id); + wmi_ndp_end_rsp_event_id); if (ret) { target_if_err("wmi event deregistration failed, ret: %d", ret); status = ret; @@ -684,7 +698,28 @@ QDF_STATUS target_if_nan_deregister_events(struct wlan_objmgr_psoc *psoc) } ret = wmi_unified_unregister_event_handler(handle, - wmi_ndp_end_rsp_event_id); + wmi_ndp_responder_rsp_event_id); + if (ret) { + target_if_err("wmi event deregistration failed, ret: %d", ret); + status = ret; + } + + ret = wmi_unified_unregister_event_handler(handle, + wmi_ndp_confirm_event_id); + if (ret) { + target_if_err("wmi event deregistration failed, ret: %d", ret); + status = ret; + } + + ret = wmi_unified_unregister_event_handler(handle, + wmi_ndp_indication_event_id); + if (ret) { + target_if_err("wmi event deregistration failed, ret: %d", ret); + status = ret; + } + + ret = wmi_unified_unregister_event_handler(handle, + wmi_ndp_initiator_rsp_event_id); if (ret) { target_if_err("wmi event deregistration failed, ret: %d", ret); status = ret; diff --git a/wmi/inc/wmi_unified_api.h b/wmi/inc/wmi_unified_api.h index 2f8aba2bb1..fd0003a081 100644 --- a/wmi/inc/wmi_unified_api.h +++ b/wmi/inc/wmi_unified_api.h @@ -2019,7 +2019,7 @@ QDF_STATUS wmi_unified_ndp_end_req_cmd_send(void *wmi_hdl, * Return: status of operation */ QDF_STATUS wmi_extract_ndp_initiator_rsp(wmi_unified_t wmi_handle, - uint8_t *data, struct nan_datapath_initiator_rsp **rsp); + uint8_t *data, struct nan_datapath_initiator_rsp *rsp); /** * wmi_extract_ndp_ind - api to extract ndp indication struct from even buffer @@ -2030,7 +2030,7 @@ QDF_STATUS wmi_extract_ndp_initiator_rsp(wmi_unified_t wmi_handle, * Return: status of operation */ QDF_STATUS wmi_extract_ndp_ind(wmi_unified_t wmi_handle, uint8_t *data, - struct nan_datapath_indication_event **ind); + struct nan_datapath_indication_event *ind); /** * wmi_extract_ndp_confirm - api to extract ndp confim struct from even buffer @@ -2041,7 +2041,7 @@ QDF_STATUS wmi_extract_ndp_ind(wmi_unified_t wmi_handle, uint8_t *data, * Return: status of operation */ QDF_STATUS wmi_extract_ndp_confirm(wmi_unified_t wmi_handle, uint8_t *data, - struct nan_datapath_confirm_event **ev); + struct nan_datapath_confirm_event *ev); /** * wmi_extract_ndp_responder_rsp - api to extract responder rsp from even buffer @@ -2052,7 +2052,7 @@ QDF_STATUS wmi_extract_ndp_confirm(wmi_unified_t wmi_handle, uint8_t *data, * Return: status of operation */ QDF_STATUS wmi_extract_ndp_responder_rsp(wmi_unified_t wmi_handle, - uint8_t *data, struct nan_datapath_responder_rsp **rsp); + uint8_t *data, struct nan_datapath_responder_rsp *rsp); /** * wmi_extract_ndp_end_rsp - api to extract ndp end rsp from even buffer @@ -2063,7 +2063,7 @@ QDF_STATUS wmi_extract_ndp_responder_rsp(wmi_unified_t wmi_handle, * Return: status of operation */ QDF_STATUS wmi_extract_ndp_end_rsp(wmi_unified_t wmi_handle, uint8_t *data, - struct nan_datapath_end_rsp_event **rsp); + struct nan_datapath_end_rsp_event *rsp); /** * wmi_extract_ndp_end_ind - api to extract ndp end indication from even buffer @@ -2075,7 +2075,6 @@ QDF_STATUS