qcacld-3.0: Protect STA powersave state change

At present the set/get user powersave state to MLME and send
command STA powersave mode to firmware operations are not
protected by lock.
Supplicant thread and hdd_ipv4_notifier_work_queue may have
race condition to access the user powersave flag. In that
case the STA powersave state may out of sync.

Fix by acquire sme lock to protect the powersave state set
sequence.

Change-Id: I76d848ea191f2319d015e0d70efad28f56a57d27
CRs-Fixed: 3342696

core/hdd/src/wlan_hdd_power.c

@@ -683,8 +683,7 @@ out:
 
 #if defined(WLAN_FEATURE_11BE_MLO) && defined(CFG80211_11BE_BASIC)
 static void hdd_send_mlo_ps_to_fw(struct hdd_adapter *adapter,
-				  struct hdd_context *hdd_ctx,
-				  enum sme_ps_cmd command)
+				  struct hdd_context *hdd_ctx)
 {
 	struct hdd_adapter *link_adapter;
 	struct hdd_mlo_adapter_info *mlo_adapter_info;
@@ -695,15 +694,12 @@ static void hdd_send_mlo_ps_to_fw(struct hdd_adapter *adapter,
 		link_adapter = mlo_adapter_info->link_adapter[i];
 		if (!link_adapter)
 			continue;
-		sme_ps_enable_disable(hdd_ctx->mac_handle,
-				      link_adapter->vdev_id,
-				      command);
+		sme_ps_update(hdd_ctx->mac_handle, link_adapter->vdev_id);
 	}
 }
 #else
 static void hdd_send_mlo_ps_to_fw(struct hdd_adapter *adapter,
-				  struct hdd_context *hdd_ctx,
-				  enum sme_ps_cmd command)
+				  struct hdd_context *hdd_ctx)
 {}
 #endif
 
@@ -719,26 +715,21 @@ static void hdd_send_mlo_ps_to_fw(struct hdd_adapter *adapter,
 static void hdd_send_ps_config_to_fw(struct hdd_adapter *adapter)
 {
 	struct hdd_context *hdd_ctx;
-	bool usr_ps_cfg;
-	enum sme_ps_cmd command;
 	bool is_mlo_vdev;
 
 	if (hdd_validate_adapter(adapter))
 		return;
 
 	hdd_ctx = WLAN_HDD_GET_CTX(adapter);
-	usr_ps_cfg = ucfg_mlme_get_user_ps(hdd_ctx->psoc, adapter->vdev_id);
-	command = usr_ps_cfg ? SME_PS_ENABLE : SME_PS_DISABLE;
 
 	is_mlo_vdev = wlan_vdev_mlme_is_mlo_vdev(adapter->vdev);
 
 	if (!is_mlo_vdev) {
-		sme_ps_enable_disable(hdd_ctx->mac_handle, adapter->vdev_id,
-				      command);
+		sme_ps_update(hdd_ctx->mac_handle, adapter->vdev_id);
 		return;
 	}
 
-	hdd_send_mlo_ps_to_fw(adapter, hdd_ctx, command);
+	hdd_send_mlo_ps_to_fw(adapter, hdd_ctx);
 }
 
 /**
@@ -2175,12 +2166,10 @@ err_ctx_null:
 }
 
 int wlan_hdd_set_powersave(struct hdd_adapter *adapter,
-	bool allow_power_save, uint32_t timeout)
+			   bool allow_power_save, uint32_t timeout)
 {
-	mac_handle_t mac_handle;
 	struct hdd_context *hdd_ctx;
-	QDF_STATUS status = QDF_STATUS_SUCCESS;
-	bool is_bmps_enabled;
+	QDF_STATUS status;
 	struct hdd_station_ctx *hdd_sta_ctx = NULL;
 
 	if (!adapter) {
@@ -2200,85 +2189,17 @@ int wlan_hdd_set_powersave(struct hdd_adapter *adapter,
 		return -EINVAL;
 	}
 
