qcacld-3.0: Clean up local variable of csr_roam_info

In some functions, the structure csr_roam_info is declared as
local variable. Given its size is large, adding fields in this
structure will easily break the 2K limit check of stack size.

Allocate this structure in heap instead of declaring it as
local variable.

Change-Id: I78980b0816d464f4d9951cf0b7b0f5a15d8985b4
CRs-Fixed: 2396867

core/hdd/src/wlan_hdd_assoc.c

@@ -2678,17 +2678,20 @@ void hdd_perform_roam_set_key_complete(struct hdd_adapter *adapter)
 {
 	QDF_STATUS qdf_ret_status = QDF_STATUS_SUCCESS;
 	struct hdd_station_ctx *sta_ctx = WLAN_HDD_GET_STATION_CTX_PTR(adapter);
-	struct csr_roam_info roamInfo;
+	struct csr_roam_info *roam_info;
 
-	roamInfo.fAuthRequired = false;
-	qdf_mem_copy(roamInfo.bssid.bytes,
+	roam_info = qdf_mem_malloc(sizeof(*roam_info));
+	if (!roam_info)
+		return;
+	roam_info->fAuthRequired = false;
+	qdf_mem_copy(roam_info->bssid.bytes,
 		     sta_ctx->roam_info.bssid, QDF_MAC_ADDR_SIZE);
-	qdf_mem_copy(roamInfo.peerMac.bytes,
+	qdf_mem_copy(roam_info->peerMac.bytes,
 		     sta_ctx->roam_info.peer_mac, QDF_MAC_ADDR_SIZE);
 
 	qdf_ret_status =
 			hdd_roam_set_key_complete_handler(adapter,
-					   &roamInfo,
+					   roam_info,
 					   sta_ctx->roam_info.roam_id,
 					   sta_ctx->roam_info.roam_status,
 					   eCSR_ROAM_RESULT_AUTHENTICATED);
@@ -2696,6 +2699,7 @@ void hdd_perform_roam_set_key_complete(struct hdd_adapter *adapter)
 		hdd_err("Set Key complete failure");
 
 	sta_ctx->roam_info.defer_key_complete = false;
+	qdf_mem_free(roam_info);
 }
 
 #if defined(WLAN_FEATURE_FILS_SK) && \

core/hdd/src/wlan_hdd_nan_datapath.c

@@ -657,7 +657,7 @@ void hdd_ndi_drv_ndi_create_rsp_handler(uint8_t vdev_id,
 	struct hdd_context *hdd_ctx;
 	struct hdd_adapter *adapter;
 	struct hdd_station_ctx *sta_ctx;
-	struct csr_roam_info roam_info = {0};
+	struct csr_roam_info *roam_info;
 	struct bss_description tmp_bss_descp = {0};
 	struct qdf_mac_addr bc_mac_addr = QDF_MAC_ADDR_BCAST_INIT;
 
@@ -679,6 +679,10 @@ void hdd_ndi_drv_ndi_create_rsp_handler(uint8_t vdev_id,
 		return;
 	}
 
+	roam_info = qdf_mem_malloc(sizeof(*roam_info));
+	if (!roam_info)
+		return;
+
 	if (ndi_rsp->status == QDF_STATUS_SUCCESS) {
 		hdd_alert("NDI interface successfully created");
 		os_if_nan_set_ndp_create_transaction_id(adapter->vdev, 0);
@@ -694,10 +698,11 @@ void hdd_ndi_drv_ndi_create_rsp_handler(uint8_t vdev_id,
 
 	sta_ctx->broadcast_staid = ndi_rsp->sta_id;
 	hdd_save_peer(sta_ctx, sta_ctx->broadcast_staid, &bc_mac_addr);
-	hdd_roam_register_sta(adapter, &roam_info,
+	hdd_roam_register_sta(adapter, roam_info,
 			      sta_ctx->broadcast_staid,
 			      &tmp_bss_descp);
 	hdd_ctx->sta_to_adapter[sta_ctx->broadcast_staid] = adapter;
+	qdf_mem_free(roam_info);
 }
 
 void hdd_ndi_close(uint8_t vdev_id)
@@ -784,7 +789,7 @@ int hdd_ndp_new_peer_handler(uint8_t vdev_id, uint16_t sta_id,
 	struct hdd_adapter *adapter;
 	struct hdd_station_ctx *sta_ctx;
 	struct bss_description tmp_bss_descp = {0};
-	struct csr_roam_info roam_info = {0};
+	struct csr_roam_info *roam_info;
 
 	hdd_enter();
 