wmi_extract_ndp_end_rsp(wmi_unified_t wmi_handle, uint8_t *data, */ QDF_STATUS wmi_extract_ndp_end_ind(wmi_unified_t wmi_handle, uint8_t *data, struct nan_datapath_end_indication_event **ind); - #endif /** @@ -2226,4 +2225,5 @@ QDF_STATUS wmi_unified_offload_11k_cmd(void *wmi_hdl, */ QDF_STATUS wmi_unified_invoke_neighbor_report_cmd(void *wmi_hdl, struct wmi_invoke_neighbor_report_params *params); + #endif /* _WMI_UNIFIED_API_H_ */ diff --git a/wmi/inc/wmi_unified_priv.h b/wmi/inc/wmi_unified_priv.h index eda2e28475..53b122a3ae 100644 --- a/wmi/inc/wmi_unified_priv.h +++ b/wmi/inc/wmi_unified_priv.h @@ -1516,18 +1516,19 @@ QDF_STATUS (*send_ndp_end_req_cmd)(wmi_unified_t wmi_handle, struct nan_datapath_end_req *req); QDF_STATUS (*extract_ndp_initiator_rsp)(wmi_unified_t wmi_handle, - uint8_t *data, struct nan_datapath_initiator_rsp **rsp); + uint8_t *data, struct nan_datapath_initiator_rsp *rsp); QDF_STATUS (*extract_ndp_ind)(wmi_unified_t wmi_handle, - uint8_t *data, struct nan_datapath_indication_event **ind); + uint8_t *data, struct nan_datapath_indication_event *ind); QDF_STATUS (*extract_ndp_confirm)(wmi_unified_t wmi_handle, - uint8_t *data, struct nan_datapath_confirm_event **ev); + uint8_t *data, struct nan_datapath_confirm_event *ev); QDF_STATUS (*extract_ndp_responder_rsp)(wmi_unified_t wmi_handle, - uint8_t *data, struct nan_datapath_responder_rsp **rsp); + uint8_t *data, struct nan_datapath_responder_rsp *rsp); QDF_STATUS (*extract_ndp_end_rsp)(wmi_unified_t wmi_handle, - uint8_t *data, struct nan_datapath_end_rsp_event **rsp); + uint8_t *data, struct nan_datapath_end_rsp_event *rsp); QDF_STATUS (*extract_ndp_end_ind)(wmi_unified_t wmi_handle, uint8_t *data, struct nan_datapath_end_indication_event **ind); -#endif +#endif /* WLAN_FEATURE_NAN_CONVERGENCE */ + QDF_STATUS (*send_btm_config)(wmi_unified_t wmi_handle, struct wmi_btm_config *params); QDF_STATUS (*send_obss_detection_cfg_cmd)(wmi_unified_t wmi_handle, diff --git a/wmi/src/wmi_unified_api.c b/wmi/src/wmi_unified_api.c index 78f073d2ae..a2b5f48fea 100644 --- a/wmi/src/wmi_unified_api.c +++ b/wmi/src/wmi_unified_api.c @@ -7249,7 +7249,7 @@ QDF_STATUS wmi_unified_ndp_end_req_cmd_send(void *wmi_hdl, } QDF_STATUS wmi_extract_ndp_initiator_rsp(wmi_unified_t wmi_handle, - uint8_t *data, struct nan_datapath_initiator_rsp **rsp) + uint8_t *data, struct nan_datapath_initiator_rsp *rsp) { if (wmi_handle->ops->extract_ndp_initiator_rsp) return wmi_handle->ops->extract_ndp_initiator_rsp(wmi_handle, @@ -7259,7 +7259,7 @@ QDF_STATUS wmi_extract_ndp_initiator_rsp(wmi_unified_t wmi_handle, } QDF_STATUS wmi_extract_ndp_ind(wmi_unified_t wmi_handle, uint8_t *data, - struct nan_datapath_indication_event **ind) + struct nan_datapath_indication_event *ind) { if (wmi_handle->ops->extract_ndp_ind) return wmi_handle->ops->extract_ndp_ind(wmi_handle, @@ -7269,7 +7269,7 @@ QDF_STATUS wmi_extract_ndp_ind(wmi_unified_t wmi_handle, uint8_t *data, } QDF_STATUS wmi_extract_ndp_confirm(wmi_unified_t wmi_handle, uint8_t *data, - struct nan_datapath_confirm_event **ev) + struct nan_datapath_confirm_event *ev) { if (wmi_handle->ops->extract_ndp_confirm) return wmi_handle->ops->extract_ndp_confirm(wmi_handle, @@ -7279,7 +7279,7 @@ QDF_STATUS wmi_extract_ndp_confirm(wmi_unified_t wmi_handle, uint8_t *data, } QDF_STATUS wmi_extract_ndp_responder_rsp(wmi_unified_t wmi_handle, - uint8_t *data, struct nan_datapath_responder_rsp **rsp) + uint8_t *data, struct nan_datapath_responder_rsp *rsp) { if (wmi_handle->ops->extract_ndp_responder_rsp) return wmi_handle->ops->extract_ndp_responder_rsp(wmi_handle, @@ -7289,7 +7289,7 @@ QDF_STATUS wmi_extract_ndp_responder_rsp(wmi_unified_t wmi_handle, } QDF_STATUS wmi_extract_ndp_end_rsp(wmi_unified_t wmi_handle, uint8_t *data, - struct nan_datapath_end_rsp_event **rsp) + struct nan_datapath_end_rsp_event *rsp) { if (wmi_handle->ops->extract_ndp_end_rsp) return wmi_handle->ops->extract_ndp_end_rsp(wmi_handle, diff --git a/wmi/src/wmi_unified_tlv.c b/wmi/src/wmi_unified_tlv.c index d516f0a551..e87697947a 100644 --- a/wmi/src/wmi_unified_tlv.c +++ b/wmi/src/wmi_unified_tlv.c @@ -17517,7 +17517,7 @@ static QDF_STATUS nan_ndp_end_req_tlv(wmi_unified_t wmi_handle, } static QDF_STATUS extract_ndp_initiator_rsp_tlv(wmi_unified_t wmi_handle, - uint8_t *data, struct nan_datapath_initiator_rsp **rsp) + uint8_t *data, struct nan_datapath_initiator_rsp *rsp) { WMI_NDP_INITIATOR_RSP_EVENTID_param_tlvs *event; wmi_ndp_initiator_rsp_event_fixed_param *fixed_params; @@ -17525,32 +17525,25 @@ static QDF_STATUS extract_ndp_initiator_rsp_tlv(wmi_unified_t wmi_handle, event = (WMI_NDP_INITIATOR_RSP_EVENTID_param_tlvs *)data; fixed_params = event->fixed_param; - *rsp = qdf_mem_malloc(sizeof(**rsp)); - if (!(*rsp)) { - WMI_LOGE("malloc failed"); - return QDF_STATUS_E_NOMEM; - } - - (*rsp)->vdev = + rsp->vdev = wlan_objmgr_get_vdev_by_id_from_psoc(wmi_handle->soc->wmi_psoc, fixed_params->vdev_id, WLAN_NAN_ID); - if (!(*rsp)->vdev) { + if (!rsp->vdev) { WMI_LOGE("vdev is null"); - qdf_mem_free(*rsp); return QDF_STATUS_E_INVAL; } - (*rsp)->transaction_id = fixed_params->transaction_id; - (*rsp)->ndp_instance_id = fixed_params->ndp_instance_id; - (*rsp)->status = fixed_params->rsp_status; - (*rsp)->reason = fixed_params->reason_code; + rsp->transaction_id = fixed_params->transaction_id; + rsp->ndp_instance_id = fixed_params->ndp_instance_id; + rsp->status = fixed_params->rsp_status; + rsp->reason = fixed_params->reason_code; return QDF_STATUS_SUCCESS; } static QDF_STATUS extract_ndp_ind_tlv(wmi_unified_t wmi_handle, - uint8_t *data, struct nan_datapath_indication_event **rsp) + uint8_t *data, struct nan_datapath_indication_event *rsp) { WMI_NDP_INDICATION_EVENTID_param_tlvs *event; wmi_ndp_indication_event_fixed_param *fixed_params; @@ -17572,30 +17565,23 @@ static QDF_STATUS extract_ndp_ind_tlv(wmi_unified_t wmi_handle, return QDF_STATUS_E_INVAL; } - *rsp = qdf_mem_malloc(sizeof(**rsp)); - if (!(*rsp)) { - WMI_LOGE("malloc failed"); - return QDF_STATUS_E_NOMEM; - } - - (*rsp)->vdev = + rsp->vdev = wlan_objmgr_get_vdev_by_id_from_psoc(wmi_handle->soc->wmi_psoc, fixed_params->vdev_id, WLAN_NAN_ID); - if (!