qcacld-3.0: Don't release memory within SME if serialization req fails

SME module calls enqueue request API, if API returns failure status then
SME itself is releasing the memory which is not correct.

Let serialization module give a callback to release the memory. Fix the
reference count issue along with it.

CRs-Fixed: 2123634
Change-Id: I18d490a91cf07474df3bd412d9339399df137d5d

core/sme/src/common/sme_api.c

@@ -565,16 +565,10 @@ QDF_STATUS sme_ser_handle_active_cmd(struct wlan_serialization_command *cmd)
 		break;
 	default:
 		/* something is wrong */
-		/* remove it from the active list */
 		sme_err("unknown command %d", sme_cmd->command);
 		status = QDF_STATUS_E_FAILURE;
 		break;
 	}
-	if (!QDF_IS_STATUS_SUCCESS(status)) {
-		sme_err("Releasing memory for %d",
-			sme_cmd->command);
-		csr_release_command(mac_ctx, sme_cmd);
-	}
 	return status;
 }
 

core/sme/src/csr/csr_api_roam.c

@@ -4041,10 +4041,8 @@ QDF_STATUS csr_roam_issue_disassociate_sta_cmd(tpAniSirGlobal pMac,
 		pCommand->u.roamCmd.reason =
 			(tSirMacReasonCodes)p_del_sta_params->reason_code;
 		status = csr_queue_sme_command(pMac, pCommand, false);
-		if (!QDF_IS_STATUS_SUCCESS(status)) {
+		if (!QDF_IS_STATUS_SUCCESS(status))
 			sme_err("fail to send message status: %d", status);
-			csr_release_command(pMac, pCommand);
-		}
 	} while (0);
 
 	return status;
@@ -4082,10 +4080,8 @@ QDF_STATUS csr_roam_issue_deauth_sta_cmd(tpAniSirGlobal pMac,
 		pCommand->u.roamCmd.reason =
 			(tSirMacReasonCodes)pDelStaParams->reason_code;
 		status = csr_queue_sme_command(pMac, pCommand, false);
-		if (!QDF_IS_STATUS_SUCCESS(status)) {
+		if (!QDF_IS_STATUS_SUCCESS(status))
 			sme_err("fail to send message status: %d", status);
-			csr_release_command(pMac, pCommand);
-		}
 	} while (0);
 
 	return status;
@@ -8192,9 +8188,8 @@ QDF_STATUS csr_roam_issue_reassoc(tpAniSirGlobal pMac, uint32_t sessionId,
 		status = csr_queue_sme_command(pMac, pCommand, fImediate);
 		if (!QDF_IS_STATUS_SUCCESS(status)) {
 			sme_err("fail to send message status = %d", status);
-			csr_roam_completion(pMac, sessionId, NULL, pCommand,
+			csr_roam_completion(pMac, sessionId, NULL, NULL,
 					    eCSR_ROAM_RESULT_FAILURE, false);
-			csr_release_command(pMac, pCommand);
 		}
 	}
 	return status;
@@ -8880,10 +8875,8 @@ QDF_STATUS csr_roam_issue_disassociate_cmd(tpAniSirGlobal pMac,
 		}
 		pCommand->u.roamCmd.disconnect_reason = reason;
 		status = csr_queue_sme_command(pMac, pCommand, true);
-		if (!QDF_IS_STATUS_SUCCESS(status)) {
+		if (!QDF_IS_STATUS_SUCCESS(status))
 			sme_err("fail to send message status: %d", status);
-			csr_release_command(pMac, pCommand);
-		}
 	} while (0);
 	return status;
 }
@@ -8906,10 +8899,8 @@ QDF_STATUS csr_roam_issue_stop_bss_cmd(tpAniSirGlobal pMac, uint32_t sessionId,
 		pCommand->sessionId = (uint8_t) sessionId;
 		pCommand->u.roamCmd.roamReason = eCsrStopBss;
 		status = csr_queue_sme_command(pMac, pCommand, fHighPriority);
-		if (!QDF_IS_STATUS_SUCCESS(status)) {
+		if (!QDF_IS_STATUS_SUCCESS(status))
 			sme_err("fail to send message status: %d", status);
-			csr_release_command(pMac, pCommand);
-		}
 	} else {
 		sme_err("fail to get command buffer");
 		status = QDF_STATUS_E_RESOURCES;
@@ -10969,12 +10960,10 @@ bool csr_roam_issue_wm_status_change(tpAniSirGlobal pMac, uint32_t sessionId,
 					    DeauthIndMsg));
 		}
 		if (QDF_IS_STATUS_SUCCESS
-			    (csr_queue_sme_command(pMac, pCommand, true))) {
+			    (csr_queue_sme_command(pMac, pCommand, true)))
 			fCommandQueued = true;
-		} else {
+		else
 			sme_err("fail to send message");
-			csr_release_command(pMac, pCommand);
-		}
 
 		/* AP has issued Dissac/Deauth, Set the operating mode
 		 * value to configured value
@@ -19417,26 +19406,27 @@ QDF_STATUS csr_queue_sme_command(tpAniSirGlobal mac_ctx, tSmeCmd *sme_cmd,
 				 bool high_priority)
 {
 	struct wlan_serialization_command cmd;
+	struct wlan_objmgr_vdev *vdev = NULL;
 	QDF_STATUS status;
 
 	if (!SME_IS_START(mac_ctx)) {
 		sme_err("Sme in stop state");
 		QDF_ASSERT(0);
-		return QDF_STATUS_E_PERM;
+		goto error;
 	}
 
 	if ((eSmeCommandScan == sme_cmd->command) &&
 				mac_ctx->scan.fDropScanCmd) {
 		sme_debug("drop scan (scan reason %d) command",
 			sme_cmd->u.scanCmd.reason);
-		return QDF_STATUS_CSR_WRONG_STATE;
+		goto error;
 	}
 
 	if (CSR_IS_WAIT_FOR_KEY(mac_ctx, sme_cmd->sessionId)) {
 		if (!CSR_IS_DISCONNECT_COMMAND(sme_cmd)) {
 			sme_err("Can't process cmd(%d), waiting for key",
 				sme_cmd->command);
-			return QDF_STATUS_CMD_NOT_QUEUED;
+			goto error;
 		}
 	}
 
@@ -19446,7 +19436,7 @@ QDF_STATUS csr_queue_sme_command(tpAniSirGlobal mac_ctx, tSmeCmd *sme_cmd,
 			sme_err("Max scan reached");
 			csr_scan_call_callback(mac_ctx, sme_cmd,
 					       eCSR_SCAN_ABORT);
-			return QDF_STATUS_E_FAILURE;
+			goto error;
 		}
 	}
 
@@ -19454,19 +19444,23 @@ QDF_STATUS csr_queue_sme_command(tpAniSirGlobal mac_ctx, tSmeCmd *sme_cmd,
 	status = csr_set_serialization_params_to_cmd(mac_ctx, sme_cmd,
 					&cmd, high_priority);
 	if (QDF_STATUS_SUCCESS == status) {
+		vdev = cmd.vdev;
 		if (WLAN_SER_CMD_DENIED_UNSPECIFIED ==
-				wlan_serialization_request(&cmd)) {
-			sme_err("failed to enq to req");
+				wlan_serialization_request(&cmd))
 			status = QDF_STATUS_E_FAILURE;
-		}
-		if (cmd.vdev)
-			wlan_objmgr_vdev_release_ref(cmd.vdev,
-						WLAN_LEGACY_SME_ID);
+		if (vdev)
+			wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
+		if (status == QDF_STATUS_E_FAILURE)
+			goto error;
 	} else {
 		sme_err("failed to set ser params");
-		status = QDF_STATUS_E_FAILURE;
+		goto error;
 	}
 	return status;
+
+error:
+	csr_release_command_buffer(mac_ctx, sme_cmd);
+	return QDF_STATUS_E_FAILURE;
 }
 
 QDF_STATUS csr_roam_update_config(tpAniSirGlobal mac_ctx, uint8_t session_id,

core/sme/src/csr/csr_api_scan.c

@@ -603,8 +603,10 @@ QDF_STATUS csr_scan_request(tpAniSirGlobal pMac, uint16_t sessionId,
 		MAC_ADDR_ARRAY(scan_cmd->u.scanCmd.u.scanRequest.bssid.bytes));
 
 	status = csr_queue_sme_command(pMac, scan_cmd, false);
-	if (!QDF_IS_STATUS_SUCCESS(status))
+	if (!QDF_IS_STATUS_SUCCESS(status)) {
 		sme_err("fail to send message status: %d", status);
+		return status;
+	}
 
 release_cmd:
 	if (!QDF_IS_STATUS_SUCCESS(status) && scan_cmd) {
@@ -612,7 +614,7 @@ release_cmd:
 			sessionId, status, scan_cmd->u.scanCmd.reason,
 			scan_req->SSIDs.numOfSSIDs, scan_req->p2pSearch,
 			scan_cmd->u.scanCmd.scanID);
-		csr_release_command(pMac, scan_cmd);
+		csr_release_command_buffer(pMac, scan_cmd);
 	}
 
 	return status;
@@ -907,14 +909,16 @@ csr_scan_request_lost_link1(tpAniSirGlobal mac_ctx, uint32_t session_id)
 	qdf_mem_set(&cmd->u.scanCmd.u.scanRequest.bssid,
 		    sizeof(struct qdf_mac_addr), 0xFF);
 	status = csr_queue_sme_command(mac_ctx, cmd, false);
-	if (!QDF_IS_STATUS_SUCCESS(status))
+	if (!QDF_IS_STATUS_SUCCESS(status)) {
 		sme_err("fail to send message status: %d", status);
+		return status;
+	}
 
