qcacmn: Add check for per-session detector map validity

The per-session detector map is keyed by detector ID
from the Spectral FFT report and is only valid for one
session, ie. start scan to stop scan.

There is a possibility of receiving FFT report with
an invalid detector ID, for a particular session.
Due to this, invalid detector map information may get
accessed.

Verify that detector ID received in Spectral report is
valid for given spectral scan mode and channel width,
by checking the detector list.
Add a validity flag to the per_session_det_map, and check
whether detector map is valid for the detector ID used to
access it.

CRs-Fixed: 2998410
Change-Id: I1f38ae22b458bb1fea62b99422ec60095071b3c6

target_if/spectral/target_if_spectral.c

@@ -4914,6 +4914,7 @@ target_if_spectral_populate_session_detector_info(
 			}
 			is_sec80 = !is_sec80;
 		}
+		det_map->det_map_valid = true;
 	}
 	return QDF_STATUS_SUCCESS;
 }
@@ -5161,6 +5162,7 @@ target_if_stop_spectral_scan(struct wlan_objmgr_pdev *pdev,
 {
 	struct target_if_spectral_ops *p_sops;
 	struct target_if_spectral *spectral;
+	uint8_t det;
 
 	if (!pdev) {
 		spectral_err("pdev object is NULL");
@@ -5206,6 +5208,9 @@ target_if_stop_spectral_scan(struct wlan_objmgr_pdev *pdev,
 	spectral->send_single_packet = 0;
 	spectral->sc_spectral_scan = 0;
 
+	for (det = 0; det < MAX_DETECTORS_PER_PDEV; det++)
+		spectral->det_map[det].det_map_valid = false;
+
 	qdf_spin_unlock(&spectral->spectral_lock);
 
 	return QDF_STATUS_SUCCESS;

target_if/spectral/target_if_spectral.h

@@ -1029,6 +1029,7 @@ struct per_session_dest_det_info {
  * of this detector is to be filled
  * @spectral_msg_buf_type: Spectral message buffer type
  * @send_to_upper_layers: Indicates whether to send SAMP msg to upper layers
+ * @det_map_valid: Indicates whether detector map is valid or not
  */
 struct per_session_det_map {
 	struct per_session_dest_det_info
@@ -1036,6 +1037,7 @@ struct per_session_det_map {
 	uint8_t num_dest_det_info;
 	enum spectral_msg_buf_type buf_type;
 	bool send_to_upper_layers;
+	bool det_map_valid;
 };
 
 /**

target_if/spectral/target_if_spectral_netlink.c

@@ -51,11 +51,10 @@ target_if_spectral_fill_samp_msg(struct target_if_spectral *spectral,
 		return QDF_STATUS_E_NULL_VALUE;
 	}
 
-	if (params->hw_detector_id > SPECTRAL_DETECTOR_ID_MAX) {
+	if (params->hw_detector_id >= SPECTRAL_DETECTOR_ID_MAX) {
 		spectral_err_rl("Invalid detector ID");
 		return QDF_STATUS_E_FAILURE;
 	}
-	det_map = &spectral->det_map[params->hw_detector_id];
 
 	spectral_mode =
 		spectral->rparams.detid_mode_table[params->hw_detector_id];
@@ -72,6 +71,14 @@ target_if_spectral_fill_samp_msg(struct target_if_spectral *spectral,
 		return QDF_STATUS_E_FAILURE;
 	}
 
+	if (!spectral->det_map[params->hw_detector_id].det_map_valid) {
+		spectral_info("Detector Map not valid for det id = %d",
+			      params->hw_detector_id);
+		return QDF_STATUS_E_FAILURE;
+	}
+
+	det_map = &spectral->det_map[params->hw_detector_id];
+
 	spec_samp_msg = spectral->nl_cb.get_sbuff(spectral->pdev_obj,
 						  msg_type,
 						  det_map->buf_type);

target_if/spectral/target_if_spectral_phyerr.c

@@ -3319,6 +3319,8 @@ target_if_consume_spectral_report_gen3(
 	QDF_STATUS ret;
 	enum spectral_scan_mode spectral_mode = SPECTRAL_SCAN_MODE_INVALID;
 	bool finite_scan = false;
+	int det = 0;
+	struct sscan_detector_list *det_list;
 
 	if (!spectral) {
 		spectral_err_rl("Spectral LMAC object is null");
@@ -3393,6 +3395,18 @@ target_if_consume_spectral_report_gen3(
 		goto fail;
 	}
 
+	det_list = &spectral->detector_list[spectral_mode]
+			[spectral->report_info[spectral_mode].sscan_bw];
+	for (det = 0; det < det_list->num_detectors; det++) {
+		if (p_sfft->fft_detector_id == det_list->detectors[det])
+			break;
+		if (det == det_list->num_detectors - 1) {
+			spectral_info("Incorrect det id %d for given scan mode and channel width",
+				      p_sfft->fft_detector_id);
+			goto fail_no_print;
+		}
+	}
+
 	ret = target_if_update_session_info_from_report_ctx(
 						spectral,
 						p_sfft->fft_bin_size,