(*rsp)->vdev) { + if (!rsp->vdev) { WMI_LOGE("vdev is null"); - qdf_mem_free(*rsp); return QDF_STATUS_E_INVAL; } - (*rsp)->service_instance_id = fixed_params->service_instance_id; - (*rsp)->ndp_instance_id = fixed_params->ndp_instance_id; - (*rsp)->role = fixed_params->self_ndp_role; - (*rsp)->policy = fixed_params->accept_policy; + rsp->service_instance_id = fixed_params->service_instance_id; + rsp->ndp_instance_id = fixed_params->ndp_instance_id; + rsp->role = fixed_params->self_ndp_role; + rsp->policy = fixed_params->accept_policy; WMI_MAC_ADDR_TO_CHAR_ARRAY(&fixed_params->peer_ndi_mac_addr, - (*rsp)->peer_mac_addr.bytes); + rsp->peer_mac_addr.bytes); WMI_MAC_ADDR_TO_CHAR_ARRAY(&fixed_params->peer_discovery_mac_addr, - (*rsp)->peer_discovery_mac_addr.bytes); + rsp->peer_discovery_mac_addr.bytes); WMI_LOGD("WMI_NDP_INDICATION_EVENTID(0x%X) received. vdev %d,\n" "service_instance %d, ndp_instance %d, role %d, policy %d,\n" @@ -17605,8 +17591,8 @@ static QDF_STATUS extract_ndp_ind_tlv(wmi_unified_t wmi_handle, fixed_params->ndp_instance_id, fixed_params->self_ndp_role, fixed_params->accept_policy, fixed_params->nan_csid, fixed_params->nan_scid_len, - (*rsp)->peer_mac_addr.bytes, - (*rsp)->peer_discovery_mac_addr.bytes); + rsp->peer_mac_addr.bytes, + rsp->peer_discovery_mac_addr.bytes); WMI_LOGD("ndp_cfg - %d bytes", fixed_params->ndp_cfg_len); QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_WMA, QDF_TRACE_LEVEL_DEBUG, @@ -17617,24 +17603,24 @@ static QDF_STATUS extract_ndp_ind_tlv(wmi_unified_t wmi_handle, QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_WMA, QDF_TRACE_LEVEL_DEBUG, &event->ndp_app_info, fixed_params->ndp_app_info_len); - (*rsp)->ndp_config.ndp_cfg_len = fixed_params->ndp_cfg_len; - (*rsp)->ndp_info.ndp_app_info_len = fixed_params->ndp_app_info_len; - (*rsp)->ncs_sk_type = fixed_params->nan_csid; - (*rsp)->scid.scid_len = fixed_params->nan_scid_len; - qdf_mem_copy((*rsp)->ndp_config.ndp_cfg, event->ndp_cfg, - (*rsp)->ndp_config.ndp_cfg_len); - qdf_mem_copy((*rsp)->ndp_info.ndp_app_info, event->ndp_app_info, - (*rsp)->ndp_info.ndp_app_info_len); - qdf_mem_copy((*rsp)->scid.scid, event->ndp_scid, (*rsp)->scid.scid_len); + rsp->ndp_config.ndp_cfg_len = fixed_params->ndp_cfg_len; + rsp->ndp_info.ndp_app_info_len = fixed_params->ndp_app_info_len; + rsp->ncs_sk_type = fixed_params->nan_csid; + rsp->scid.scid_len = fixed_params->nan_scid_len; + qdf_mem_copy(rsp->ndp_config.ndp_cfg, event->ndp_cfg, + rsp->ndp_config.ndp_cfg_len); + qdf_mem_copy(rsp->ndp_info.ndp_app_info, event->ndp_app_info, + rsp->ndp_info.ndp_app_info_len); + qdf_mem_copy(rsp->scid.scid, event->ndp_scid, rsp->scid.scid_len); WMI_LOGD("scid hex dump:"); QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_WMA, QDF_TRACE_LEVEL_DEBUG, - (*rsp)->scid.scid, (*rsp)->scid.scid_len); + rsp->scid.scid, rsp->scid.scid_len); return QDF_STATUS_SUCCESS; } static QDF_STATUS extract_ndp_confirm_tlv(wmi_unified_t wmi_handle, - uint8_t *data, struct nan_datapath_confirm_event **rsp) + uint8_t *data, struct nan_datapath_confirm_event *rsp) { WMI_NDP_CONFIRM_EVENTID_param_tlvs *event; wmi_ndp_confirm_event_fixed_param *fixed_params; @@ -17669,36 +17655,29 @@ static QDF_STATUS extract_ndp_confirm_tlv(wmi_unified_t wmi_handle, QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_WMA, QDF_TRACE_LEVEL_DEBUG, &event->ndp_app_info, fixed_params->ndp_app_info_len); - *rsp = qdf_mem_malloc(sizeof(**rsp)); - if (!