-	hdd_debug("Allow power save: %d", allow_power_save);
-	mac_handle = hdd_ctx->mac_handle;
-
-	/*
-	 * This is a workaround for defective AP's that send a disassoc
-	 * immediately after WPS connection completes. Defer powersave by a
-	 * small amount if the affected AP is detected.
-	 */
-	if (allow_power_save &&
-	    adapter->device_mode == QDF_STA_MODE &&
-	    !adapter->session.station.ap_supports_immediate_power_save) {
-		timeout = AUTO_PS_DEFER_TIMEOUT_MS;
-		hdd_debug("Defer power-save due to AP spec non-conformance");
-	}
-
-	if (allow_power_save) {
-		if (QDF_STA_MODE == adapter->device_mode ||
-		    QDF_P2P_CLIENT_MODE == adapter->device_mode) {
-			hdd_debug("Disabling Auto Power save timer");
-			status = sme_ps_disable_auto_ps_timer(mac_handle,
-						adapter->vdev_id);
-			if (status != QDF_STATUS_SUCCESS)
-				goto end;
-		}
-
-		ucfg_mlme_is_bmps_enabled(hdd_ctx->psoc, &is_bmps_enabled);
-		if (is_bmps_enabled) {
-			hdd_debug("Wlan driver Entering Power save");
-
-			/*
-			 * Enter Power Save command received from GUI
-			 * this means DHCP is completed
-			 */
-			if (timeout) {
-				status = sme_ps_enable_auto_ps_timer(mac_handle,
-							    adapter->vdev_id,
-							    timeout);
-				if (status != QDF_STATUS_SUCCESS)
-					goto end;
-			} else {
-				status = sme_ps_enable_disable(mac_handle,
-						adapter->vdev_id,
-						SME_PS_ENABLE);
-				if (status != QDF_STATUS_SUCCESS)
-					goto end;
-			}
-		} else {
-			hdd_debug("Power Save is not enabled in the cfg");
-		}
-	} else {
-		hdd_debug("Wlan driver Entering Full Power");
-
-		/*
-		 * Enter Full power command received from GUI
-		 * this means we are disconnected
-		 */
-		status = sme_ps_disable_auto_ps_timer(mac_handle,
-					adapter->vdev_id);
-
-		if (status != QDF_STATUS_SUCCESS)
-			goto end;
-
-		ucfg_mlme_is_bmps_enabled(hdd_ctx->psoc, &is_bmps_enabled);
-		if (is_bmps_enabled) {
-			status = sme_ps_enable_disable(mac_handle,
-						       adapter->vdev_id,
-						       SME_PS_DISABLE);
-			if (status != QDF_STATUS_SUCCESS)
-				goto end;
-		}
-
-		if (adapter->device_mode == QDF_STA_MODE) {
+	status = sme_ps_set_powersave(
+		hdd_ctx->mac_handle, adapter->vdev_id,
+		allow_power_save, timeout,
+		hdd_sta_ctx->ap_supports_immediate_power_save);
+	if (!allow_power_save) {
+		if (adapter->device_mode == QDF_STA_MODE)
 			hdd_twt_del_dialog_in_ps_disable(hdd_ctx,
 						&hdd_sta_ctx->conn_info.bssid,
 						adapter->vdev_id);
-		}
 	}
 
-end:
 	return qdf_status_to_os_return(status);
 }
 
@@ -2889,9 +2810,6 @@ static int wlan_hdd_set_ps(struct wlan_objmgr_psoc *psoc,
 {
 	int status;
 
