qcacld-3.0: Fix ROME SAP connection failure issue

For ROME SAP connection phase, we should post the
eWNI_SME_ASSOC_IND_UPPER_LAYER to the queue after
finish sending out the association response frame
for other thread to handle it, otherwise using sme
callback handler in the irq thread will make it has
QDF ASSERT issue in the qdf_mutex_acquire. And the
call sequence that cause the assert like this:
__do_softirq -> ce_engine_service_reg ->
htc_rx_completion_handler -> htt_t2h_msg_handler
-> ol_tx_single_completion_handler ->
ol_tx_desc_frame_free_nonstd ->
tgt_mgmt_txrx_tx_completion_handler ->
lim_assoc_rsp_tx_complete -> sme_process_msg ->
qdf_mutex_acquire.
Meanwhile, lim_assoc_ind will be free in the
lim_assoc_rsp_tx_complete, but it still need to
be used for sme_assoc_ind->assocReqPtr in the
lim_fill_sme_assoc_ind_params, which cause the
assoc req pass to hostapd should be NULL, fix
such issue.

Change-Id: I390224ba64ea6cd963630de5b360e7b5e74a4d10
CRs-Fixed: 2542880

core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c

@@ -644,14 +644,21 @@ void
 lim_fill_sme_assoc_ind_params(
 	struct mac_context *mac_ctx,
 	tpLimMlmAssocInd assoc_ind, struct assoc_ind *sme_assoc_ind,
-	struct pe_session *session_entry)
+	struct pe_session *session_entry, bool assoc_req_alloc)
 {
 	sme_assoc_ind->length = sizeof(struct assoc_ind);
 	sme_assoc_ind->sessionId = session_entry->smeSessionId;
 
 	/* Required for indicating the frames to upper layer */
 	sme_assoc_ind->assocReqLength = assoc_ind->assocReqLength;
-	sme_assoc_ind->assocReqPtr = assoc_ind->assocReqPtr;
+	if (assoc_req_alloc && assoc_ind->assocReqLength) {
+		sme_assoc_ind->assocReqPtr = qdf_mem_malloc(
+					     assoc_ind->assocReqLength);
+		qdf_mem_copy(sme_assoc_ind->assocReqPtr, assoc_ind->assocReqPtr,
+			     assoc_ind->assocReqLength);
+	} else {
+		sme_assoc_ind->assocReqPtr = assoc_ind->assocReqPtr;
+	}
 
 	sme_assoc_ind->beaconPtr = session_entry->beacon;
 	sme_assoc_ind->beaconLength = session_entry->bcnLen;
@@ -765,7 +772,7 @@ void lim_process_mlm_assoc_ind(struct mac_context *mac, uint32_t *msg_buf)
 	pSirSmeAssocInd->messageType = eWNI_SME_ASSOC_IND;
 	lim_fill_sme_assoc_ind_params(mac, (tpLimMlmAssocInd)msg_buf,
 				      pSirSmeAssocInd,
-				      pe_session);
+				      pe_session, false);
 	msg.type = eWNI_SME_ASSOC_IND;
 	msg.bodyptr = pSirSmeAssocInd;
 	msg.bodyval = 0;

core/mac/src/pe/lim/lim_send_management_frames.c

@@ -1096,7 +1096,7 @@ static QDF_STATUS lim_assoc_rsp_tx_complete(
 	lim_fill_sme_assoc_ind_params(
 				mac_ctx, lim_assoc_ind,
 				sme_assoc_ind,
-				session_entry);
+				session_entry, true);
 
 	qdf_mem_zero(&msg, sizeof(struct scheduler_msg));
 	msg.type = eWNI_SME_ASSOC_IND_UPPER_LAYER;
@@ -1105,8 +1105,8 @@ static QDF_STATUS lim_assoc_rsp_tx_complete(
 	sme_assoc_ind->staId = sta_ds->staIndex;
 	sme_assoc_ind->reassocReq = sta_ds->mlmStaContext.subType;
 	sme_assoc_ind->timingMeasCap = sta_ds->timingMeasCap;
-
-	mac_ctx->lim.sme_msg_callback(mac_ctx, &msg);
+	MTRACE(mac_trace_msg_tx(mac_ctx, session_entry->peSessionId, msg.type));
+	lim_sys_process_mmh_msg_api(mac_ctx, &msg);
 
 	qdf_mem_free(lim_assoc_ind);
 	if (assoc_req->assocReqFrame) {

core/mac/src/pe/lim/lim_types.h

@@ -426,6 +426,7 @@ bool lim_fill_lim_assoc_ind_params(
  * @assoc_ind: PE association indication structure
  * @sme_assoc_ind: SME association indication
  * @session_entry: PE session entry
+ * @assoc_req_alloc: malloc memory for assoc_req or not
  *
  * Return: None
  */
@@ -433,7 +434,7 @@ void
 lim_fill_sme_assoc_ind_params(
 	struct mac_context *mac_ctx,
 	tpLimMlmAssocInd assoc_ind, struct assoc_ind *sme_assoc_ind,
-	struct pe_session *session_entry);
+	struct pe_session *session_entry, bool assoc_req_alloc);
 void lim_send_mlm_assoc_ind(struct mac_context *mac, tpDphHashNode sta,
 			    struct pe_session *pe_session);
 

core/sme/src/csr/csr_api_roam.c

@@ -11769,6 +11769,15 @@ csr_roam_chk_lnk_assoc_ind_upper_layer(
 	}
 	csr_send_assoc_ind_to_upper_layer_cnf_msg(
 					mac_ctx, assoc_ind, status, session_id);
+	/*in the association response tx compete case,
+	 *memory for assoc_ind->assocReqPtr will be malloced
+	 *in the lim_assoc_rsp_tx_complete -> lim_fill_sme_assoc_ind_params
+	 *and then assoc_ind will pass here, so after using it
+	 *in the csr_send_assoc_ind_to_upper_layer_cnf_msg and
+	 *then free the memroy here.
+	 */
+	if (assoc_ind->assocReqLength != 0 && assoc_ind->assocReqPtr)
+		qdf_mem_free(assoc_ind->assocReqPtr);
 }
 
 static void