qcacmn: Fix possible NULL pointer dereference

In son_ol_send_null(), check for the return value of
GET_WMI_HDL_FROM_PSOC() before using it.

Also, pass argument of type wmi_unified_t in calls
to wmi_unified_stats_request_send().

Change-Id: Idfedae2fcbde6d18b1829adefcabac0adbc55859
CRs-Fixed: 2371368

target_if/son/src/target_if_son.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2017-2019 The Linux Foundation. All rights reserved.
  *
  *
  * Permission to use, copy, modify, and/or distribute this software for
@@ -49,17 +49,20 @@ QDF_STATUS son_ol_send_null(struct wlan_objmgr_pdev *pdev,
 {
 	struct stats_request_params param = {0};
 	struct wlan_objmgr_psoc *psoc = NULL;
+	wmi_unified_t wmi_handle;
 
 	psoc = wlan_pdev_get_psoc(pdev);
-
 	if (!psoc)
 		return QDF_STATUS_E_FAILURE;
 
 	param.vdev_id = wlan_vdev_get_id(vdev);
 	param.stats_id = WMI_HOST_REQUEST_INST_STAT;
 
-	return wmi_unified_stats_request_send(GET_WMI_HDL_FROM_PSOC(psoc),
-					macaddr, &param);
+	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
+	if (!wmi_handle)
+		return QDF_STATUS_E_FAILURE;
+
+	return wmi_unified_stats_request_send(wmi_handle, macaddr, &param);
 }
 
 int son_ol_lmac_create(struct wlan_objmgr_pdev *pdev)

wmi/inc/wmi_unified_api.h

@@ -521,9 +521,9 @@ QDF_STATUS wmi_set_peer_param_send(void *wmi_hdl,
 QDF_STATUS wmi_unified_peer_create_send(void *wmi_hdl,
 					struct peer_create_params *param);
 
-QDF_STATUS wmi_unified_stats_request_send(void *wmi_hdl,
-				uint8_t macaddr[IEEE80211_ADDR_LEN],
-				struct stats_request_params *param);
+QDF_STATUS wmi_unified_stats_request_send(wmi_unified_t wmi_handle,
+					  uint8_t macaddr[IEEE80211_ADDR_LEN],
+					  struct stats_request_params *param);
 
 QDF_STATUS wmi_unified_green_ap_ps_send(void *wmi_hdl,
 					uint32_t value, uint8_t pdev_id);
@@ -859,10 +859,6 @@ wmi_extract_apf_read_memory_resp_event(wmi_unified_t wmi, void *evt_buf,
 								*read_mem_evt);
 #endif /* FEATURE_WLAN_APF */
 
-QDF_STATUS wmi_unified_stats_request_send(void *wmi_hdl,
-				uint8_t macaddr[IEEE80211_ADDR_LEN],
-				struct stats_request_params *param);
-
 QDF_STATUS wmi_send_get_user_position_cmd(void *wmi_hdl, uint32_t value);
 
 QDF_STATUS wmi_send_get_peer_mumimo_tx_count_cmd(void *wmi_hdl, uint32_t value);

wmi/src/wmi_unified_api.c

@@ -681,12 +681,10 @@ QDF_STATUS wmi_unified_sifs_trigger_send(void *wmi_hdl,
  *
  *  Return: QDF_STATUS_SUCCESS on success and QDF_STATUS_E_FAILURE for failure
  */
-QDF_STATUS wmi_unified_stats_request_send(void *wmi_hdl,
-				uint8_t macaddr[IEEE80211_ADDR_LEN],
-				struct stats_request_params *param)
+QDF_STATUS wmi_unified_stats_request_send(wmi_unified_t wmi_handle,
+					  uint8_t macaddr[IEEE80211_ADDR_LEN],
+					  struct stats_request_params *param)
 {
-	wmi_unified_t wmi_handle = (wmi_unified_t) wmi_hdl;
-
 	if (wmi_handle->ops->send_stats_request_cmd)
 		return wmi_handle->ops->send_stats_request_cmd(wmi_handle,
 				   macaddr, param);