@@ -812,17 +817,22 @@ int hdd_ndp_new_peer_handler(uint8_t vdev_id, uint16_t sta_id,
 		return -EPERM;
 	}
 
+	roam_info = qdf_mem_malloc(sizeof(*roam_info));
+	if (!roam_info)
+		return -ENOMEM;
+
 	/* this function is called for each new peer */
-	hdd_roam_register_sta(adapter, &roam_info, sta_id, &tmp_bss_descp);
+	hdd_roam_register_sta(adapter, roam_info, sta_id, &tmp_bss_descp);
 	hdd_ctx->sta_to_adapter[sta_id] = adapter;
 	/* perform following steps for first new peer ind */
 	if (fist_peer) {
 		hdd_info("Set ctx connection state to connected");
 		sta_ctx->conn_info.connState = eConnectionState_NdiConnected;
-		hdd_wmm_connect(adapter, &roam_info, eCSR_BSS_TYPE_NDI);
+		hdd_wmm_connect(adapter, roam_info, eCSR_BSS_TYPE_NDI);
 		wlan_hdd_netif_queue_control(adapter,
 				WLAN_WAKE_ALL_NETIF_QUEUE, WLAN_CONTROL_PATH);
 	}
+	qdf_mem_free(roam_info);
 	hdd_exit();
 	return 0;
 }

core/sme/src/common/sme_api.c

@@ -1222,12 +1222,16 @@ static QDF_STATUS dfs_msg_processor(struct mac_context *mac,
 		struct scheduler_msg *msg)
 {
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
-	struct csr_roam_info roam_info = { 0 };
+	struct csr_roam_info *roam_info;
 	tSirSmeCSAIeTxCompleteRsp *csa_ie_tx_complete_rsp;
 	uint32_t session_id = 0;
 	eRoamCmdStatus roam_status;
 	eCsrRoamResult roam_result;
 
+	roam_info = qdf_mem_malloc(sizeof(*roam_info));
+	if (!roam_info)
+		return QDF_STATUS_E_NOMEM;
+
 	switch (msg->type) {
 	case eWNI_SME_DFS_RADAR_FOUND:
 	{
@@ -1244,6 +1248,7 @@ static QDF_STATUS dfs_msg_processor(struct mac_context *mac,
 			(tSirSmeCSAIeTxCompleteRsp *) msg->bodyptr;
 		if (!csa_ie_tx_complete_rsp) {
 			sme_err("eWNI_SME_DFS_CSAIE_TX_COMPLETE_IND null msg");
+			qdf_mem_free(roam_info);
 			return QDF_STATUS_E_FAILURE;
 		}
 		session_id = csa_ie_tx_complete_rsp->sessionId;
@@ -1277,14 +1282,16 @@ static QDF_STATUS dfs_msg_processor(struct mac_context *mac,
 	default:
 	{
 		sme_err("Invalid DFS message: 0x%x", msg->type);
+		qdf_mem_free(roam_info);
 		status = QDF_STATUS_E_FAILURE;
 		return status;
 	}
 	}
 
 	/* Indicate Radar Event to SAP */
-	csr_roam_call_callback(mac, session_id, &roam_info, 0,
+	csr_roam_call_callback(mac, session_id, roam_info, 0,
 			       roam_status, roam_result);
+	qdf_mem_free(roam_info);
 	return status;
 }
 
@@ -1299,17 +1306,23 @@ sme_unprotected_mgmt_frm_ind(struct mac_context *mac,
 			     tpSirSmeUnprotMgmtFrameInd pSmeMgmtFrm)
 {
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
-	struct csr_roam_info roam_info = { 0 };
+	struct csr_roam_info *roam_info;
 	uint32_t SessionId = pSmeMgmtFrm->sessionId;
 
-	roam_info.nFrameLength = pSmeMgmtFrm->frameLen;
-	roam_info.pbFrames = pSmeMgmtFrm->frameBuf;
-	roam_info.frameType = pSmeMgmtFrm->frameType;
+	roam_info = qdf_mem_malloc(sizeof(*roam_info));
+	if (!roam_info)
+		return QDF_STATUS_E_NOMEM;
+
+	roam_info->nFrameLength = pSmeMgmtFrm->frameLen;
+	roam_info->pbFrames = pSmeMgmtFrm->frameBuf;
+	roam_info->frameType = pSmeMgmtFrm->frameType;
 
