qcacld-3.0: Remove vdev chk_frame structure

Chk frame member of the tdls_mgmt_req is declared locally inside of
the local function wlan_cfg80211_tdls_mgmt and address is copied
in the mgmt request, and posted to scheduler thread.
But, the validity of the chk frame variable is lost once returned
from the wlan_cfg80211_tdls_mgmt function. And the chk_frame
is used when processing the tdls_mgmt_req in scheduler thread.
And the stale data of chk_frame can be used.

Hence, make the chk_frame as a variable instead pointer inside
tdls_action_frame_request request.

Change-Id: Ib2a8a81e8f6db5550b1d0abee31d9f7ea5dacd9b
CRs-Fixed: 2402124

tdls/core/src/wlan_tdls_cmds_process.c

@@ -659,8 +659,7 @@ static int tdls_validate_setup_frames(struct tdls_soc_priv_obj *tdls_soc,
 		 tdls_soc->connected_peer_count,
 		 tdls_soc->max_num_tdls_sta);
 
-	tdls_validate->max_sta_failed = -EPERM;
-	return 0;
+	return -EPERM;
 }
 
 int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req)
@@ -672,13 +671,11 @@ int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req)
 	QDF_STATUS status;
 	uint8_t vdev_id;
 
+	struct wlan_objmgr_vdev *vdev = tdls_mgmt_req->vdev;
 	struct tdls_validate_action_req *tdls_validate =
-		tdls_mgmt_req->chk_frame;
+		&tdls_mgmt_req->chk_frame;
 
-	if (!tdls_validate || !tdls_validate->vdev)
-		return -EINVAL;
-
-	if (QDF_STATUS_SUCCESS != tdls_get_vdev_objects(tdls_validate->vdev,
+	if (QDF_STATUS_SUCCESS != tdls_get_vdev_objects(vdev,
 							&tdls_vdev,
 							&tdls_soc))
 		return -ENOTSUPP;
@@ -687,15 +684,15 @@ int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req)
 	 * STA or P2P client should be connected and authenticated before
 	 *  sending any TDLS frames
 	 */
-	if (!tdls_is_vdev_connected(tdls_validate->vdev) ||
-	    !tdls_is_vdev_authenticated(tdls_validate->vdev)) {
+	if (!tdls_is_vdev_connected(vdev) ||
+	    !tdls_is_vdev_authenticated(vdev)) {
 		tdls_err("STA is not connected or not authenticated.");
 		return -EAGAIN;
 	}
 
 	/* other than teardown frame, mgmt frames are not sent if disabled */
 	if (TDLS_TEARDOWN != tdls_validate->action_code) {
-		if (!tdls_check_is_tdls_allowed(tdls_validate->vdev)) {
+		if (!tdls_check_is_tdls_allowed(vdev)) {
 			tdls_err("TDLS not allowed, reject MGMT, action = %d",
 				tdls_validate->action_code);
 			return -EPERM;
@@ -730,7 +727,7 @@ int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req)
 	}
 
 	/*  call hdd_wmm_is_acm_allowed() */
-	vdev_id = wlan_vdev_get_id(tdls_validate->vdev);
+	vdev_id = wlan_vdev_get_id(vdev);
 	if (!tdls_soc->tdls_wmm_cb(vdev_id)) {
 		tdls_debug("admission ctrl set to VI, send the frame with least AC (BK) for action %d",
 			   tdls_validate->action_code);

tdls/core/src/wlan_tdls_mgmt.c

@@ -319,7 +319,7 @@ static QDF_STATUS tdls_activate_send_mgmt_request(
 
 release_cmd:
 	/*update tdls nss infornation based on action code */
-	tdls_reset_nss(tdls_soc_obj, action_req->chk_frame->action_code);
+	tdls_reset_nss(tdls_soc_obj, action_req->chk_frame.action_code);
 	if (QDF_IS_STATUS_ERROR(status)) {
 		tdls_internal_send_mgmt_tx_done(action_req, status);
 		tdls_release_serialization_command(action_req->vdev,
@@ -397,9 +397,9 @@ QDF_STATUS tdls_process_mgmt_req(
 	 * after the  cmd validation
 	 */
 	tdls_mgmt_req->tdls_mgmt.responder =
-			!tdls_mgmt_req->chk_frame->responder;
+			!tdls_mgmt_req->chk_frame.responder;
 	tdls_mgmt_req->tdls_mgmt.status_code =
-			tdls_mgmt_req->chk_frame->status_code;
+			tdls_mgmt_req->chk_frame.status_code;
 
 	cmd.cmd_type = WLAN_SER_CMD_TDLS_SEND_MGMT;
 	/* Cmd Id not applicable for non scan cmds */

tdls/dispatcher/inc/wlan_tdls_public_structs.h

@@ -975,24 +975,20 @@ struct tdls_send_mgmt {
 
 /**
  * struct tdls_validate_action_req - tdls validate mgmt request
- * @vdev: vdev object
  * @action_code: action code
  * @peer_mac: peer mac address
  * @dialog_token: dialog code
  * @status_code: status code to add
  * @len: len of the frame
  * @responder: whether to respond or not
- * @max_sta_failed: mgmt failure reason
  */
 struct tdls_validate_action_req {
-	struct wlan_objmgr_vdev *vdev;
 	uint8_t action_code;
 	uint8_t peer_mac[QDF_MAC_ADDR_SIZE];
 	uint8_t dialog_token;
 	uint8_t status_code;
 	size_t len;
 	int responder;
-	int max_sta_failed;
 };
 
 /**
@@ -1010,7 +1006,7 @@ struct tdls_get_all_peers {
 /**
  * struct tdls_send_action_frame_request - tdls send mgmt request
  * @vdev: vdev object
- * @chk_frame: frame validation structure
+ * @chk_frame: This struct used to validate mgmt frame
  * @session_id: session id
  * @vdev_id: vdev id
  * @cmd_buf: cmd buffer
@@ -1020,7 +1016,7 @@ struct tdls_get_all_peers {
  */
 struct tdls_action_frame_request {
 	struct wlan_objmgr_vdev *vdev;
-	struct tdls_validate_action_req *chk_frame;
+	struct tdls_validate_action_req chk_frame;
 	uint8_t session_id;
 	uint8_t vdev_id;
 	const uint8_t *cmd_buf;