qcacmn: Initialized pdev id with default value 0xFF

pdev_id is being initialized with 0. Since 0 is valid pdev_id, though
pdev is not present for that id, it is being accessed.

Initialized pdev_id to 0xFF by default. Added checks on API to
detect valid pdev_id value corresponding to lmac_id

Change-Id: I2b2a38783615494ccc08e265702815f7e562214b

dp/inc/cdp_txrx_cmn.h

@@ -1925,7 +1925,7 @@ cdp_soc_handle_mode_change(ol_txrx_soc_handle soc, uint8_t pdev_id,
 	}
 
 	if (!soc->ops->cmn_drv_ops ||
-	    !soc->ops->cmn_drv_ops->map_pdev_to_lmac)
+	    !soc->ops->cmn_drv_ops->handle_mode_change)
 		return QDF_STATUS_E_FAILURE;
 
 	return soc->ops->cmn_drv_ops->handle_mode_change(soc, pdev_id,

dp/wifi3.0/dp_htt.c

@@ -3596,6 +3596,10 @@ static bool dp_txrx_ppdu_stats_handler(struct dp_soc *soc,
 	struct ppdu_info *ppdu_info = NULL;
 	bool free_buf = true;
 
+	if (pdev_id >= MAX_PDEV_CNT)
+		return true;
+
+	pdev = soc->pdev_list[pdev_id];
 	if (!pdev)
 		return true;
 
@@ -3900,6 +3904,12 @@ static void dp_htt_bkp_event_alert(u_int32_t *msg_word, struct htt_soc *soc)
 	target_pdev_id = HTT_T2H_RX_BKPRESSURE_PDEV_ID_GET(*msg_word);
 	pdev_id = dp_get_host_pdev_id_for_target_pdev_id(soc->dp_soc,
 							 target_pdev_id);
+	if (pdev_id >= MAX_PDEV_CNT) {
+		QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
+			  "pdev id %d is invalid", pdev_id);
+		return;
+	}
+
 	pdev = (struct dp_pdev *)dpsoc->pdev_list[pdev_id];
 	ring_id = HTT_T2H_RX_BKPRESSURE_RINGID_GET(*msg_word);
 	hp_idx = HTT_T2H_RX_BKPRESSURE_HEAD_IDX_GET(*(msg_word + 1));

dp/wifi3.0/dp_internal.h

@@ -1377,13 +1377,11 @@ dp_get_lmac_id_for_pdev_id
 static inline struct dp_pdev *
 	dp_get_pdev_for_lmac_id(struct dp_soc *soc, uint32_t lmac_id)
 {
-	int i = 0;
+	uint8_t i = 0;
 
 	if (wlan_cfg_per_pdev_lmac_ring(soc->wlan_cfg_ctx)) {
 		i = wlan_cfg_get_pdev_idx(soc->wlan_cfg_ctx, lmac_id);
-		qdf_assert_always(i < MAX_PDEV_CNT);
-
-		return soc->pdev_list[i];
+		return ((i < MAX_PDEV_CNT) ? soc->pdev_list[i] : NULL);
 	}
 
 	/* Typically for MCL as there only 1 PDEV*/
@@ -1449,7 +1447,7 @@ dp_get_host_pdev_id_for_target_pdev_id
 	/*Get host pdev from lmac*/
 	pdev = dp_get_pdev_for_lmac_id(soc, lmac_id);
 
-	return pdev->pdev_id;
+	return pdev ? pdev->pdev_id : INVALID_PDEV_ID;
 }
 
 /*

dp/wifi3.0/dp_main.c

@@ -10962,6 +10962,17 @@ dp_soc_attach_wifi3(struct cdp_ctrl_objmgr_psoc *ctrl_psoc,
 