-	ucfg_mlme_set_user_ps(psoc, adapter->vdev_id,
-			      allow_power_save);
-
 	status = wlan_hdd_set_powersave(adapter, allow_power_save, timeout);
 
 	if (!hdd_cm_is_vdev_associated(adapter)) {

core/hdd/src/wlan_hdd_wext.c

@@ -3423,15 +3423,13 @@ static int hdd_we_set_power(struct hdd_adapter *adapter, int value)
 	switch (value) {
 	case 1:
 		/* Enable PowerSave */
-		ucfg_mlme_set_user_ps(hdd_ctx->psoc, adapter->vdev_id, true);
-		sme_ps_enable_disable(mac_handle, adapter->vdev_id,
-				      SME_PS_ENABLE);
+		sme_ps_set_powersave(hdd_ctx->mac_handle, adapter->vdev_id,
+				     true, 0, true);
 		return 0;
 	case 2:
 		/* Disable PowerSave */
-		sme_ps_enable_disable(mac_handle, adapter->vdev_id,
-				      SME_PS_DISABLE);
-		ucfg_mlme_set_user_ps(hdd_ctx->psoc, adapter->vdev_id, false);
+		sme_ps_set_powersave(hdd_ctx->mac_handle, adapter->vdev_id,
+				     false, 0, true);
 		return 0;
 	case 3:
 		/* Enable UASPD */

core/sme/inc/sme_power_save_api.h

@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2015-2021 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -41,6 +42,30 @@ QDF_STATUS sme_ps_process_command(struct mac_context *mac_ctx,
 				  uint32_t session_id,
 				  enum sme_ps_cmd command);
 
+/**
+ * sme_ps_set_powersave(): Set powersave state
+ * @mac_handle: Opaque handle to the global MAC context
+ * @vdev_id:    vdev Id
+ * @allow_power_save: allow powersave or not
+ * @timeout:    timeout period in ms
+ * @ap_supports_immediate_power_save: ap support immediate powersave
+ *
+ * Returns: QDF_STATUS
+ */
+QDF_STATUS sme_ps_set_powersave(mac_handle_t mac_handle,
+				uint8_t vdev_id, bool allow_power_save,
+				uint32_t timeout,
+				bool ap_supports_immediate_power_save);
+
+/**
+ * sme_ps_update(): Update current powersave state to target
+ * @mac_handle: Opaque handle to the global MAC context
+ * @vdev_id:    vdev Id
+ *
+ * Returns: QDF_STATUS
+ */
+QDF_STATUS sme_ps_update(mac_handle_t mac_handle, uint32_t vdev_id);
+
 void sme_set_tspec_uapsd_mask_per_session(struct mac_context *mac_ctx,
 					  struct mac_ts_info *ts_info,
 					  uint8_t session_id);

core/sme/src/common/sme_power_save.c

@@ -372,9 +372,15 @@ QDF_STATUS sme_enable_sta_ps_check(struct mac_context *mac_ctx,
 QDF_STATUS sme_ps_enable_disable(mac_handle_t mac_handle, uint32_t session_id,
 				 enum sme_ps_cmd command)
 {
-	QDF_STATUS status = QDF_STATUS_E_FAILURE;
+	QDF_STATUS status;
 	struct mac_context *mac_ctx = MAC_CONTEXT(mac_handle);
 