 	/* forward the mgmt frame to HDD */
-	csr_roam_call_callback(mac, SessionId, &roam_info, 0,
+	csr_roam_call_callback(mac, SessionId, roam_info, 0,
 			       eCSR_ROAM_UNPROT_MGMT_FRAME_IND, 0);
 
+	qdf_mem_free(roam_info);
+
 	return status;
 }
 #endif
@@ -1359,7 +1372,7 @@ static QDF_STATUS sme_extended_change_channel_ind(struct mac_context *mac_ctx,
 	struct sir_sme_ext_cng_chan_ind *ext_chan_ind;
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
 	uint32_t session_id = 0;
-	struct csr_roam_info roamInfo = {0};
+	struct csr_roam_info *roam_info;
 	eRoamCmdStatus roam_status;
 	eCsrRoamResult roam_result;
 
@@ -1368,16 +1381,20 @@ static QDF_STATUS sme_extended_change_channel_ind(struct mac_context *mac_ctx,
 		sme_err("ext_chan_ind is NULL");
 		return QDF_STATUS_E_FAILURE;
 	}
+	roam_info = qdf_mem_malloc(sizeof(*roam_info));
+	if (!roam_info)
+		return QDF_STATUS_E_NOMEM;
 	session_id = ext_chan_ind->session_id;
-	roamInfo.target_channel = ext_chan_ind->new_channel;
+	roam_info->target_channel = ext_chan_ind->new_channel;
 	roam_status = eCSR_ROAM_EXT_CHG_CHNL_IND;
 	roam_result = eCSR_ROAM_EXT_CHG_CHNL_UPDATE_IND;
 	sme_debug("sapdfs: Received eWNI_SME_EXT_CHANGE_CHANNEL_IND for session id [%d]",
 		 session_id);
 
 	/* Indicate Ext Channel Change event to SAP */
-	csr_roam_call_callback(mac_ctx, session_id, &roamInfo, 0,
-					roam_status, roam_result);
+	csr_roam_call_callback(mac_ctx, session_id, roam_info, 0,
+			       roam_status, roam_result);
+	qdf_mem_free(roam_info);
 	return status;
 }
 
@@ -1542,15 +1559,20 @@ static QDF_STATUS sme_tsm_ie_ind(struct mac_context *mac,
 				 struct tsm_ie_ind *pSmeTsmIeInd)
 {
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
-	struct csr_roam_info roam_info = { 0 };
+	struct csr_roam_info *roam_info;
 	uint32_t SessionId = pSmeTsmIeInd->sessionId;
 
-	roam_info.tsm_ie.tsid = pSmeTsmIeInd->tsm_ie.tsid;
-	roam_info.tsm_ie.state = pSmeTsmIeInd->tsm_ie.state;
-	roam_info.tsm_ie.msmt_interval = pSmeTsmIeInd->tsm_ie.msmt_interval;
+	roam_info = qdf_mem_malloc(sizeof(*roam_info));
+	if (!roam_info)
+		return QDF_STATUS_E_NOMEM;
+
+	roam_info->tsm_ie.tsid = pSmeTsmIeInd->tsm_ie.tsid;
+	roam_info->tsm_ie.state = pSmeTsmIeInd->tsm_ie.state;
+	roam_info->tsm_ie.msmt_interval = pSmeTsmIeInd->tsm_ie.msmt_interval;
 	/* forward the tsm ie information to HDD */
-	csr_roam_call_callback(mac, SessionId, &roam_info, 0,
+	csr_roam_call_callback(mac, SessionId, roam_info, 0,
 			       eCSR_ROAM_TSM_IE_IND, 0);
+	qdf_mem_free(roam_info);
 	return status;
 }
 
@@ -8681,39 +8703,44 @@ static QDF_STATUS sme_process_channel_change_resp(struct mac_context *mac,
 					   uint16_t msg_type, void *pMsgBuf)
 {
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
-	struct csr_roam_info proam_info = { 0 };
+	struct csr_roam_info *roam_info;
 	eCsrRoamResult roamResult;
 	tpSwitchChannelParams pChnlParams = (tpSwitchChannelParams) pMsgBuf;
 	uint32_t SessionId = pChnlParams->peSessionId;
 