 #endif
 
+static inline void dp_soc_set_def_pdev(struct dp_soc *soc)
+{
+	int lmac_id;
+
+	for (lmac_id = 0; lmac_id < MAX_NUM_LMAC_HW; lmac_id++) {
+		/*Set default host PDEV ID for lmac_id*/
+		wlan_cfg_set_pdev_idx(soc->wlan_cfg_ctx,
+				      INVALID_PDEV_ID, lmac_id);
+	}
+}
+
 /**
  * dp_soc_attach() - Attach txrx SOC
  * @ctrl_psoc: Opaque SOC handle from control plane
@@ -11017,6 +11028,8 @@ dp_soc_attach(struct cdp_ctrl_objmgr_psoc *ctrl_psoc,
 	if (htt_soc_htc_prealloc(htt_soc) != QDF_STATUS_SUCCESS)
 		goto fail2;
 
+	dp_soc_set_def_pdev(soc);
+
 	return soc;
 fail2:
 	htt_soc_detach(htt_soc);
@@ -11200,7 +11213,7 @@ void *dp_soc_init_wifi3(struct cdp_soc_t *soc,
 void *dp_get_pdev_for_mac_id(struct dp_soc *soc, uint32_t mac_id)
 {
 	if (wlan_cfg_per_pdev_lmac_ring(soc->wlan_cfg_ctx))
-		return soc->pdev_list[mac_id];
+		return (mac_id < MAX_PDEV_CNT) ? soc->pdev_list[mac_id] : NULL;
 
 	/* Typically for MCL as there only 1 PDEV*/
 	return soc->pdev_list[0];

dp/wifi3.0/dp_rx_defrag.c

@@ -1720,6 +1720,12 @@ uint32_t dp_rx_frag_handle(struct dp_soc *soc, hal_ring_desc_t ring_desc,
 
 	/* all buffers in MSDU link belong to same pdev */
 	pdev = dp_get_pdev_for_lmac_id(soc, rx_desc->pool_id);
+	if (!pdev) {
+		QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
+			  "pdev is null for pool_id = %d", rx_desc->pool_id);
+		return rx_bufs_used;
+	}
+
 	*mac_id = rx_desc->pool_id;
 
 	msdu = rx_desc->nbuf;

dp/wifi3.0/dp_rx_err.c

@@ -279,6 +279,12 @@ dp_rx_msdus_drop(struct dp_soc *soc, hal_ring_desc_t ring_desc,
 		/* all buffers from a MSDU link link belong to same pdev */
 		*mac_id = rx_desc->pool_id;
 		pdev = dp_get_pdev_for_lmac_id(soc, rx_desc->pool_id);
+		if (!pdev) {
+			QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
+				  "pdev is null for pool_id = %d",
+				  rx_desc->pool_id);
+			return rx_bufs_used;
+		}
 
 		if (!dp_rx_desc_check_magic(rx_desc)) {
 			QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
@@ -435,6 +441,11 @@ dp_rx_chain_msdus(struct dp_soc *soc, qdf_nbuf_t nbuf,
 	 */
 	struct dp_pdev *dp_pdev = dp_get_pdev_for_lmac_id(soc, mac_id);
 
+	if (!dp_pdev) {
+		QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
+			  "pdev is null for mac_id = %d", mac_id);
+		return mpdu_done;
+	}
 	/* if invalid peer SG list has max values free the buffers in list
 	 * and treat current buffer as start of list
 	 *
@@ -644,6 +655,11 @@ dp_rx_null_q_handle_invalid_peer_id_exception(struct dp_soc *soc,
 	struct dp_pdev *pdev = dp_get_pdev_for_lmac_id(soc, pool_id);
 	struct ieee80211_frame *wh = (struct ieee80211_frame *)rx_pkt_hdr;
 
+	if (!pdev) {
+		QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
+			  "pdev is null for pool_id = %d", pool_id);
+		return false;
+	}
 	/*
 	 * WAR- In certain types of packets if peer_id is not correct then
 	 * driver may not be able find. Try finding peer by addr_2 of
@@ -788,6 +804,11 @@ dp_rx_null_q_desc_handle(struct dp_soc *soc, qdf_nbuf_t nbuf,
 		bool mpdu_done = false;
 		struct dp_pdev *pdev = dp_get_pdev_for_lmac_id(soc, pool_id);
 
