qcacld-3.0: Fix incorrect pe session when doing pre-auth

When scan cannot be cancelled timely after pre-auth response is received,
Then a second attempt of pre-auth request could be sent, which might be
referencing a wrong session and cause NULL pointer access.

Skip to send pre-auth request for such case.

Change-Id: Icb81830ef08cffc172b327e3a8ae170aea1ec58c
CRs-Fixed: 2272022

core/mac/src/pe/include/lim_session.h

@@ -719,6 +719,19 @@ void pe_delete_session(tpAniSirGlobal pMac, tpPESession psessionEntry);
  */
 tpPESession pe_find_session_by_sme_session_id(tpAniSirGlobal mac_ctx,
 					      uint8_t sme_session_id);
+
+/**
+ * pe_find_session_by_scan_id() - looks up the PE session for given scan id
+ * @mac_ctx:   pointer to global adapter context
+ * @scan_id:   scan id
+ *
+ * looks up the PE session for given scan id
+ *
+ * Return: pe session entry for given scan id if found else NULL
+ */
+tpPESession pe_find_session_by_scan_id(tpAniSirGlobal mac_ctx,
+				       uint32_t scan_id);
+
 uint8_t pe_get_active_session_count(tpAniSirGlobal mac_ctx);
 #ifdef WLAN_FEATURE_FILS_SK
 /**

core/mac/src/pe/lim/lim_ft_preauth.c

@@ -756,12 +756,21 @@ void lim_preauth_scan_event_handler(tpAniSirGlobal mac_ctx,
 {
 	tpPESession session_entry;
 
-	if (event == SIR_SCAN_EVENT_COMPLETED) {
-		session_entry = pe_find_session_by_session_id(mac_ctx,
-			mac_ctx->lim.limTimers.gLimFTPreAuthRspTimer.sessionId);
+	session_entry = pe_find_session_by_scan_id(mac_ctx, scan_id);
+	/* Pre-auth request is sent */
+	if (session_entry) {
+		if ((event == SIR_SCAN_EVENT_FOREIGN_CHANNEL) &&
+		    (session_entry->ftPEContext.ftPreAuthStatus
+		     == QDF_STATUS_SUCCESS)) {
+			pe_err("Pre-auth is done, skip sending pre-auth req");
+			return;
+		}
 	} else {
+		/* For the first pre-auth request
+		 * need to get it by sme session id (vdev id)
+		 */
 		session_entry = pe_find_session_by_sme_session_id(mac_ctx,
-					session_id);
+								  session_id);
 	}
 
 	if (session_entry == NULL) {

core/mac/src/pe/lim/lim_session.c

@@ -1119,6 +1119,31 @@ tpPESession pe_find_session_by_sme_session_id(tpAniSirGlobal mac_ctx,
 	return NULL;
 }
 
+/**
+ * pe_find_session_by_scan_id() - looks up the PE session for given scan id
+ * @mac_ctx:   pointer to global adapter context
+ * @scan_id:   scan id
+ *
+ * looks up the PE session for given scan id
+ *
+ * Return: pe session entry for given scan id if found else NULL
+ */
+tpPESession pe_find_session_by_scan_id(tpAniSirGlobal mac_ctx,
+				       uint32_t scan_id)
+{
+	uint8_t i;
+
+	for (i = 0; i < mac_ctx->lim.maxBssId; i++) {
+		if ((mac_ctx->lim.gpSession[i].valid) &&
+		    (mac_ctx->lim.gpSession[i].ftPEContext.pFTPreAuthReq) &&
+		    (mac_ctx->lim.gpSession[i].ftPEContext.pFTPreAuthReq
+		     ->scan_id == scan_id)) {
+			return &mac_ctx->lim.gpSession[i];
+		}
+	}
+	return NULL;
+}
+
 /**
  * pe_get_active_session_count() - function to return active pe session count
  *