From fbf643a4fc8f31bc3b4cf1990036a7fc01ab2c49 Mon Sep 17 00:00:00 2001
From: wadesong <wadesong@codeaurora.org>
Date: Sat, 14 Oct 2017 09:11:34 +0800
Subject: [PATCH] qcacmn: Fix a memory leak in HTC tx bundle packet allocation

When HTC_PACKETs are allocated for bundle tx, netbuf and bundle
queue will also be allocated and stored in the context of
HTC_PACKET, but these two structures are not freed when the
bundle HTC_PACKETs are removed from pBundleFreeList and freed.

Retrieve the netbuf and bundle queue pointers from HTC_PACKET
context and free them when HTC_PACKET is freed.

Change-Id: I61d9eb18027b12f8b9491c696e4e16d793edf0d2
CRs-Fixed: 2127098
---
 htc/htc.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/htc/htc.c b/htc/htc.c
index 79e5da0348..453dd15c70 100644
--- a/htc/htc.c
+++ b/htc/htc.c
@@ -144,6 +144,8 @@ static void htc_cleanup(HTC_TARGET *target)
 	HTC_PACKET *pPacket;
 	int i;
 	HTC_ENDPOINT *endpoint;
+	HTC_PACKET_QUEUE *pkt_queue;
+	qdf_nbuf_t netbuf;
 
 	if (target->hif_dev != NULL) {
 		hif_detach_htc(target->hif_dev);
@@ -158,13 +160,22 @@ static void htc_cleanup(HTC_TARGET *target)
 		qdf_mem_free(pPacket);
 	}
 
+	LOCK_HTC_TX(target);
 	pPacket = target->pBundleFreeList;
+	target->pBundleFreeList = NULL;
+	UNLOCK_HTC_TX(target);
 	while (pPacket) {
 		HTC_PACKET *pPacketTmp = (HTC_PACKET *) pPacket->ListLink.pNext;
-
+		netbuf = GET_HTC_PACKET_NET_BUF_CONTEXT(pPacket);
+		if (netbuf)
+			qdf_nbuf_free(netbuf);
+		pkt_queue = pPacket->pContext;
+		if (pkt_queue)
+			qdf_mem_free(pkt_queue);
 		qdf_mem_free(pPacket);
 		pPacket = pPacketTmp;
 	}
+
 #ifdef TODO_FIXME
 	while (true) {
 		pPacket = htc_alloc_control_tx_packet(target);
@@ -609,7 +620,9 @@ QDF_STATUS htc_wait_target(HTC_HANDLE HTCHandle)
 
 				temp_bundle_packet = rx_bundle_packet;
 			}
+			LOCK_HTC_TX(target);
 			target->pBundleFreeList = temp_bundle_packet;
+			UNLOCK_HTC_TX(target);
 		}
 
 		/* done processing */