qcacld-3.0: Release PEER's timer memory before removing it from table

SAP DUT allocates SA query timer for each STA-PEER which gets associated
to DUT. When STA-PEER walks out or gets disassociated, SAP DUT releases
this timer memory through PEER clean-up process but in few corner cases
it is observed that STA-PEER left uncleaned.

In such cases ideally when SAP session goes away, SAP state-machine
should check any left out memory and clean it up through
lim_cleanup_mlm() but this API check for own session validity and
own session has been marked as invalid before even calling this API.
Due to which timer memory leaks.

Fix the situation by deleting the timer before marking own session as
invalid.

In some cases, for some reasons PEER delete sta request couldn't send to
FW then memory associated with delete sta request needs to be freed.
If status is failure and del sta response is not required then silently
release the memory.

CRs-Fixed: 2124293
Change-Id: I082c771bbee6d083b15515dd2e40ed9a27e0a9a1

core/mac/src/pe/lim/lim_send_sme_rsp_messages.c

@@ -2277,6 +2277,52 @@ err:
 	qdf_mem_free(csa_params);
 }
 
+#ifdef WLAN_FEATURE_11W
+/**
+ * lim_del_pmf_sa_query_timer() - This function deletes SA query timer
+ * @mac_ctx: pointer to mac context
+ * @pe_session: pointer to PE session
+ *
+ * This API is to delete the PMF SA query timer created for each associated STA
+ *
+ * Return: none
+ */
+static void
+lim_del_pmf_sa_query_timer(tpAniSirGlobal mac_ctx, tpPESession pe_session)
+{
+	uint32_t associated_sta;
+	tpDphHashNode sta_ds = NULL;
+
+	for (associated_sta = 1;
+	     associated_sta < mac_ctx->lim.gLimAssocStaLimit;
+	     associated_sta++) {
+		sta_ds = dph_get_hash_entry(mac_ctx, associated_sta,
+					    &pe_session->dph.dphHashTable);
+		if (NULL == sta_ds)
+			continue;
+
+		pe_err("Deleting pmfSaQueryTimer for staid: %d",
+			sta_ds->staIndex);
+		tx_timer_deactivate(&sta_ds->pmfSaQueryTimer);
+		tx_timer_delete(&sta_ds->pmfSaQueryTimer);
+	}
+}
+#else
+/**
+ * lim_del_pmf_sa_query_timer() - This function deletes SA query timer
+ * @mac_ctx: pointer to mac context
+ * @pe_session: pointer to PE session
+ *
+ * This API is to delete the PMF SA query timer created for each associated STA
+ *
+ * Return: none
+ */
+static void
+lim_del_pmf_sa_query_timer(tpAniSirGlobal mac_ctx, tpPESession pe_session)
+{
+}
+#endif
+
 /*--------------------------------------------------------------------------
    \brief pe_delete_session() - Handle the Delete BSS Response from HAL.
 
@@ -2299,6 +2345,19 @@ void lim_handle_delete_bss_rsp(tpAniSirGlobal pMac, struct scheduler_msg *MsgQ)
 		qdf_mem_free(MsgQ->bodyptr);
 		return;
 	}
+
+	/*
+	 * If for some reasons PEERs who are associated to SAP DUT can't get
+	 * clean-up then here is the chance to release any left out memory.
+	 *
+	 * One of the memory, driver assign to PEER is PMF SA query timer.
+	 * Release it before calling del bss response handling API.
+	 *
+	 */
+	if (LIM_IS_AP_ROLE(psessionEntry) &&
+	    (psessionEntry->statypeForBss == STA_ENTRY_SELF))
+		lim_del_pmf_sa_query_timer(pMac, psessionEntry);
+
 	/*
 	 * During DEL BSS handling, the PE Session will be deleted, but it is
 	 * better to clear this flag if the session is hanging around due

core/mac/src/pe/lim/lim_utils.c

@@ -550,39 +550,6 @@ tSirRetStatus lim_init_mlm(tpAniSirGlobal pMac)
 	return eSIR_SUCCESS;
 } /*** end lim_init_mlm() ***/
 
-#ifdef WLAN_FEATURE_11W
-/**
- * lim_deactivate_del_sta() - This function deactivate/delete associates STA
- * @mac_ctx: pointer to Global Mac Structure
- * @bss_entry: index for bss_entry
- * @psession_entry: pointer to session entry
- * @sta_ds: pointer to tpDphHashNode
- *
- * Function deactivate/delete associates STA
- *
- * Return: none
- */
-static void lim_deactivate_del_sta(tpAniSirGlobal mac_ctx, uint32_t bss_entry,
-		tpPESession psession_entry, tpDphHashNode sta_ds)
-{
-	uint32_t sta_entry;
-
-	for (sta_entry = 1; sta_entry < mac_ctx->lim.gLimAssocStaLimit;
-				sta_entry++) {
-		psession_entry = &mac_ctx->lim.gpSession[bss_entry];
-		sta_ds = dph_get_hash_entry(mac_ctx, sta_entry,
-					&psession_entry->dph.dphHashTable);
-		if (NULL == sta_ds)
-			continue;
-
-		pe_err("Deleting pmfSaQueryTimer for staid: %d",
-				sta_ds->staIndex);
-		tx_timer_deactivate(&sta_ds->pmfSaQueryTimer);
-		tx_timer_delete(&sta_ds->pmfSaQueryTimer);
-	}
-}
-#endif
-
 void lim_deactivate_timers(tpAniSirGlobal mac_ctx)
 {
 	uint32_t n;
@@ -663,11 +630,6 @@ void lim_cleanup_mlm(tpAniSirGlobal mac_ctx)
 {
 	uint32_t n;
 	tLimPreAuthNode **pAuthNode;
-#ifdef WLAN_FEATURE_11W
-	uint32_t bss_entry;
-	tpDphHashNode sta_ds = NULL;
-	tpPESession psession_entry = NULL;
-#endif
 	tLimTimers *lim_timer = NULL;
 
 	if (mac_ctx->lim.gLimTimersCreated == 1) {
@@ -739,21 +701,6 @@ void lim_cleanup_mlm(tpAniSirGlobal mac_ctx)
 
 		mac_ctx->lim.gLimTimersCreated = 0;
 	}
-#ifdef WLAN_FEATURE_11W
-	/*
-	 * When SSR is triggered, we need to loop through
-	 * each STA associated per BSSId and deactivate/delete
-	 * the pmfSaQueryTimer for it
-	 */
-	for (bss_entry = 0; bss_entry < mac_ctx->lim.maxBssId;
-					bss_entry++) {
-		if (!mac_ctx->lim.gpSession[bss_entry].valid)
-			continue;
-		lim_deactivate_del_sta(mac_ctx, bss_entry,
-				psession_entry, sta_ds);
-	}
-#endif
-
 } /*** end lim_cleanup_mlm() ***/
 
 /**

core/wma/src/wma_dev_if.c

@@ -4855,6 +4855,11 @@ void wma_delete_sta(tp_wma_handle wma, tpDeleteStaParams del_sta)
 			WMA_LOGD(FL("vdev_id %d status %d"),
 				 del_sta->smesessionId, del_sta->status);
 			qdf_mem_free(del_sta);
+		} else if (!rsp_requested &&
+				(del_sta->status != QDF_STATUS_SUCCESS)) {
+			WMA_LOGD(FL("Release del_sta mem vdev_id %d status %d"),
+				 del_sta->smesessionId, del_sta->status);
+			qdf_mem_free(del_sta);
 		}
 		break;
 	case BSS_OPERATIONAL_MODE_NDI: