qcacmn: Fix NULL pointer dereference in pno & regulatory

In target_if_pno_start, target_if_pno_stop,
tgt_reg_chan_list_update_handler, tgt_reg_11d_new_cc_handler &
tgt_reg_ch_avoid_event_handler wmi_handle is derived & dereferenced
with out a NULL check. Add a NULL check for wmi_handle before it is
dereferenced.

Change-Id: I4b4afa5bb74a2c97d921af2672eb285f7c34062a
CRs-Fixed: 2305512

target_if/regulatory/src/target_if_reg.c

@@ -99,6 +99,7 @@ static int tgt_reg_chan_list_update_handler(ol_scn_t handle,
 	struct wlan_lmac_if_reg_rx_ops *reg_rx_ops;
 	struct cur_regulatory_info *reg_info;
 	QDF_STATUS status;
+	struct wmi_unified *wmi_handle;
 
 	TARGET_IF_ENTER();
 
@@ -125,7 +126,13 @@ static int tgt_reg_chan_list_update_handler(ol_scn_t handle,
 		return -ENOMEM;
 	}
 
-	if (wmi_extract_reg_chan_list_update_event(GET_WMI_HDL_FROM_PSOC(psoc),
+	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
+	if (!wmi_handle) {
+		target_if_err("Invalid WMI handle");
+		return -EINVAL;
+	}
+
+	if (wmi_extract_reg_chan_list_update_event(wmi_handle,
 						   event_buf, reg_info, len)
 	    != QDF_STATUS_SUCCESS) {
 
@@ -163,6 +170,7 @@ static int tgt_reg_11d_new_cc_handler(ol_scn_t handle,
 	struct wlan_lmac_if_reg_rx_ops *reg_rx_ops;
 	struct reg_11d_new_country reg_11d_new_cc;
 	QDF_STATUS status;
+	struct wmi_unified *wmi_handle;
 
 	TARGET_IF_ENTER();
 
@@ -179,9 +187,14 @@ static int tgt_reg_11d_new_cc_handler(ol_scn_t handle,
 		return -EINVAL;
 	}
 
-	if (wmi_extract_reg_11d_new_cc_event(GET_WMI_HDL_FROM_PSOC(psoc),
-				event_buf, &reg_11d_new_cc, len) !=
-			QDF_STATUS_SUCCESS) {
+	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
+	if (!wmi_handle) {
+		target_if_err("Invalid WMI handle");
+		return -EINVAL;
+	}
+	if (wmi_extract_reg_11d_new_cc_event(wmi_handle, event_buf,
+					     &reg_11d_new_cc, len)
+	    != QDF_STATUS_SUCCESS) {
 
 		target_if_err("Extraction of new country event failed");
 		return -EFAULT;
@@ -205,6 +218,7 @@ static int tgt_reg_ch_avoid_event_handler(ol_scn_t handle,
 	struct wlan_lmac_if_reg_rx_ops *reg_rx_ops;
 	struct ch_avoid_ind_type ch_avoid_event;
 	QDF_STATUS status;
+	struct wmi_unified *wmi_handle;
 
 	TARGET_IF_ENTER();
 
@@ -221,9 +235,14 @@ static int tgt_reg_ch_avoid_event_handler(ol_scn_t handle,
 		return -EINVAL;
 	}
 
-	if (wmi_extract_reg_ch_avoid_event(GET_WMI_HDL_FROM_PSOC(psoc),
-				event_buf, &ch_avoid_event, len) !=
-			QDF_STATUS_SUCCESS) {
+	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
+	if (!wmi_handle) {
+		target_if_err("Invalid WMI handle");
+		return -EINVAL;
+	}
+	if (wmi_extract_reg_ch_avoid_event(wmi_handle, event_buf,
+					   &ch_avoid_event, len)
+	    != QDF_STATUS_SUCCESS) {
 
 		target_if_err("Extraction of CH avoid event failed");
 		return -EFAULT;

target_if/scan/src/target_if_scan.c

@@ -244,13 +244,19 @@ target_if_pno_start(struct wlan_objmgr_psoc *psoc,
 	struct pno_scan_req_params *req)
 {
 	QDF_STATUS status;
+	struct wmi_unified *wmi_handle;
+
+	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
+	if (!wmi_handle) {
+		target_if_err("Invalid WMI handle");
+		return QDF_STATUS_E_FAILURE;
+	}
 
-	status = wmi_unified_pno_start_cmd(GET_WMI_HDL_FROM_PSOC(psoc), req);
+	status = wmi_unified_pno_start_cmd(wmi_handle, req);
 	if (status == QDF_STATUS_SUCCESS) {
 		if (req->mawc_params.enable)
-			status = wmi_unified_nlo_mawc_cmd(
-					GET_WMI_HDL_FROM_PSOC(psoc),
-					&req->mawc_params);
+			status = wmi_unified_nlo_mawc_cmd(wmi_handle,
+							  &req->mawc_params);
 	}
 
 	return status;
@@ -260,7 +266,15 @@ static QDF_STATUS
 target_if_pno_stop(struct wlan_objmgr_psoc *psoc,
 	uint8_t vdev_id)
 {
-	return wmi_unified_pno_stop_cmd(GET_WMI_HDL_FROM_PSOC(psoc), vdev_id);
+	struct wmi_unified *wmi_handle;
+
+	wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
+	if (!wmi_handle) {
+		target_if_err("Invalid WMI handle");
+		return QDF_STATUS_E_FAILURE;
+	}
+
+	return wmi_unified_pno_stop_cmd(wmi_handle, vdev_id);
 }
 
 #else