qcacld-3.0: Check for invalid staId in ll stats clear operation

WMI_CLEAR_LINK_STATS_CMDID can cause firmware crash if vdev_id is invalid.
Add staId, i.e. vdev_id checks to sme_ll_stats_clear_req() and
wma_process_ll_stats_clear_req().

CRs-Fixed: 2078391
Change-Id: Ic713b17aebeb89bc0ab69c2e4040d9018d3dc095

core/sme/src/common/sme_api.c

@@ -12966,6 +12966,12 @@ QDF_STATUS sme_ll_stats_clear_req(tHalHandle hHal,
 		  pclearStatsReq->statsClearReqMask);
 	QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_INFO,
 		  "stopReq = %u", pclearStatsReq->stopReq);
+	if (!sme_is_session_id_valid(hHal, pclearStatsReq->staId)) {
+		QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_ERROR,
+			  "%s: invalid staId %d",
+			  __func__, pclearStatsReq->staId);
+		return QDF_STATUS_E_INVAL;
+	}
 
 	clear_stats_req = qdf_mem_malloc(sizeof(*clear_stats_req));
 

core/wma/src/wma_utils.c

@@ -1813,6 +1813,12 @@ QDF_STATUS wma_process_ll_stats_clear_req(tp_wma_handle wma,
 		return QDF_STATUS_E_FAILURE;
 	}
 
+	if (!wma->interfaces[clearReq->staId].handle) {
+		WMA_LOGE("%s: vdev_id %d handle is NULL",
+			 __func__, clearReq->staId);
+		return QDF_STATUS_E_FAILURE;
+	}
+
 	cmd.stop_req = clearReq->stopReq;
 	cmd.sta_id = clearReq->staId;
 	cmd.stats_clear_mask = clearReq->statsClearReqMask;