-	proam_info.channelChangeRespEvent =
+	roam_info = qdf_mem_malloc(sizeof(*roam_info));
+	if (!roam_info)
+		return QDF_STATUS_E_NOMEM;
+
+	roam_info->channelChangeRespEvent =
 		qdf_mem_malloc(sizeof(tSirChanChangeResponse));
-	if (!proam_info.channelChangeRespEvent) {
+	if (!roam_info->channelChangeRespEvent) {
 		status = QDF_STATUS_E_NOMEM;
+		qdf_mem_free(roam_info);
 		return status;
 	}
 	if (msg_type == eWNI_SME_CHANNEL_CHANGE_RSP) {
-		proam_info.channelChangeRespEvent->sessionId = SessionId;
-		proam_info.channelChangeRespEvent->newChannelNumber =
+		roam_info->channelChangeRespEvent->sessionId = SessionId;
+		roam_info->channelChangeRespEvent->newChannelNumber =
 			pChnlParams->channelNumber;
 
 		if (pChnlParams->status == QDF_STATUS_SUCCESS) {
 			QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_DEBUG,
 				  "sapdfs: Received success eWNI_SME_CHANNEL_CHANGE_RSP for sessionId[%d]",
 				  SessionId);
-			proam_info.channelChangeRespEvent->channelChangeStatus =
+			roam_info->channelChangeRespEvent->channelChangeStatus =
 				1;
 			roamResult = eCSR_ROAM_RESULT_CHANNEL_CHANGE_SUCCESS;
 		} else {
 			QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_DEBUG,
 				  "sapdfs: Received failure eWNI_SME_CHANNEL_CHANGE_RSP for sessionId[%d]",
 				  SessionId);
-			proam_info.channelChangeRespEvent->channelChangeStatus =
+			roam_info->channelChangeRespEvent->channelChangeStatus =
 				0;
 			roamResult = eCSR_ROAM_RESULT_CHANNEL_CHANGE_FAILURE;
 		}
 
-		csr_roam_call_callback(mac, SessionId, &proam_info, 0,
+		csr_roam_call_callback(mac, SessionId, roam_info, 0,
 				       eCSR_ROAM_SET_CHANNEL_RSP, roamResult);
 
 	} else {
@@ -8721,7 +8748,8 @@ static QDF_STATUS sme_process_channel_change_resp(struct mac_context *mac,
 		sme_err("Invalid Channel Change Resp Message: %d",
 			status);
 	}
-	qdf_mem_free(proam_info.channelChangeRespEvent);
+	qdf_mem_free(roam_info->channelChangeRespEvent);
+	qdf_mem_free(roam_info);
 
 	return status;
 }

core/sme/src/csr/csr_host_scan_roam.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016-2018 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2016-2019 The Linux Foundation. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -606,7 +606,7 @@ tpCsrNeighborRoamBSSInfo csr_neighbor_roam_next_roamable_ap(
 void csr_neighbor_roam_request_handoff(struct mac_context *mac_ctx,
 		uint8_t session_id)
 {
-	struct csr_roam_info roam_info;
+	struct csr_roam_info *roam_info;
 	tpCsrNeighborRoamControlInfo neighbor_roam_info =
 		&mac_ctx->roam.neighborRoamInfo[session_id];
 	tCsrNeighborRoamBSSInfo handoff_node;
@@ -634,11 +634,13 @@ void csr_neighbor_roam_request_handoff(struct mac_context *mac_ctx,
 		  FL("HANDOFF CANDIDATE BSSID "MAC_ADDRESS_STR),
 		  MAC_ADDR_ARRAY(handoff_node.pBssDescription->bssId));
 
-	qdf_mem_zero(&roam_info, sizeof(struct csr_roam_info));
-	csr_roam_call_callback(mac_ctx, session_id, &roam_info, roamid,
+	roam_info = qdf_mem_malloc(sizeof(*roam_info));
+	if (!roam_info)
+		return;
+	csr_roam_call_callback(mac_ctx, session_id, roam_info, roamid,
 			       eCSR_ROAM_FT_START, eCSR_ROAM_RESULT_SUCCESS);
 
-	qdf_mem_zero(&roam_info, sizeof(struct csr_roam_info));
+	qdf_mem_zero(roam_info, sizeof(*roam_info));
 	csr_neighbor_roam_state_transition(mac_ctx,
 			eCSR_NEIGHBOR_ROAM_STATE_REASSOCIATING, session_id);
 
