qcacmn: Avoid possible NULL dereference

Avoid possible NULL dereference in function
tdls_get_all_peers_from_list.

Change-Id: I0d7dce6b8cabf5b8cee4429dbc2d5e64f1f32ce8
CRs-Fixed: 2311960

umac/tdls/core/src/wlan_tdls_ct.h

@@ -209,7 +209,7 @@ QDF_STATUS tdls_delete_all_tdls_peers(struct wlan_objmgr_vdev *vdev,
 /**
  * tdls_set_tdls_offchannel() - set tdls off-channel number
  * @tdls_soc: tdls soc object
- * @offchanmode: tdls off-channel number
+ * @offchannel: tdls off-channel number
  *
  * This function sets tdls off-channel number
  *
@@ -221,7 +221,7 @@ int tdls_set_tdls_offchannel(struct tdls_soc_priv_obj *tdls_soc,
 /**
  * tdls_set_tdls_offchannelmode() - set tdls off-channel mode
  * @adapter: Pointer to the HDD adapter
- * @offchannel: tdls off-channel mode
+ * @offchanmode: tdls off-channel mode
  *
  * This function sets tdls off-channel mode
  *

umac/tdls/core/src/wlan_tdls_main.c

@@ -254,6 +254,110 @@ QDF_STATUS tdls_vdev_obj_destroy_notification(struct wlan_objmgr_vdev *vdev,
 	return status;
 }
 
+/**
+ * __tdls_get_all_peers_from_list() - get all the tdls peers from the list
+ * @get_tdls_peers: get_tdls_peers object
+ *
+ * Return: int
+ */
+static int __tdls_get_all_peers_from_list(
+			struct tdls_get_all_peers *get_tdls_peers)
+{
+	int i;
+	int len, init_len;
+	qdf_list_t *head;
+	qdf_list_node_t *p_node;
+	struct tdls_peer *curr_peer;
+	char *buf;
+	int buf_len;
+	struct tdls_vdev_priv_obj *tdls_vdev;
+	QDF_STATUS status;
+
+	tdls_notice("Enter ");
+
+	buf = get_tdls_peers->buf;
+	buf_len = get_tdls_peers->buf_len;
+
+	if (!tdls_is_vdev_connected(get_tdls_peers->vdev)) {
+		len = qdf_scnprintf(buf, buf_len,
+				"\nSTA is not associated\n");
+		return len;
+	}
+
+	tdls_vdev = wlan_vdev_get_tdls_vdev_obj(get_tdls_peers->vdev);
+
+	if (!tdls_vdev) {
+		len = qdf_scnprintf(buf, buf_len, "TDLS not enabled\n");
+		return len;
+	}
+
+	init_len = buf_len;
+	len = qdf_scnprintf(buf, buf_len,
+			"\n%-18s%-3s%-4s%-3s%-5s\n",
+			"MAC", "Id", "cap", "up", "RSSI");
+	buf += len;
+	buf_len -= len;
+	len = qdf_scnprintf(buf, buf_len,
+			    "---------------------------------\n");
+	buf += len;
+	buf_len -= len;
+
+	for (i = 0; i < WLAN_TDLS_PEER_LIST_SIZE; i++) {
+		head = &tdls_vdev->peer_list[i];
+		status = qdf_list_peek_front(head, &p_node);
+		while (QDF_IS_STATUS_SUCCESS(status)) {
+			curr_peer = qdf_container_of(p_node,
+						     struct tdls_peer, node);
+			if (buf_len < 32 + 1)
+				break;
+			len = qdf_scnprintf(buf, buf_len,
+				QDF_MAC_ADDR_STR "%3d%4s%3s%5d\n",
+				QDF_MAC_ADDR_ARRAY(curr_peer->peer_mac.bytes),
+				curr_peer->sta_id,
+				(curr_peer->tdls_support ==
+				 TDLS_CAP_SUPPORTED) ? "Y" : "N",
+				TDLS_IS_LINK_CONNECTED(curr_peer) ? "Y" :
+				"N", curr_peer->rssi);
+			buf += len;
+			buf_len -= len;
+			status = qdf_list_peek_next(head, p_node, &p_node);
+		}
+	}
+
+	tdls_notice("Exit ");
+	return init_len - buf_len;
+}
+
+/**
+ * tdls_get_all_peers_from_list() - get all the tdls peers from the list
+ * @get_tdls_peers: get_tdls_peers object
+ *
+ * Return: None
+ */
+static void tdls_get_all_peers_from_list(
+			struct tdls_get_all_peers *get_tdls_peers)
+{
+	int32_t len;
+	struct tdls_soc_priv_obj *tdls_soc_obj;
+	struct tdls_osif_indication indication;
+
+	if (!get_tdls_peers->vdev) {
+		qdf_mem_free(get_tdls_peers);
+		return;
+	}
+	len = __tdls_get_all_peers_from_list(get_tdls_peers);
+
+	indication.status = len;
+	indication.vdev = get_tdls_peers->vdev;
+
+	tdls_soc_obj = wlan_vdev_get_tdls_soc_obj(get_tdls_peers->vdev);
+	if (tdls_soc_obj && tdls_soc_obj->tdls_event_cb)
+		tdls_soc_obj->tdls_event_cb(tdls_soc_obj->tdls_evt_cb_data,
+			TDLS_EVENT_USER_CMD, &indication);
+
+	qdf_mem_free(get_tdls_peers);
+}
+
 QDF_STATUS tdls_process_cmd(struct scheduler_msg *msg)
 {
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
@@ -1004,97 +1108,6 @@ static void tdls_process_reset_adapter(struct wlan_objmgr_vdev *vdev)
 	tdls_timers_stop(tdls_vdev);
 }
 
