qcacmn: Do sanity check of requester ID

If the requester id is 0 or other invalid values,
the function scm_scan_get_requester_event_handler
will get unexpected handler.

Change-Id: I505e2e1a1bdc9cec57aaa0c28abadf28d228ba5b
CRs-Fixed: 2147555

umac/p2p/core/src/wlan_p2p_main.h

@@ -173,7 +173,7 @@ struct p2p_soc_priv_obj {
 	qdf_list_t roc_q;
 	qdf_list_t tx_q_roc;
 	qdf_list_t tx_q_ack;
-	uint16_t scan_req_id;
+	wlan_scan_requester scan_req_id;
 	struct p2p_start_param *start_param;
 	qdf_event_t cancel_roc_done;
 	qdf_runtime_lock_t roc_runtime_lock;

umac/scan/core/src/wlan_scan_main.h

@@ -52,7 +52,15 @@
 #define WLAN_MAX_REQUESTORS     200
 #define WLAN_SCAN_ID_MASK 0x00000FFF
 #define WLAN_HOST_SCAN_REQ_ID_PREFIX 0x0000A000
+/*
+ * For the requestor id:
+ *     bit  0~12 is used for real requestor id.
+ *     bit 13~15 is used for requestor prefix.
+ *     bit 16~19 is used by specific user to aware it is issued by himself.
+ *     bit 20~31 is reserved.
+ */
 #define WLAN_SCAN_REQUESTER_ID_PREFIX 0x0000A000
+#define WLAN_SCAN_REQUESTER_ID_MASK 0x00001FFF
 
 #define SCM_NUM_RSSI_CAT        15
 

umac/scan/core/src/wlan_scan_manager.c

@@ -97,18 +97,31 @@ scm_scan_get_requester_event_handler(struct scan_event_listeners *listeners,
 		struct scan_requester_info *requesters,
 		wlan_scan_requester requester_id)
 {
-	uint32_t idx = requester_id & ~WLAN_SCAN_REQUESTER_ID_PREFIX;
-	struct cb_handler *ev_handler = &(requesters[idx].ev_handler);
+	uint32_t idx;
+	struct cb_handler *ev_handler;
 
-	if (ev_handler->func) {
-		if (listeners->count < MAX_SCAN_EVENT_LISTENERS) {
-			listeners->cb[listeners->count].func = ev_handler->func;
-			listeners->cb[listeners->count].arg = ev_handler->arg;
-			listeners->count++;
+	idx = requester_id & WLAN_SCAN_REQUESTER_ID_PREFIX;
+	if (idx != WLAN_SCAN_REQUESTER_ID_PREFIX)
+		return QDF_STATUS_SUCCESS;
+
+	idx = requester_id & WLAN_SCAN_REQUESTER_ID_MASK;
+	if (idx < WLAN_MAX_REQUESTORS) {
+		ev_handler = &(requesters[idx].ev_handler);
+		if (ev_handler->func) {
+			if (listeners->count < MAX_SCAN_EVENT_LISTENERS) {
+				listeners->cb[listeners->count].func =
+							     ev_handler->func;
+				listeners->cb[listeners->count].arg =
+							     ev_handler->arg;
+				listeners->count++;
+			}
 		}
+		return QDF_STATUS_SUCCESS;
+	} else {
+		scm_err("invalid requester id");
+		return QDF_STATUS_E_INVAL;
 	}
 
-	return QDF_STATUS_SUCCESS;
 }
 
 static void scm_scan_post_event(struct wlan_objmgr_vdev *vdev,

umac/scan/dispatcher/inc/wlan_scan_public_structs.h

@@ -42,6 +42,9 @@ typedef uint32_t wlan_scan_id;
 #define INVAL_VDEV_ID        0xFFFFFFFF
 #define INVAL_PDEV_ID        0xFFFFFFFF
 
+#define USER_SCAN_REQUESTOR_ID  0xA0000
+#define PREAUTH_REQUESTOR_ID    0xC0000
+
 #define BURST_SCAN_MAX_NUM_OFFCHANNELS 3
 #define P2P_SCAN_MAX_BURST_DURATION 180
 /* Increase dwell time for P2P search in ms */

umac/scan/dispatcher/src/wlan_scan_ucfg_api.c

@@ -727,10 +727,15 @@ void
 ucfg_scan_unregister_requester(struct wlan_objmgr_psoc *psoc,
 	wlan_scan_requester requester)
 {
-	int idx = requester & ~WLAN_SCAN_REQUESTER_ID_PREFIX;
+	int idx = requester & WLAN_SCAN_REQUESTER_ID_MASK;
 	struct wlan_scan_obj *scan;
 	struct scan_requester_info *requesters;
 
+	if (idx >= WLAN_MAX_REQUESTORS) {
+		scm_err("requester id invalid");
+		return;
+	}
+
 	if (!psoc) {
 		scm_err("null psoc");
 		return;
@@ -751,7 +756,7 @@ uint8_t*
 ucfg_get_scan_requester_name(struct wlan_objmgr_psoc *psoc,
 	wlan_scan_requester requester)
 {
-	int idx = requester & ~WLAN_SCAN_REQUESTER_ID_PREFIX;
+	int idx = requester & WLAN_SCAN_REQUESTER_ID_MASK;
 	struct wlan_scan_obj *scan;
 	struct scan_requester_info *requesters;