@@ -659,6 +661,7 @@ void csr_neighbor_roam_request_handoff(struct mac_context *mac_ctx,
 		QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_ERROR,
 			FL("csr_roam_copy_connected_profile failed %d"),
 			status);
+		qdf_mem_free(roam_info);
 		return;
 	}
 	qdf_mem_copy(neighbor_roam_info->csrNeighborRoamProfile.BSSIDs.bssid,
@@ -673,17 +676,19 @@ void csr_neighbor_roam_request_handoff(struct mac_context *mac_ctx,
 			    (mac_ctx, session_id,
 			    eCSR_DISCONNECT_REASON_HANDOFF))) {
 		sme_warn("csr_roamHandoffRequested: fail to issue disassoc");
+		qdf_mem_free(roam_info);
 		return;
 	}
 	/* notify HDD for handoff, providing the BSSID too */
-	roam_info.reasonCode = eCsrRoamReasonBetterAP;
+	roam_info->reasonCode = eCsrRoamReasonBetterAP;
 
-	qdf_mem_copy(roam_info.bssid.bytes,
+	qdf_mem_copy(roam_info->bssid.bytes,
 		     handoff_node.pBssDescription->bssId,
 		     sizeof(struct qdf_mac_addr));
 
-	csr_roam_call_callback(mac_ctx, session_id, &roam_info, 0,
+	csr_roam_call_callback(mac_ctx, session_id, roam_info, 0,
 			       eCSR_ROAM_ROAMING_START, eCSR_ROAM_RESULT_NONE);
+	qdf_mem_free(roam_info);
 
 }
 

core/sme/src/csr/csr_neighbor_roam.c

@@ -1074,7 +1074,7 @@ QDF_STATUS csr_neighbor_roam_indicate_connect(
 		&mac->roam.neighborRoamInfo[session_id];
 	struct csr_roam_session *session = &mac->roam.roamSession[session_id];
 #ifdef WLAN_FEATURE_ROAM_OFFLOAD
-	struct csr_roam_info roamInfo;
+	struct csr_roam_info *roam_info;
 #endif
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
 
@@ -1109,16 +1109,20 @@ QDF_STATUS csr_neighbor_roam_indicate_connect(
 		(eSIR_ROAM_AUTH_STATUS_AUTHENTICATED ==
 		session->roam_synch_data->authStatus)) {
 		sme_debug("LFR3: Authenticated");
-		qdf_copy_macaddr(&roamInfo.peerMac,
-			&session->connectedProfile.bssid);
-		roamInfo.roamSynchInProgress =
+		roam_info = qdf_mem_malloc(sizeof(*roam_info));
+		if (!roam_info)
+			return QDF_STATUS_E_NOMEM;
+		qdf_copy_macaddr(&roam_info->peerMac,
+				 &session->connectedProfile.bssid);
+		roam_info->roamSynchInProgress =
 			session->roam_synch_in_progress;
-		csr_roam_call_callback(mac, session_id, &roamInfo, 0,
-			eCSR_ROAM_SET_KEY_COMPLETE,
-			eCSR_ROAM_RESULT_AUTHENTICATED);
+		csr_roam_call_callback(mac, session_id, roam_info, 0,
+				       eCSR_ROAM_SET_KEY_COMPLETE,
+				       eCSR_ROAM_RESULT_AUTHENTICATED);
 		csr_neighbor_roam_reset_init_state_control_info(mac,
 			session_id);
 		csr_neighbor_roam_info_ctx_init(mac, session_id);
+		qdf_mem_free(roam_info);
 		return status;
 	}
 #endif

core/sme/src/csr/csr_roam_preauth.c

@@ -580,7 +580,7 @@ void csr_roam_ft_pre_auth_rsp_processor(struct mac_context *mac_ctx,
 					tpSirFTPreAuthRsp preauth_rsp)
 {
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
-	struct csr_roam_info roam_info;
+	struct csr_roam_info *roam_info;
 	eCsrAuthType conn_Auth_type;
 	uint32_t session_id = preauth_rsp->smeSessionId;
 	struct csr_roam_session *csr_session = CSR_GET_SESSION(mac_ctx,
@@ -622,6 +622,10 @@ void csr_roam_ft_pre_auth_rsp_processor(struct mac_context *mac_ctx,
 			status);
 		return;
 	}
+
+	roam_info = qdf_mem_malloc(sizeof(*roam_info));
+	if (!roam_info)
+		return;
 	qdf_mem_copy((void *)&csr_session->ftSmeContext.preAuthbssId,
 		(void *)preauth_rsp->preAuthbssId,
 		sizeof(struct qdf_mac_addr));
@@ -631,26 +635,28 @@ void csr_roam_ft_pre_auth_rsp_processor(struct mac_context *mac_ctx,
 