-static int __tdls_get_all_peers_from_list(
-			struct tdls_get_all_peers *get_tdls_peers)
-{
-	int i;
-	int len, init_len;
-	qdf_list_t *head;
-	qdf_list_node_t *p_node;
-	struct tdls_peer *curr_peer;
-	char *buf;
-	int buf_len;
-	struct tdls_vdev_priv_obj *tdls_vdev;
-	QDF_STATUS status;
-
-	tdls_notice("Enter ");
-
-	buf = get_tdls_peers->buf;
-	buf_len = get_tdls_peers->buf_len;
-
-	if (!tdls_is_vdev_connected(get_tdls_peers->vdev)) {
-		len = qdf_scnprintf(buf, buf_len,
-				"\nSTA is not associated\n");
-		return len;
-	}
-
-	tdls_vdev = wlan_vdev_get_tdls_vdev_obj(get_tdls_peers->vdev);
-
-	if (!tdls_vdev) {
-		len = qdf_scnprintf(buf, buf_len, "TDLS not enabled\n");
-		return len;
-	}
-
-	init_len = buf_len;
-	len = qdf_scnprintf(buf, buf_len,
-			"\n%-18s%-3s%-4s%-3s%-5s\n",
-			"MAC", "Id", "cap", "up", "RSSI");
-	buf += len;
-	buf_len -= len;
-	len = qdf_scnprintf(buf, buf_len,
-			    "---------------------------------\n");
-	buf += len;
-	buf_len -= len;
-
-	for (i = 0; i < WLAN_TDLS_PEER_LIST_SIZE; i++) {
-		head = &tdls_vdev->peer_list[i];
-		status = qdf_list_peek_front(head, &p_node);
-		while (QDF_IS_STATUS_SUCCESS(status)) {
-			curr_peer = qdf_container_of(p_node,
-						     struct tdls_peer, node);
-			if (buf_len < 32 + 1)
-				break;
-			len = qdf_scnprintf(buf, buf_len,
-				QDF_MAC_ADDR_STR "%3d%4s%3s%5d\n",
-				QDF_MAC_ADDR_ARRAY(curr_peer->peer_mac.bytes),
-				curr_peer->sta_id,
-				(curr_peer->tdls_support ==
-				 TDLS_CAP_SUPPORTED) ? "Y" : "N",
-				TDLS_IS_LINK_CONNECTED(curr_peer) ? "Y" :
-				"N", curr_peer->rssi);
-			buf += len;
-			buf_len -= len;
-			status = qdf_list_peek_next(head, p_node, &p_node);
-		}
-	}
-
-	tdls_notice("Exit ");
-	return init_len - buf_len;
-}
-
-void tdls_get_all_peers_from_list(
-			struct tdls_get_all_peers *get_tdls_peers)
-{
-	int32_t len;
-	struct tdls_soc_priv_obj *tdls_soc_obj;
-	struct tdls_osif_indication indication;
-
-	if (!get_tdls_peers->vdev)
-		qdf_mem_free(get_tdls_peers);
-
-	len = __tdls_get_all_peers_from_list(get_tdls_peers);
-
-	indication.status = len;
-	indication.vdev = get_tdls_peers->vdev;
-
-	tdls_soc_obj = wlan_vdev_get_tdls_soc_obj(get_tdls_peers->vdev);
-	if (tdls_soc_obj && tdls_soc_obj->tdls_event_cb)
-		tdls_soc_obj->tdls_event_cb(tdls_soc_obj->tdls_evt_cb_data,
-			TDLS_EVENT_USER_CMD, &indication);
-
-	qdf_mem_free(get_tdls_peers);
-}
-
 void tdls_notify_reset_adapter(struct wlan_objmgr_vdev *vdev)
 {
 	if (!vdev) {

umac/tdls/core/src/wlan_tdls_main.h

@@ -573,16 +573,6 @@ QDF_STATUS tdls_notify_sta_connect(struct tdls_sta_notify_params *notify);
  */
 QDF_STATUS tdls_notify_sta_disconnect(struct tdls_sta_notify_params *notify);
 
-
-/**
- * tdls_get_all_peers_from_list() - get all the tdls peers from the list
- * @get_tdls_peers: get_tdls_peers object
- *
- * Return: None
- */
-void tdls_get_all_peers_from_list(
-		struct tdls_get_all_peers *get_tdls_peers);
-
 /**
  * tdls_notify_reset_adapter() - notify reset adapter
  * @vdev: vdev object manager

umac/tdls/dispatcher/inc/wlan_tdls_public_structs.h

@@ -1110,7 +1110,9 @@ struct tdls_antenna_switch_request {
 
 /**
  * struct tdls_set_offchannel - TDLS set offchannel
+ * @vdev: vdev object
  * @offchannel: Updated tdls offchannel value.
+ * @callback: callback to release vdev ref.
  */
 struct tdls_set_offchannel {
 	struct wlan_objmgr_vdev *vdev;
@@ -1120,7 +1122,9 @@ struct tdls_set_offchannel {
 
 /**
  * struct tdls_set_offchan_mode - TDLS set offchannel mode
+ * @vdev: vdev object
  * @offchan_mode: Updated tdls offchannel mode value.
+ * @callback: callback to release vdev ref.
  */
 struct tdls_set_offchanmode {
 	struct wlan_objmgr_vdev *vdev;
@@ -1130,7 +1134,9 @@ struct tdls_set_offchanmode {
 
 /**
  * struct tdls_set_offchan_offset - TDLS set offchannel mode
+ * @vdev: vdev object
  * @offchan_offset: Offchan offset value.
+ * @callback: callback to release vdev ref.
  */
 struct tdls_set_secoffchanneloffset {
 	struct wlan_objmgr_vdev *vdev;