(*rsp)) { - WMI_LOGE("malloc failed"); - return QDF_STATUS_E_NOMEM; - } - - (*rsp)->vdev = + rsp->vdev = wlan_objmgr_get_vdev_by_id_from_psoc(wmi_handle->soc->wmi_psoc, fixed_params->vdev_id, WLAN_NAN_ID); - if (!(*rsp)->vdev) { + if (!rsp->vdev) { WMI_LOGE("vdev is null"); - qdf_mem_free(*rsp); return QDF_STATUS_E_INVAL; } - (*rsp)->ndp_instance_id = fixed_params->ndp_instance_id; - (*rsp)->rsp_code = fixed_params->rsp_code; - (*rsp)->reason_code = fixed_params->reason_code; - (*rsp)->num_active_ndps_on_peer = fixed_params->num_active_ndps_on_peer; + rsp->ndp_instance_id = fixed_params->ndp_instance_id; + rsp->rsp_code = fixed_params->rsp_code; + rsp->reason_code = fixed_params->reason_code; + rsp->num_active_ndps_on_peer = fixed_params->num_active_ndps_on_peer; WMI_MAC_ADDR_TO_CHAR_ARRAY(&fixed_params->peer_ndi_mac_addr, - (*rsp)->peer_ndi_mac_addr.bytes); - (*rsp)->ndp_info.ndp_app_info_len = fixed_params->ndp_app_info_len; - qdf_mem_copy((*rsp)->ndp_info.ndp_app_info, event->ndp_app_info, - (*rsp)->ndp_info.ndp_app_info_len); + rsp->peer_ndi_mac_addr.bytes); + rsp->ndp_info.ndp_app_info_len = fixed_params->ndp_app_info_len; + qdf_mem_copy(rsp->ndp_info.ndp_app_info, event->ndp_app_info, + rsp->ndp_info.ndp_app_info_len); return QDF_STATUS_SUCCESS; } static QDF_STATUS extract_ndp_responder_rsp_tlv(wmi_unified_t wmi_handle, - uint8_t *data, struct nan_datapath_responder_rsp **rsp) + uint8_t *data, struct nan_datapath_responder_rsp *rsp) { WMI_NDP_RESPONDER_RSP_EVENTID_param_tlvs *event; wmi_ndp_responder_rsp_event_fixed_param *fixed_params; @@ -17708,36 +17687,29 @@ static QDF_STATUS extract_ndp_responder_rsp_tlv(wmi_unified_t wmi_handle, WMI_LOGD("WMI_NDP_RESPONDER_RSP_EVENTID(0x%X) received. vdev_id: %d, peer_mac_addr: %pM,transaction_id: %d, status_code %d, reason_code: %d, create_peer: %d", WMI_NDP_RESPONDER_RSP_EVENTID, fixed_params->vdev_id, - (*rsp)->peer_mac_addr.bytes, (*rsp)->transaction_id, - (*rsp)->status, (*rsp)->reason, (*rsp)->create_peer); + rsp->peer_mac_addr.bytes, rsp->transaction_id, + rsp->status, rsp->reason, rsp->create_peer); - *rsp = qdf_mem_malloc(sizeof(**rsp)); - if (!(*rsp)) { - WMI_LOGE("malloc failed"); - return QDF_STATUS_E_NOMEM; - } - - (*rsp)->vdev = + rsp->vdev = wlan_objmgr_get_vdev_by_id_from_psoc(wmi_handle->soc->wmi_psoc, fixed_params->vdev_id, WLAN_NAN_ID); - if (!