qcacld-3.0: Fix potential memory leak issues in driver code

Currently in these APIs, driver has a potential mem leak if
the code deviates from the success path:-

1. sme_ap_disable_intra_bss_fwd, param pSapDisableIntraFwd
was not freed in case of mutex acquire gets fail.

2. sme_set_wisa_params, param cds_msg_wisa_params was not freed
in case of mutex cquire fail, and in case of msg failed to
post to scheduler.

3. sme_update_sta_inactivity_timeout, param inactivity_time was
not freed in any case, and has to be freed after use.

4. wma_del_tdls_sta, param peerStateParams needs to be freed
in every failure case, in which the driver sends a del rsp in
error case.

Change-Id: Ibb6061dc399c0f408e7469e91d8084c82786a561
CRs-Fixed: 2466435

core/sme/src/common/sme_api.c

@@ -8562,8 +8562,8 @@ QDF_STATUS sme_update_sta_inactivity_timeout(mac_handle_t mac_handle,
 	inactivity_time->sta_inactivity_timeout =
 		sta_inactivity_timer->sta_inactivity_timeout;
 
-	wma_update_sta_inactivity_timeout(wma_handle,
-				inactivity_time);
+	wma_update_sta_inactivity_timeout(wma_handle, inactivity_time);
+	qdf_mem_free(inactivity_time);
 	return QDF_STATUS_SUCCESS;
 }
 
@@ -9186,20 +9186,24 @@ QDF_STATUS sme_ap_disable_intra_bss_fwd(mac_handle_t mac_handle,
 	pSapDisableIntraFwd->disableintrabssfwd = disablefwd;
 
 	status = sme_acquire_global_lock(&mac->sme);
-	if (QDF_IS_STATUS_SUCCESS(status)) {
-		/* serialize the req through MC thread */
-		message.bodyptr = pSapDisableIntraFwd;
-		message.type = WMA_SET_SAP_INTRABSS_DIS;
-		qdf_status = scheduler_post_message(QDF_MODULE_ID_SME,
-						    QDF_MODULE_ID_WMA,
-						    QDF_MODULE_ID_WMA,
-						    &message);
-		if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
-			status = QDF_STATUS_E_FAILURE;
-			qdf_mem_free(pSapDisableIntraFwd);
-		}
-		sme_release_global_lock(&mac->sme);
+
+	if (QDF_IS_STATUS_ERROR(status)) {
+		qdf_mem_free(pSapDisableIntraFwd);
+		return QDF_STATUS_E_FAILURE;
 	}
+	/* serialize the req through MC thread */
+	message.bodyptr = pSapDisableIntraFwd;
+	message.type = WMA_SET_SAP_INTRABSS_DIS;
+	qdf_status = scheduler_post_message(QDF_MODULE_ID_SME,
+					    QDF_MODULE_ID_WMA,
+					    QDF_MODULE_ID_WMA,
+					    &message);
+	if (QDF_IS_STATUS_ERROR(status)) {
+		status = QDF_STATUS_E_FAILURE;
+		qdf_mem_free(pSapDisableIntraFwd);
+	}
+	sme_release_global_lock(&mac->sme);
+
 	return status;
 }
 
@@ -10143,14 +10147,19 @@ QDF_STATUS sme_set_wisa_params(mac_handle_t mac_handle,
 
 	*cds_msg_wisa_params = *wisa_params;
 	status = sme_acquire_global_lock(&mac->sme);
-	if (QDF_IS_STATUS_SUCCESS(status)) {
-		message.bodyptr = cds_msg_wisa_params;
-		message.type = WMA_SET_WISA_PARAMS;
-		status = scheduler_post_message(QDF_MODULE_ID_SME,
-						QDF_MODULE_ID_WMA,
-						QDF_MODULE_ID_WMA, &message);
-		sme_release_global_lock(&mac->sme);
+
+	if (QDF_IS_STATUS_ERROR(status)) {
+		qdf_mem_free(cds_msg_wisa_params);
+		return QDF_STATUS_E_FAILURE;
 	}
+	message.bodyptr = cds_msg_wisa_params;
+	message.type = WMA_SET_WISA_PARAMS;
+	status = scheduler_post_message(QDF_MODULE_ID_SME,
+					QDF_MODULE_ID_WMA,
+					QDF_MODULE_ID_WMA, &message);
+	if (QDF_IS_STATUS_ERROR(status))
+		qdf_mem_free(cds_msg_wisa_params);
+	sme_release_global_lock(&mac->sme);
 	return status;
 }
 

core/wma/src/wma_dev_if.c

@@ -5730,6 +5730,7 @@ static void wma_del_tdls_sta(tp_wma_handle wma, tpDeleteStaParams del_sta)
 	if (wma_is_roam_synch_in_progress(wma, del_sta->smesessionId)) {
 		WMA_LOGE("%s: roaming in progress, reject del sta!", __func__);
 		del_sta->status = QDF_STATUS_E_PERM;
+		qdf_mem_free(peer_state);
 		goto send_del_rsp;
 	}