qcacld-3.0: Validate adapter's magic number in timer handlers

qcacld-2.0 to qcacld-3.0 propagation

Before accessing adapter context, validate adapter's magic number
along with NULL check to confirm that instance of adapter context
is valid.

Change-Id: If0365c765ad87be53b7e78d8744f0dcfe1a310ab
CRs-Fixed: 803527

core/hdd/src/wlan_hdd_hostapd.c

@@ -503,6 +503,10 @@ void hdd_hostapd_inactivity_timer_cb(void *usrDataForCallback)
 		   was down only then we bring down AP
 		 */
 		pHostapdAdapter = netdev_priv(dev);
+		if (WLAN_HDD_ADAPTER_MAGIC != pHostapdAdapter->magic) {
+			hdd_err("invalid adapter: %p", pHostapdAdapter);
+			return;
+		}
 		pHddApCtx = WLAN_HDD_GET_AP_CTX_PTR(pHostapdAdapter);
 		qdf_status =
 			qdf_mc_timer_start(&pHddApCtx->hdd_ap_inactivity_timer,

core/hdd/src/wlan_hdd_p2p.c

@@ -496,8 +496,9 @@ void wlan_hdd_remain_on_chan_timeout(void *data)
 	hdd_remain_on_chan_ctx_t *pRemainChanCtx;
 	hdd_cfg80211_state_t *cfgState;
 
-	if (NULL == pAdapter) {
-		hddLog(LOGE, "%s: pAdapter is NULL !!!", __func__);
+	if ((NULL == pAdapter) ||
+	    (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic)) {
+		hdd_err("pAdapter is invalid %p !!!", pAdapter);
 		return;
 	}
 

core/hdd/src/wlan_hdd_tdls.c

@@ -345,8 +345,17 @@ static uint32_t wlan_hdd_tdls_discovery_sent_cnt(hdd_context_t *pHddCtx)
  */
 static void wlan_hdd_tdls_check_power_save_prohibited(hdd_adapter_t *pAdapter)
 {
-	tdlsCtx_t *pHddTdlsCtx = WLAN_HDD_GET_TDLS_CTX_PTR(pAdapter);
-	hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
+	tdlsCtx_t *pHddTdlsCtx;
+	hdd_context_t *pHddCtx;
+
+	if ((NULL == pAdapter) ||
+	    (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic)) {
+		hdd_err("invalid pAdapter: %p", pAdapter);
+		return;
+	}
+
+	pHddTdlsCtx = WLAN_HDD_GET_TDLS_CTX_PTR(pAdapter);
+	pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
 
 	if ((NULL == pHddTdlsCtx) || (NULL == pHddCtx)) {
 		QDF_TRACE(QDF_MODULE_ID_HDD, QDF_TRACE_LEVEL_ERROR,
@@ -2221,7 +2230,14 @@ static int32_t wlan_hdd_tdls_peer_reset_discovery_processed(tdlsCtx_t *
  */
 uint16_t wlan_hdd_tdls_connected_peers(hdd_adapter_t *pAdapter)
 {
-	hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
+	hdd_context_t *pHddCtx;
+
+	if ((NULL == pAdapter) ||
+	    (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic)) {
+		hdd_err("invalid pAdapter: %p", pAdapter);
+		return 0;
+	}
+	pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
 
 	if (wlan_hdd_validate_context(pHddCtx))
 		return 0;
@@ -3022,9 +3038,11 @@ void wlan_hdd_tdls_timer_restart(hdd_adapter_t *pAdapter,
 void wlan_hdd_tdls_indicate_teardown(hdd_adapter_t *pAdapter,
 				     hddTdlsPeer_t *curr_peer, uint16_t reason)
 {
-	if (NULL == pAdapter || NULL == curr_peer) {
-		QDF_TRACE(QDF_MODULE_ID_HDD, QDF_TRACE_LEVEL_ERROR,
-			  FL("parameters passed are invalid"));
+	if ((NULL == pAdapter || WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic) ||
+	    (NULL == curr_peer)) {
+		hdd_err("parameters passed are invalid");
+		if (!curr_peer)
+			hdd_err("curr_peer is NULL");
 		return;
 	}
 

core/hdd/src/wlan_hdd_wmm.c

@@ -348,6 +348,12 @@ static void hdd_wmm_inactivity_timer_cb(void *user_data)
 	sme_ac_enum_type acType = pQosContext->acType;
 
 	pAdapter = pQosContext->pAdapter;
+	if ((NULL == pAdapter) ||
+	    (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic)) {
+		hdd_err("invalid pAdapter: %p", pAdapter);
+		return;
+	}
+
 	pAc = &pAdapter->hddWmmStatus.wmmAcStatus[acType];
 
 	/* Get the Tx stats for this AC. */