(*rsp)->vdev) { + if (!rsp->vdev) { WMI_LOGE("vdev is null"); - qdf_mem_free(*rsp); return QDF_STATUS_E_INVAL; } - (*rsp)->transaction_id = fixed_params->transaction_id; - (*rsp)->reason = fixed_params->reason_code; - (*rsp)->status = fixed_params->rsp_status; - (*rsp)->create_peer = fixed_params->create_peer; + rsp->transaction_id = fixed_params->transaction_id; + rsp->reason = fixed_params->reason_code; + rsp->status = fixed_params->rsp_status; + rsp->create_peer = fixed_params->create_peer; WMI_MAC_ADDR_TO_CHAR_ARRAY(&fixed_params->peer_ndi_mac_addr, - (*rsp)->peer_mac_addr.bytes); + rsp->peer_mac_addr.bytes); return QDF_STATUS_SUCCESS; } static QDF_STATUS extract_ndp_end_rsp_tlv(wmi_unified_t wmi_handle, - uint8_t *data, struct nan_datapath_end_rsp_event **rsp) + uint8_t *data, struct nan_datapath_end_rsp_event *rsp) { WMI_NDP_END_RSP_EVENTID_param_tlvs *event; wmi_ndp_end_rsp_event_fixed_param *fixed_params = NULL; @@ -17748,22 +17720,15 @@ static QDF_STATUS extract_ndp_end_rsp_tlv(wmi_unified_t wmi_handle, WMI_NDP_END_RSP_EVENTID, fixed_params->transaction_id, fixed_params->rsp_status, fixed_params->reason_code); - *rsp = qdf_mem_malloc(sizeof(**rsp)); - if (!(*rsp)) { - WMI_LOGE("malloc failed"); - return QDF_STATUS_E_NOMEM; - } - - (*rsp)->vdev = wlan_objmgr_get_vdev_by_opmode_from_psoc( + rsp->vdev = wlan_objmgr_get_vdev_by_opmode_from_psoc( wmi_handle->soc->wmi_psoc, QDF_NDI_MODE, WLAN_NAN_ID); - if (!(*rsp)->vdev) { + if (!rsp->vdev) { WMI_LOGE("vdev is null"); - qdf_mem_free(*rsp); return QDF_STATUS_E_INVAL; } - (*rsp)->transaction_id = fixed_params->transaction_id; - (*rsp)->reason = fixed_params->reason_code; - (*rsp)->status = fixed_params->rsp_status; + rsp->transaction_id = fixed_params->transaction_id; + rsp->reason = fixed_params->reason_code; + rsp->status = fixed_params->rsp_status; return QDF_STATUS_SUCCESS; } @@ -17781,7 +17746,25 @@ static QDF_STATUS extract_ndp_end_ind_tlv(wmi_unified_t wmi_handle, if (event->num_ndp_end_indication_list == 0) { WMI_LOGE("Error: Event ignored, 0 ndp instances"); - return -EINVAL; + return QDF_STATUS_E_INVAL; + } + + WMI_LOGD("number of ndp instances = %d", + event->num_ndp_end_indication_list); + + if (event->num_ndp_end_indication_list > ((UINT_MAX - sizeof(**rsp))/ + sizeof((*rsp)->ndp_map[0]))) { + WMI_LOGE("num_ndp_end_ind_list %d too large", + event->num_ndp_end_indication_list); + return QDF_STATUS_E_INVAL; + } + + buf_size = sizeof(**rsp) + event->num_ndp_end_indication_list * + sizeof((*rsp)->ndp_map[0]); + *rsp = qdf_mem_malloc(buf_size); + if (!(*rsp)) { + WMI_LOGE("Failed to allocate memory"); + return QDF_STATUS_E_NOMEM; } (*rsp)->vdev = wlan_objmgr_get_vdev_by_opmode_from_psoc( @@ -17789,19 +17772,10 @@ static QDF_STATUS extract_ndp_end_ind_tlv(wmi_unified_t wmi_handle, if (!(*rsp)->vdev) { WMI_LOGE("vdev is null"); qdf_mem_free(*rsp); + *rsp = NULL; return QDF_STATUS_E_INVAL; } - WMI_LOGD("number of ndp instances = %d", - event->num_ndp_end_indication_list); - buf_size = sizeof(*rsp) + event->num_ndp_end_indication_list * - sizeof((*rsp)->ndp_map[0]); - *rsp = qdf_mem_malloc(buf_size); - if (!(*rsp)) { - WMI_LOGE("Failed to allocate memory"); - return -ENOMEM; - } - (*rsp)->num_ndp_ids = event->num_ndp_end_indication_list; for (i = 0; i < (*rsp)->num_ndp_ids; i++) { WMI_MAC_ADDR_TO_CHAR_ARRAY(&ind[i].peer_ndi_mac_addr,