+	status = sme_acquire_global_lock(&mac_ctx->sme);
+	if (QDF_IS_STATUS_ERROR(status)) {
+		sme_err("can't acquire sme global lock");
+		return status;
+	}
+
 	status =  sme_enable_sta_ps_check(mac_ctx, session_id, command);
 	if (status != QDF_STATUS_SUCCESS) {
 		/*
@@ -384,9 +390,132 @@ QDF_STATUS sme_ps_enable_disable(mac_handle_t mac_handle, uint32_t session_id,
 		 */
 		if (!cm_is_vdevid_connected(mac_ctx->pdev, session_id))
 			status = QDF_STATUS_SUCCESS;
+		sme_release_global_lock(&mac_ctx->sme);
 		return status;
 	}
 	status = sme_ps_process_command(mac_ctx, session_id, command);
+	sme_release_global_lock(&mac_ctx->sme);
+
+	return status;
+}
+
+QDF_STATUS sme_ps_update(mac_handle_t mac_handle, uint32_t vdev_id)
+{
+	struct mac_context *mac_ctx = MAC_CONTEXT(mac_handle);
+	QDF_STATUS status;
+	bool usr_ps_cfg;
+	enum sme_ps_cmd command;
+
+	status = sme_acquire_global_lock(&mac_ctx->sme);
+	if (QDF_IS_STATUS_ERROR(status)) {
+		sme_err("can't acquire sme global lock");
+		return status;
+	}
+	usr_ps_cfg = mlme_get_user_ps(mac_ctx->psoc, vdev_id);
+	command = usr_ps_cfg ? SME_PS_ENABLE : SME_PS_DISABLE;
+	sme_debug("Allow power save %d vdev %d",
+		  usr_ps_cfg, vdev_id);
+	status = sme_ps_enable_disable(mac_handle, vdev_id, command);
+	sme_release_global_lock(&mac_ctx->sme);
+
+	return status;
+}
+
+QDF_STATUS sme_ps_set_powersave(mac_handle_t mac_handle,
+				uint8_t vdev_id, bool allow_power_save,
+				uint32_t timeout,
+				bool ap_supports_immediate_power_save)
+{
+	struct mac_context *mac_ctx = MAC_CONTEXT(mac_handle);
+	QDF_STATUS status;
+	bool is_bmps_enabled;
+	enum QDF_OPMODE device_mode;
+
+	status = sme_acquire_global_lock(&mac_ctx->sme);
+	if (QDF_IS_STATUS_ERROR(status)) {
+		sme_err("can't acquire sme global lock");
+		return status;
+	}
+	sme_debug("Allow power save %d vdev %d timeout %d imm ps %d",
+		  allow_power_save, vdev_id, timeout,
+		  ap_supports_immediate_power_save);
+
+	mlme_set_user_ps(mac_ctx->psoc, vdev_id, allow_power_save);
+	/*
+	 * This is a workaround for defective AP's that send a disassoc
+	 * immediately after WPS connection completes. Defer powersave by a
+	 * small amount if the affected AP is detected.
+	 */
+	device_mode = wlan_get_opmode_from_vdev_id(mac_ctx->pdev, vdev_id);
+	if (allow_power_save &&
+	    device_mode == QDF_STA_MODE &&
+	    !ap_supports_immediate_power_save) {
+		timeout = AUTO_PS_DEFER_TIMEOUT_MS;
+		sme_debug("Defer power-save due to AP spec non-conformance");
+	}
+
+	if (allow_power_save) {
+		if (device_mode == QDF_STA_MODE ||
+		    device_mode == QDF_P2P_CLIENT_MODE) {
+			sme_debug("Disabling Auto Power save timer");
+			status = sme_ps_disable_auto_ps_timer(
+				mac_handle, vdev_id);
+			if (status != QDF_STATUS_SUCCESS)
+				goto end;
+		}
+
+		wlan_mlme_is_bmps_enabled(mac_ctx->psoc, &is_bmps_enabled);
+		if (is_bmps_enabled) {
+			sme_debug("Wlan driver Entering Power save");
+
+			/*
+			 * Enter Power Save command received from GUI
+			 * this means DHCP is completed
+			 */
+			if (timeout) {
+				status = sme_ps_enable_auto_ps_timer(
+								mac_handle,
+								vdev_id,
+								timeout);
+				if (status != QDF_STATUS_SUCCESS)
+					goto end;
+			} else {
+				status = sme_ps_enable_disable(
+							mac_handle,
+							vdev_id,
+							SME_PS_ENABLE);
+				if (status != QDF_STATUS_SUCCESS)
+					goto end;
+			}
+		} else {
+			sme_debug("Power Save is not enabled in the cfg");
+		}
+	} else {
+		sme_debug("Wlan driver Entering Full Power");
+
+		/*
+		 * Enter Full power command received from GUI
+		 * this means we are disconnected
+		 */
+		status = sme_ps_disable_auto_ps_timer(mac_handle,
+						      vdev_id);
+
+		if (status != QDF_STATUS_SUCCESS)
+			goto end;
+
+		wlan_mlme_is_bmps_enabled(mac_ctx->psoc, &is_bmps_enabled);
+		if (is_bmps_enabled) {
+			status = sme_ps_enable_disable(mac_handle,
+						       vdev_id,
+						       SME_PS_DISABLE);
+			if (status != QDF_STATUS_SUCCESS)
+				goto end;
+		}
+	}
+
+end:
+	sme_release_global_lock(&mac_ctx->sme);
+
 	return status;
 }
 
