qcacld-3.0: Process CP stats response while roaming

Scenarios are:
1. Host receives ROAM_START from firmware
2. Host receives EAPOL M1 from AP, host forwarded
   it to supplicant and supplicant buffered it (with
   timer 100 msec) to process it after association
   completion.
3. Host starts processing CP stats request, which
   holds RTNL kernel lock
4. Host starts a CP_STATS_WAIT_TIME_STAT (800 msec)
   timer and sends WMI_REQUEST_STATS_CMDID to FW.
   So cp stats are holding the RTNL lock.
5. In waiting state host/FW completed roaming within
   a few milliseconds. Host Call roamed indication
   to the kernel. Kernel post it to the Work queue
   to indicate this to the supplicant. The Work
   queue requires the RTNL lock to send the
   indication to the supplicant.
6. Now Kernel is waiting on the RTNL lock taken by
   the CP stats request which is waiting for the CP
   stats response (WMI_UPDATE_STATS_EVENTID).
7. Host receives CP stats response but the host is
   unable to handle it with the below reason.
8. Timed out happens for WMI_UPDATE_STATS_EVENTID,
   then Kernel takes RTNL lock to indicate
   association/roam completion status to the
   supplicant.
9. As Kernel is sending association indication
   after CP_STATS_WAIT_TIME_STAT (800 msec), by
   this time supplicant deleted buffered EAPOL
   first frame, this results in DUT failing to
   initiate the 4-WAY handshake.
10. Finally AP sends the Deauthentication frame
    to DUT.

Reason for unable to process CP stats response :
As per the current design, While processing Roaming,
the host deletes the old peer and creates a new peer
for roamed AP. If the Host receives cp stats response
after peer delete due to roaming, the host is unable
to stop waiting for timer CP_STATS_WAIT_TIME_STAT
and fails to release RTNL kernel lock till timeout.
After time out only, Kernel can take RTNL lock to
indicate association/roam completion status to the
supplicant.

Fix is to stop the wait timer CP_STATS_WAIT_TIME_STAT
and release RTNL kernel lock even in case peer has
deleted by HOST for which CP stats request sent.

Change-Id: Ie5b5275da10a06da50b2fbb8ab206b78f2c64d6a
CRs-Fixed: 3234063

components/cp_stats/dispatcher/src/wlan_cp_stats_mc_tgt_api.c

@@ -589,10 +589,8 @@ extd2_stats:
 
 	/* no matched peer */
 	if (!QDF_IS_ADDR_BROADCAST(last_req.peer_mac_addr) &&
-	    selected == ev->num_peer_adv_stats) {
+	    selected == ev->num_peer_adv_stats)
 		cp_stats_debug("peer not found for extd stats");
-		return;
-	}
 
 complete:
 	if (is_station_stats)
@@ -1090,8 +1088,7 @@ tgt_mc_cp_stats_send_raw_station_stats(struct wlan_objmgr_psoc *psoc,
 	wlan_cp_stats_peer_obj_unlock(peer_cp_stats_priv);
 
 end:
-	if (info.vdev_summary_stats && info.vdev_chain_rssi)
-		get_station_stats_cb(&info, last_req->cookie);
+	get_station_stats_cb(&info, last_req->cookie);
 
 	ucfg_mc_cp_stats_free_stats_resources(&info);
 

core/hdd/src/wlan_hdd_stats.c

@@ -2012,9 +2012,16 @@ static void cache_station_stats_cb(struct stats_event *ev, void *cookie)
 {
 	struct hdd_adapter *adapter = cookie, *next_adapter = NULL;
 	struct hdd_context *hdd_ctx = adapter->hdd_ctx;
-	uint8_t vdev_id = ev->vdev_summary_stats->vdev_id;
+	uint8_t vdev_id;
 	wlan_net_dev_ref_dbgid dbgid = NET_DEV_HOLD_DISPLAY_TXRX_STATS;
 
+	if (!ev->vdev_summary_stats || !ev->vdev_chain_rssi) {
+		hdd_debug("Invalid stats");
+		return;
+	}
+
+	vdev_id = ev->vdev_summary_stats->vdev_id;
+
 	hdd_for_each_adapter_dev_held_safe(hdd_ctx, adapter, next_adapter,
 					   dbgid) {
 		if (adapter->vdev_id != vdev_id) {

os_if/cp_stats/src/wlan_cfg80211_mc_cp_stats.c

@@ -553,7 +553,7 @@ static void get_station_stats_cb(struct stats_event *ev, void *cookie)
 {
 	struct stats_event *priv;
 	struct osif_request *request;
-	uint32_t summary_size, rssi_size, peer_adv_size;
+	uint32_t summary_size, rssi_size, peer_adv_size = 0;
 
 	request = osif_request_get(cookie);
 	if (!request) {
@@ -562,9 +562,17 @@ static void get_station_stats_cb(struct stats_event *ev, void *cookie)
 	}
 
 	priv = osif_request_priv(request);
+
+	if (!ev->vdev_summary_stats || !ev->vdev_chain_rssi) {
+		osif_debug("Invalid stats");
+		goto station_stats_cb_fail;
+	}
+
 	summary_size = sizeof(*ev->vdev_summary_stats) * ev->num_summary_stats;
 	rssi_size = sizeof(*ev->vdev_chain_rssi) * ev->num_chain_rssi_stats;
-	peer_adv_size = sizeof(*ev->peer_adv_stats) * ev->num_peer_adv_stats;
+	if (ev->peer_adv_stats && ev->num_peer_adv_stats)
+		peer_adv_size =
+			sizeof(*ev->peer_adv_stats) * ev->num_peer_adv_stats;
 
 	if (summary_size == 0 || rssi_size == 0) {
 		osif_err("Invalid stats, summary %d rssi %d",
@@ -1353,6 +1361,11 @@ static void get_station_adv_stats_cb(struct stats_event *ev, void *cookie)
 	}
 
 	priv = osif_request_priv(request);
+	if (!ev->peer_adv_stats || ev->num_peer_adv_stats == 0) {
+		osif_debug("Invalid stats");
+		goto station_adv_stats_cb_fail;
+	}
+
 	peer_adv_size = sizeof(*ev->peer_adv_stats) * ev->num_peer_adv_stats;
 
 	if (peer_adv_size) {
@@ -1503,6 +1516,11 @@ wlan_cfg80211_mc_cp_stats_get_peer_stats(struct wlan_objmgr_vdev *vdev,
 		goto get_peer_stats_fail;
 	}
 
+	if (!priv->peer_adv_stats || priv->num_peer_adv_stats == 0) {
+		osif_debug("Invalid stats");
+		goto get_peer_stats_fail;
+	}
+
 	out->num_peer_adv_stats = priv->num_peer_adv_stats;
 	out->peer_adv_stats = priv->peer_adv_stats;
 	priv->peer_adv_stats = NULL;