From b4ebf34ea2db92d722de2260cedcc63ca0b0f8d3 Mon Sep 17 00:00:00 2001
From: Abhijit Pradhan <abhijit@codeaurora.org>
Date: Fri, 28 Apr 2017 10:58:34 +0530
Subject: [PATCH] qcacmn: DFS kernel panic fixed

NULL pointer dereference is fixed.

Change-Id: I6c5dce998dd276306a42a14253450965329afd56
CRs-Fixed: 2001106
---
 umac/dfs/core/src/misc/dfs.c                | 39 ++++++++++++---------
 umac/dfs/dispatcher/inc/wlan_dfs_mlme_api.h |  2 +-
 umac/dfs/dispatcher/src/wlan_dfs_mlme_api.c |  6 ++--
 3 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/umac/dfs/core/src/misc/dfs.c b/umac/dfs/core/src/misc/dfs.c
index a14489c63c..d3c49fbf72 100644
--- a/umac/dfs/core/src/misc/dfs.c
+++ b/umac/dfs/core/src/misc/dfs.c
@@ -428,36 +428,38 @@ struct dfs_state *dfs_getchanstate(struct wlan_dfs *dfs, uint8_t *index,
 		int ext_chan_flag)
 {
 	struct dfs_state *rs = NULL;
-	struct dfs_ieee80211_channel *cmp_ch = NULL;
+	struct dfs_ieee80211_channel *cmp_ch, cmp_ch1;
 	int i;
+	QDF_STATUS err;
 
 	if (dfs == NULL) {
 		DFS_DPRINTK(dfs, WLAN_DEBUG_DFS, "%s: dfs is NULL\n", __func__);
 		return NULL;
 	}
 
+	cmp_ch = &cmp_ch1;
 	if (ext_chan_flag) {
-		dfs_mlme_get_extchan(dfs->dfs_pdev_obj,
+		err = dfs_mlme_get_extchan(dfs->dfs_pdev_obj,
 				&(cmp_ch->ic_freq),
 				&(cmp_ch->ic_flags),
 				&(cmp_ch->ic_flagext),
 				&(cmp_ch->ic_ieee),
 				&(cmp_ch->ic_vhtop_ch_freq_seg1),
 				&(cmp_ch->ic_vhtop_ch_freq_seg2));
-		if (cmp_ch) {
+
+		if (err == QDF_STATUS_SUCCESS) {
 			DFS_DPRINTK(dfs, WLAN_DEBUG_DFS2,
 					"Extension channel freq = %u flags=0x%x\n",
 					cmp_ch->ic_freq, cmp_ch->ic_flagext);
-		} else {
+		} else
 			return NULL;
-		}
-
 	} else {
 		cmp_ch = dfs->dfs_curchan;
 		DFS_DPRINTK(dfs, WLAN_DEBUG_DFS2,
 				"Primary channel freq = %u flags=0x%x\n",
 				cmp_ch->ic_freq, cmp_ch->ic_flagext);
 	}
+
 	for (i = 0; i < DFS_NUM_RADAR_STATES; i++) {
 		if ((dfs->dfs_radar[i].rs_chan.ic_freq == cmp_ch->ic_freq) &&
 			(dfs->dfs_radar[i].rs_chan.ic_flags == cmp_ch->ic_flags)
@@ -494,7 +496,8 @@ void dfs_radar_enable(struct wlan_dfs *dfs, int no_cac, uint32_t opmode)
 {
 	int is_ext_ch;
 	int is_fastclk = 0;
-	struct dfs_ieee80211_channel *ext_ch = NULL;
+	struct dfs_ieee80211_channel *ext_ch, extchan;
+	QDF_STATUS err = QDF_STATUS_E_FAILURE;
 
 	if (dfs == NULL) {
 		DFS_DPRINTK(dfs, WLAN_DEBUG_DFS1,
@@ -522,22 +525,26 @@ void dfs_radar_enable(struct wlan_dfs *dfs, int no_cac, uint32_t opmode)
 		dfs->dfs_proc_phyerr |= DFS_RADAR_EN;
 		dfs->dfs_proc_phyerr |= DFS_SECOND_SEGMENT_RADAR_EN;
 