+		if (!pdev) {
+			dp_err_rl("pdev is null for pool_id = %d", pool_id);
+			return QDF_STATUS_E_FAILURE;
+		}
+
 		dp_err_rl("peer is NULL");
 		DP_STATS_INC_PKT(soc, rx.err.rx_invalid_peer, 1,
 				 qdf_nbuf_len(nbuf));
@@ -1522,7 +1543,6 @@ done:
 
 	for (mac_id = 0; mac_id < MAX_PDEV_CNT; mac_id++) {
 		if (rx_bufs_reaped[mac_id]) {
-			dp_pdev = dp_get_pdev_for_lmac_id(soc, mac_id);
 			dp_rxdma_srng = &soc->rx_refill_buf_ring[mac_id];
 			rx_desc_pool = &soc->rx_desc_buf[mac_id];
 
@@ -1765,6 +1785,12 @@ dp_rx_err_mpdu_pop(struct dp_soc *soc, uint32_t mac_id,
 	uint32_t rx_link_buf_info[HAL_RX_BUFFINFO_NUM_DWORDS];
 	hal_rxdma_desc_t ring_desc;
 
+	if (!pdev) {
+		QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
+			  "pdev is null for mac_id = %d", mac_id);
+		return rx_bufs_used;
+	}
+
 	msdu = 0;
 
 	last = NULL;
@@ -2029,7 +2055,6 @@ dp_handle_wbm_internal_error(struct dp_soc *soc, void *hal_desc,
 			     uint32_t buf_type)
 {
 	struct hal_buf_info buf_info = {0};
-	struct dp_pdev *dp_pdev;
 	struct dp_rx_desc *rx_desc = NULL;
 	uint32_t rx_buf_cookie;
 	uint32_t rx_bufs_reaped = 0;
@@ -2075,7 +2100,6 @@ dp_handle_wbm_internal_error(struct dp_soc *soc, void *hal_desc,
 		struct dp_srng *dp_rxdma_srng;
 
 		DP_STATS_INC(soc, tx.wbm_internal_error[WBM_INT_ERROR_REO_BUFF_REAPED], 1);
-		dp_pdev = dp_get_pdev_for_lmac_id(soc, pool_id);
 		dp_rxdma_srng = &soc->rx_refill_buf_ring[pool_id];
 		rx_desc_pool = &soc->rx_desc_buf[pool_id];
 

dp/wifi3.0/dp_rx_mon_dest.c

@@ -185,6 +185,12 @@ dp_rx_mon_mpdu_pop(struct dp_soc *soc, uint32_t mac_id,
 	uint64_t nbuf_paddr = 0;
 	uint32_t rx_link_buf_info[HAL_RX_BUFFINFO_NUM_DWORDS];
 
+	if (qdf_unlikely(!dp_pdev)) {
+		QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
+			  "pdev is null for mac_id = %d", mac_id);
+		return rx_bufs_used;
+	}
+
 	msdu = 0;
 
 	last = NULL;
@@ -471,6 +477,12 @@ qdf_nbuf_t dp_rx_mon_restitch_mpdu_from_msdus(struct dp_soc *soc,
 	head_frag_list = NULL;
 	mpdu_buf = NULL;
 
+	if (qdf_unlikely(!dp_pdev)) {
+		QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
+			  "pdev is null for mac_id = %d", mac_id);
+		return NULL;
+	}
+
 	/* The nbuf has been pulled just beyond the status and points to the
 	   * payload
 	*/
@@ -851,7 +863,7 @@ QDF_STATUS dp_rx_mon_deliver(struct dp_soc *soc, uint32_t mac_id,
 	qdf_nbuf_t mon_skb, skb_next;
 	qdf_nbuf_t mon_mpdu = NULL;
 
-	if (!pdev->monitor_vdev && !pdev->mcopy_mode)
+	if (!pdev || (!pdev->monitor_vdev && !pdev->mcopy_mode))
 		goto mon_deliver_fail;
 