 #ifdef FEATURE_WLAN_ESE
 	if (csr_roam_is_ese_assoc(mac_ctx, preauth_rsp->smeSessionId)) {
-		csr_roam_read_tsf(mac_ctx, (uint8_t *) roam_info.timestamp,
-				preauth_rsp->smeSessionId);
-		qdf_mem_copy((void *)&roam_info.bssid,
-				(void *)preauth_rsp->preAuthbssId,
-				sizeof(struct qdf_mac_addr));
+		csr_roam_read_tsf(mac_ctx, (uint8_t *)&roam_info->timestamp,
+				  preauth_rsp->smeSessionId);
+		qdf_mem_copy((void *)&roam_info->bssid,
+			     (void *)preauth_rsp->preAuthbssId,
+			     sizeof(struct qdf_mac_addr));
 		csr_roam_call_callback(mac_ctx, preauth_rsp->smeSessionId,
-				&roam_info, 0, eCSR_ROAM_CCKM_PREAUTH_NOTIFY,
-				0);
+				       roam_info, 0,
+				       eCSR_ROAM_CCKM_PREAUTH_NOTIFY, 0);
 	}
 #endif
 
 	if (csr_roam_is_fast_roam_enabled(mac_ctx, preauth_rsp->smeSessionId)) {
 		/* Save the bssid from the received response */
-		qdf_mem_copy((void *)&roam_info.bssid,
-				(void *)preauth_rsp->preAuthbssId,
-				sizeof(struct qdf_mac_addr));
+		qdf_mem_copy((void *)&roam_info->bssid,
+			     (void *)preauth_rsp->preAuthbssId,
+			     sizeof(struct qdf_mac_addr));
 		csr_roam_call_callback(mac_ctx, preauth_rsp->smeSessionId,
-				&roam_info, 0, eCSR_ROAM_PMK_NOTIFY, 0);
+				       roam_info, 0, eCSR_ROAM_PMK_NOTIFY, 0);
 	}
 
+	qdf_mem_free(roam_info);
+
 	/* If its an Open Auth, FT IEs are not provided by supplicant */
 	/* Hence populate them here */
 	conn_Auth_type =

core/sme/src/rrm/sme_rrm.c

@@ -276,7 +276,7 @@ static QDF_STATUS sme_ese_send_beacon_req_scan_results(
 	uint8_t bss_counter = 0;
 	tCsrScanResultInfo *cur_result = NULL;
 	tpRrmSMEContext rrm_ctx = &mac_ctx->rrm.rrmSmeContext;
-	struct csr_roam_info roam_info;
+	struct csr_roam_info *roam_info;
 	struct ese_bcn_report_rsp bcn_rpt_rsp;
 	struct ese_bcn_report_rsp *bcn_report = &bcn_rpt_rsp;
 	tpCsrEseBeaconReqParams cur_meas_req = NULL;
@@ -293,6 +293,10 @@ static QDF_STATUS sme_ese_send_beacon_req_scan_results(
 		return QDF_STATUS_E_FAILURE;
 	}
 
+	roam_info = qdf_mem_malloc(sizeof(*roam_info));
+	if (!roam_info)
+		return QDF_STATUS_E_NOMEM;
+
 	if (result_arr)
 		cur_result = result_arr[bss_counter];
 
@@ -378,15 +382,17 @@ static QDF_STATUS sme_ese_send_beacon_req_scan_results(
 			bcn_report->numBss, j, bss_counter,
 			bcn_report->flag);
 
-		roam_info.pEseBcnReportRsp = bcn_report;
-		status = csr_roam_call_callback(mac_ctx, session_id, &roam_info,
-			0, eCSR_ROAM_ESE_BCN_REPORT_IND, 0);
+		roam_info->pEseBcnReportRsp = bcn_report;
+		status = csr_roam_call_callback(mac_ctx, session_id, roam_info,
+						0, eCSR_ROAM_ESE_BCN_REPORT_IND,
+						0);
 
 		/* Free the memory allocated to IE */
 		for (i = 0; i < j; i++)
 			if (bcn_report->bcnRepBssInfo[i].pBuf)
 				qdf_mem_free(bcn_report->bcnRepBssInfo[i].pBuf);
 	} while (cur_result);
+	qdf_mem_free(roam_info);
 	return status;
 }