 release_lost_link1_cmd:
 	if (!QDF_IS_STATUS_SUCCESS(status)) {
 		sme_warn("failed with status %d", status);
 		if (cmd)
-			csr_release_command(mac_ctx, cmd);
+			csr_release_command_buffer(mac_ctx, cmd);
 		status = csr_scan_handle_failed_lostlink1(mac_ctx, session_id);
 	}
 	return status;
@@ -1034,14 +1038,14 @@ csr_scan_request_lost_link2(tpAniSirGlobal mac_ctx, uint32_t session_id)
 	status = csr_queue_sme_command(mac_ctx, cmd, true);
 	if (!QDF_IS_STATUS_SUCCESS(status)) {
 		sme_err("fail to send message status: %d", status);
-		goto release_lost_link2_cmd;
+		return status;
 	}
 
 release_lost_link2_cmd:
 	if (!QDF_IS_STATUS_SUCCESS(status)) {
 		sme_warn("failed with status %d", status);
 		if (cmd)
-			csr_release_command(mac_ctx, cmd);
+			csr_release_command_buffer(mac_ctx, cmd);
 		status = csr_scan_handle_failed_lostlink2(mac_ctx, session_id);
 	}
 	return status;
@@ -1064,6 +1068,7 @@ csr_scan_request_lost_link3(tpAniSirGlobal mac_ctx, uint32_t session_id)
 		cmd = csr_get_command_buffer(mac_ctx);
 		if (!cmd) {
 			status = QDF_STATUS_E_RESOURCES;
+			sme_warn("failed with status %d", status);
 			break;
 		}
 		qdf_mem_set(&cmd->u.scanCmd, sizeof(struct scan_cmd), 0);
@@ -1088,14 +1093,9 @@ csr_scan_request_lost_link3(tpAniSirGlobal mac_ctx, uint32_t session_id)
 		status = csr_queue_sme_command(mac_ctx, cmd, true);
 		if (!QDF_IS_STATUS_SUCCESS(status)) {
 			sme_err("fail to send message status: %d", status);
-			break;
+			return status;
 		}
 	} while (0);
-	if (!QDF_IS_STATUS_SUCCESS(status)) {
-		sme_warn("failed with status %d", status);
-		if (cmd)
-			csr_release_command(mac_ctx, cmd);
-	}
 
 	return status;
 }

core/sme/src/csr/csr_host_scan_roam.c

@@ -112,10 +112,8 @@ QDF_STATUS csr_roam_issue_reassociate_cmd(tpAniSirGlobal pMac,
 		pCommand->sessionId = (uint8_t) sessionId;
 		pCommand->u.roamCmd.roamReason = eCsrSmeIssuedFTReassoc;
 		status = csr_queue_sme_command(pMac, pCommand, fHighPriority);
-		if (!QDF_IS_STATUS_SUCCESS(status)) {
+		if (!QDF_IS_STATUS_SUCCESS(status))
 			sme_err("fail to send message status: %d", status);
-			csr_release_command(pMac, pCommand);
-		}
 	} while (0);
 
 	return status;

core/sme/src/csr/csr_roam_preauth.c

@@ -161,11 +161,10 @@ QDF_STATUS csr_roam_enqueue_preauth(tpAniSirGlobal mac_ctx,
 			command->u.roamCmd.pLastRoamBss = bss_desc;
 			status = csr_queue_sme_command(mac_ctx, command,
 					immediate);
-			if (!QDF_IS_STATUS_SUCCESS(status)) {
+			if (!QDF_IS_STATUS_SUCCESS(status))
 				sme_err("fail to queue preauth,status: %d",
 					status);
-				csr_release_command_preauth(mac_ctx, command);
-			}
+				csr_reinit_preauth_cmd(mac_ctx, command);
 		} else {
 			status = QDF_STATUS_E_RESOURCES;
 		}

core/sme/src/nan/nan_datapath_api.c

@@ -149,10 +149,8 @@ QDF_STATUS sme_ndp_initiator_req_handler(tHalHandle hal,
 	}
 
 	status = csr_queue_sme_command(mac_ctx, cmd, true);
-	if (QDF_STATUS_SUCCESS != status) {
+	if (QDF_STATUS_SUCCESS != status)
 		sme_err("SME enqueue failed, status: %d", status);
-		csr_release_command(mac_ctx, cmd);
-	}
 
 	sme_release_global_lock(&mac_ctx->sme);
 	return status;
@@ -239,10 +237,8 @@ QDF_STATUS sme_ndp_responder_req_handler(tHalHandle hal,
 	}
 
 	status = csr_queue_sme_command(mac_ctx, cmd, true);
-	if (QDF_STATUS_SUCCESS != status) {
+	if (QDF_STATUS_SUCCESS != status)
 		sme_err("SME enqueue failed, status: %d", status);
-		csr_release_command(mac_ctx, cmd);
-	}
 
 	sme_release_global_lock(&mac_ctx->sme);
 	return status;
@@ -297,7 +293,6 @@ QDF_STATUS sme_ndp_end_req_handler(tHalHandle hal, struct ndp_end_req *req)
 	if (QDF_STATUS_SUCCESS != status) {
 		sme_err("SME enqueue failed, status: %d", status);
 		ret = QDF_STATUS_E_FAILURE;
-		csr_release_command(mac_ctx, cmd);
 	}
 
 	sme_release_global_lock(&mac_ctx->sme);