 	/* restitch mon MPDU for delivery via monitor interface */
@@ -928,7 +940,7 @@ QDF_STATUS dp_rx_mon_deliver_non_std(struct dp_soc *soc,
 	qdf_nbuf_t dummy_msdu;
 
 	/* Sanity checking */
-	if ((!pdev->monitor_vdev) || (!pdev->monitor_vdev->osif_rx_mon))
+	if (!pdev || !pdev->monitor_vdev || !pdev->monitor_vdev->osif_rx_mon)
 		goto mon_deliver_non_std_fail;
 
 	/* Generate a dummy skb_buff */
@@ -998,6 +1010,12 @@ void dp_rx_mon_dest_process(struct dp_soc *soc, uint32_t mac_id, uint32_t quota)
 	int mac_for_pdev = mac_id;
 	struct cdp_pdev_mon_stats *rx_mon_stats;
 
+	if (!pdev) {
+		QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
+			  "pdev is null for mac_id = %d", mac_id);
+		return;
+	}
+
 	mon_dst_srng = dp_rxdma_get_mon_dst_ring(pdev, mac_for_pdev);
 
 	if (!mon_dst_srng || !hal_srng_initialized(mon_dst_srng)) {

dp/wifi3.0/dp_rx_mon_status.c

@@ -1474,6 +1474,11 @@ dp_rx_mon_status_process_tlv(struct dp_soc *soc, uint32_t mac_id,
 	bool nbuf_used;
 	uint32_t rx_enh_capture_mode;
 
+	if (!pdev) {
+		QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
+			  "pdev is null for mac_id = %d", mac_id);
+		return;
+	}
 
 	ppdu_info = &pdev->ppdu_info;
 	rx_mon_stats = &pdev->rx_mon_stats;
@@ -1621,6 +1626,12 @@ dp_rx_mon_status_srng_process(struct dp_soc *soc, uint32_t mac_id,
 	QDF_STATUS status;
 	uint32_t work_done = 0;
 
+	if (!pdev) {
+		QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
+			  "pdev is null for mac_id = %d", mac_id);
+		return work_done;
+	}
+
 	mon_status_srng = soc->rxdma_mon_status_ring[mac_id].hal_srng;
 
 	qdf_assert(mon_status_srng);
@@ -1875,6 +1886,12 @@ QDF_STATUS dp_rx_mon_status_buffers_replenish(struct dp_soc *dp_soc,
 	void *rxdma_srng;
 	struct dp_pdev *dp_pdev = dp_get_pdev_for_lmac_id(dp_soc, mac_id);
 
+	if (!dp_pdev) {
+		QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
+			  "pdev is null for mac_id = %d", mac_id);
+		return QDF_STATUS_E_FAILURE;
+	}
+
 	rxdma_srng = dp_rxdma_srng->hal_srng;
 
 	qdf_assert(rxdma_srng);

wlan_cfg/wlan_cfg.c

@@ -725,9 +725,9 @@ int wlan_cfg_get_target_pdev_id(struct wlan_cfg_dp_soc_ctxt *cfg,
 void wlan_cfg_set_pdev_idx(struct wlan_cfg_dp_soc_ctxt *cfg, int pdev_idx,
 			   int hw_macid)
 {
-	qdf_assert_always(pdev_idx < MAX_PDEV_CNT);
+	qdf_assert_always((pdev_idx < MAX_PDEV_CNT) ||
+			  (pdev_idx == INVALID_PDEV_ID));
 	qdf_assert_always(hw_macid < MAX_NUM_LMAC_HW);
-
 	cfg->hw_macid_pdev_id_map[hw_macid] = pdev_idx;
 }
 

wlan_cfg/wlan_cfg.h

@@ -83,6 +83,8 @@
 #define WLAN_CFG_RX_FST_MAX_SEARCH 2
 #define WLAN_CFG_RX_FST_TOEPLITZ_KEYLEN 40
 
+#define INVALID_PDEV_ID 0xFF
+
 struct wlan_cfg_dp_pdev_ctxt;
 
 /**