+		ext_ch = &extchan;
 		if (is_ext_ch)
-			dfs_mlme_get_extchan(dfs->dfs_pdev_obj,
-				&(ext_ch->ic_freq),
-				&(ext_ch->ic_flags),
-				&(ext_ch->ic_flagext),
-				&(ext_ch->ic_ieee),
-				&(ext_ch->ic_vhtop_ch_freq_seg1),
-				&(ext_ch->ic_vhtop_ch_freq_seg2));
+			err = dfs_mlme_get_extchan(dfs->dfs_pdev_obj,
+					&(ext_ch->ic_freq),
+					&(ext_ch->ic_flags),
+					&(ext_ch->ic_flagext),
+					&(ext_ch->ic_ieee),
+					&(ext_ch->ic_vhtop_ch_freq_seg1),
+					&(ext_ch->ic_vhtop_ch_freq_seg2));
+
 
 		dfs_reset_alldelaylines(dfs);
 
 		rs_pri = dfs_getchanstate(dfs, &index_pri, 0);
-		if (ext_ch)
+		if (err == QDF_STATUS_SUCCESS) {
 			rs_ext = dfs_getchanstate(dfs, &index_ext, 1);
+		}
 
-		if (rs_pri != NULL && ((ext_ch == NULL) || (rs_ext != NULL))) {
+		if (rs_pri != NULL && ((err == QDF_STATUS_E_FAILURE) ||
+			    (rs_ext != NULL))) {
 			struct wlan_dfs_phyerr_param pe;
 
 			qdf_mem_set(&pe, '\0', sizeof(pe));
diff --git a/umac/dfs/dispatcher/inc/wlan_dfs_mlme_api.h b/umac/dfs/dispatcher/inc/wlan_dfs_mlme_api.h
index c2d02810ee..becd551d33 100644
--- a/umac/dfs/dispatcher/inc/wlan_dfs_mlme_api.h
+++ b/umac/dfs/dispatcher/inc/wlan_dfs_mlme_api.h
@@ -128,7 +128,7 @@ void dfs_mlme_find_any_valid_channel(struct wlan_objmgr_pdev *pdev,
  * @ic_vhtop_ch_freq_seg2:  Channel Center frequency applicable for 80+80MHz
  *                          mode of operation.
  */
-void dfs_mlme_get_extchan(struct wlan_objmgr_pdev *pdev,
+QDF_STATUS dfs_mlme_get_extchan(struct wlan_objmgr_pdev *pdev,
 		uint16_t *ic_freq,
 		uint32_t *ic_flags,
 		uint16_t *ic_flagext,
diff --git a/umac/dfs/dispatcher/src/wlan_dfs_mlme_api.c b/umac/dfs/dispatcher/src/wlan_dfs_mlme_api.c
index f652111241..00d994acad 100644
--- a/umac/dfs/dispatcher/src/wlan_dfs_mlme_api.c
+++ b/umac/dfs/dispatcher/src/wlan_dfs_mlme_api.c
@@ -172,7 +172,7 @@ void dfs_mlme_find_any_valid_channel(struct wlan_objmgr_pdev *pdev,
 				ret_val);
 }
 
-void dfs_mlme_get_extchan(struct wlan_objmgr_pdev *pdev,
+QDF_STATUS dfs_mlme_get_extchan(struct wlan_objmgr_pdev *pdev,
 		uint16_t *ic_freq,
 		uint32_t *ic_flags,
 		uint16_t *ic_flagext,
@@ -181,13 +181,15 @@ void dfs_mlme_get_extchan(struct wlan_objmgr_pdev *pdev,
 		uint8_t *ic_vhtop_ch_freq_seg2)
 {
 	if (global_dfs_to_mlme.mlme_get_extchan != NULL)
-		global_dfs_to_mlme.mlme_get_extchan(pdev,
+		return global_dfs_to_mlme.mlme_get_extchan(pdev,
 				ic_freq,
 				ic_flags,
 				ic_flagext,
 				ic_ieee,
 				ic_vhtop_ch_freq_seg1,
 				ic_vhtop_ch_freq_seg2);
+
+	return QDF_STATUS_E_FAILURE;
 }
 
 void dfs_mlme_set_no_chans_available(struct wlan_objmgr_pdev *pdev,