From 7f6b37485539609e99b02b16db74f859f300c3d4 Mon Sep 17 00:00:00 2001
From: Kabilan Kannan <kabilank@codeaurora.org>
Date: Wed, 8 Nov 2017 16:42:12 -0800
Subject: [PATCH 1/2] qcacmn: Fix memory leak issue in tdls peer delete
 operation

In TDLS peer delete function memory is not freed in error
handling path and it causes leak for every error
operation.
Free the memory in error handling path.

Change-Id: Idb4725ec7a4c1b9614ecad1f685ffdeb8f795e72
CRs-Fixed: 2139570
---
 umac/tdls/core/src/wlan_tdls_ct.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/umac/tdls/core/src/wlan_tdls_ct.c b/umac/tdls/core/src/wlan_tdls_ct.c
index 8010442839..a7636e34b5 100644
--- a/umac/tdls/core/src/wlan_tdls_ct.c
+++ b/umac/tdls/core/src/wlan_tdls_ct.c
@@ -1176,6 +1176,7 @@ QDF_STATUS tdls_delete_all_tdls_peers(struct wlan_objmgr_vdev *vdev,
 	peer = wlan_vdev_get_bsspeer(vdev);
 	if (QDF_STATUS_SUCCESS != wlan_objmgr_peer_try_get_ref(peer,
 							WLAN_TDLS_SB_ID)) {
+		qdf_mem_free(del_msg);
 		return QDF_STATUS_E_FAILURE;
 	}
 

From 741b8fe64a60603c0e7291a058d03645e0e4ea60 Mon Sep 17 00:00:00 2001
From: Soumya Bhat <soumyab@codeaurora.org>
Date: Mon, 13 Nov 2017 10:40:18 +0530
Subject: [PATCH 2/2] qcacmn: Fix transmitter MAC address

Fix transmitter MAC address, which is being appended
to MSDU payload when tx packet capture is enabled.

Change-Id: Ic5bd3eab434125e9e4278e1e7af3ec47b7b3698f
CRs-Fixed: 2142085
---
 dp/wifi3.0/dp_tx.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/dp/wifi3.0/dp_tx.c b/dp/wifi3.0/dp_tx.c
index 6506500f67..23d4434656 100644
--- a/dp/wifi3.0/dp_tx.c
+++ b/dp/wifi3.0/dp_tx.c
@@ -1728,17 +1728,15 @@ static void dp_tx_inspect_handler(struct dp_tx_desc_s *tx_desc, uint8_t *status)
 #ifdef FEATURE_PERPKT_INFO
 static QDF_STATUS
 dp_send_compl_to_stack(struct dp_soc *soc,  struct dp_tx_desc_s *desc,
-				uint16_t peer_id, uint16_t ppdu_id)
+				uint16_t peer_id, uint32_t ppdu_id)
 {
 	struct tx_capture_hdr *ppdu_hdr;
-	struct ethhdr *eh;
 	struct dp_peer *peer = NULL;
 	qdf_nbuf_t netbuf = desc->nbuf;
 
 	if (!desc->pdev->tx_sniffer_enable)
 		return QDF_STATUS_E_NOSUPPORT;
 
-	eh = (struct ethhdr *)(netbuf->data);
 	peer = (peer_id == HTT_INVALID_PEER) ? NULL :
 			dp_peer_find_by_id(soc, peer_id);
 
@@ -1755,7 +1753,7 @@ dp_send_compl_to_stack(struct dp_soc *soc,  struct dp_tx_desc_s *desc,
 	}
 
 	ppdu_hdr = (struct tx_capture_hdr *)qdf_nbuf_data(netbuf);
-	qdf_mem_copy(ppdu_hdr->ta, (eh->h_dest), IEEE80211_ADDR_LEN);
+	qdf_mem_copy(ppdu_hdr->ta, desc->vdev->mac_addr.raw, IEEE80211_ADDR_LEN);
 	ppdu_hdr->ppdu_id = ppdu_id;
 	qdf_mem_copy(ppdu_hdr->ra, peer->mac_addr.raw,
 			IEEE80211_ADDR_LEN);
@@ -1769,7 +1767,7 @@ dp_send_compl_to_stack(struct dp_soc *soc,  struct dp_tx_desc_s *desc,
 #else
 static QDF_STATUS
 dp_send_compl_to_stack(struct dp_soc *soc,  struct dp_tx_desc_s *desc,
-				uint16_t peer_id, uint16_t ppdu_id)
+				uint16_t peer_id, uint32_t ppdu_id)
 {
 	return QDF_STATUS_E_NOSUPPORT;
 }