@@ -403,24 +532,35 @@ QDF_STATUS sme_ps_timer_flush_sync(mac_handle_t mac_handle, uint8_t session_id)
 	if (session_id >= WLAN_MAX_VDEVS)
 		return QDF_STATUS_E_INVAL;
 
+	status = sme_acquire_global_lock(&mac_ctx->sme);
+	if (QDF_IS_STATUS_ERROR(status)) {
+		sme_err("can't acquire sme global lock");
+		return status;
+	}
+
 	status = sme_enable_sta_ps_check(mac_ctx, session_id, SME_PS_ENABLE);
 	if (QDF_IS_STATUS_ERROR(status)) {
 		sme_debug("Power save not allowed for vdev id %d", session_id);
-		return QDF_STATUS_SUCCESS;
+		status = QDF_STATUS_SUCCESS;
+		goto end;
 	}
 
 	ps_parm = &mac_ctx->sme.ps_global_info.ps_params[session_id];
 	tstate = qdf_mc_timer_get_current_state(&ps_parm->auto_ps_enable_timer);
-	if (tstate != QDF_TIMER_STATE_RUNNING)
-		return QDF_STATUS_SUCCESS;
+	if (tstate != QDF_TIMER_STATE_RUNNING) {
+		status = QDF_STATUS_SUCCESS;
+		goto end;
+	}
 
 	sme_debug("flushing powersave enable for vdev %u", session_id);
 
 	qdf_mc_timer_stop(&ps_parm->auto_ps_enable_timer);
 
 	req = qdf_mem_malloc(sizeof(*req));
-	if (!req)
-		return QDF_STATUS_E_NOMEM;
+	if (!req) {
+		status = QDF_STATUS_E_NOMEM;
+		goto end;
+	}
 
 	if (ps_parm->uapsd_per_ac_bit_mask) {
 		req->psSetting = eSIR_ADDON_ENABLE_UAPSD;
@@ -438,8 +578,10 @@ QDF_STATUS sme_ps_timer_flush_sync(mac_handle_t mac_handle, uint8_t session_id)
 	qdf_mem_free(req);
 
 	ps_parm->ps_state = ps_state;
+end:
+	sme_release_global_lock(&mac_ctx->sme);
 
-	return QDF_STATUS_SUCCESS;
+	return status;
 }
 
 /**
@@ -852,6 +994,12 @@ void sme_auto_ps_entry_timer_expired(void *data)
 		sme_err("mac_ctx is NULL");
 		return;
 	}
+	status = sme_acquire_global_lock(&mac_ctx->sme);
+	if (QDF_IS_STATUS_ERROR(status)) {
+		sme_err("can't acquire sme global lock");
+		return;
+	}
+
 	session_id = ps_params->session_id;
 	sme_debug("auto_ps_timer expired, enabling powersave");
 
@@ -859,6 +1007,7 @@ void sme_auto_ps_entry_timer_expired(void *data)
 	if (QDF_STATUS_SUCCESS == status)
 		sme_ps_enable_disable(MAC_HANDLE(mac_ctx), session_id,
 				      SME_PS_ENABLE);
+	sme_release_global_lock(&mac_ctx->sme);
 }
 
 QDF_STATUS sme_ps_close(mac_handle_t mac_handle)