qcacld-3.0: Add check to validate CAC timer

The current host driver maintains a singular global mac session
for the timer. In situations where the SAP timer runs in one context
and P2P operates in another, the P2P GO context might unintentionally
halt the timer in global mac context for SAP.

Scenario:-
Initially host driver created SAP at index zero, After that it created
another P2P GO at index one before calling start bss api host driver
was trying to stop the interface and dfs timer offload was running for
SAP at index zero, As host driver never initialized cac offload for
P2P GO and dfc timer is running on global mac ctx and it was trying to
destroy the timer during hostapd deinit without even calling timer init.

This is due to absence of checks to validate whether P2P initiated
the timer.

This modification ensures that the timer initiates only when not running
in any session and halts only when the mac ctx and SAP context share the
same vdev id.

Change-Id: I77e14f660b946e8d1a815030f11ad36c14fc8bc4
CRs-Fixed: 3615156

core/sap/inc/sap_api.h

@@ -661,6 +661,7 @@ typedef struct sSapDfsInfo {
 	uint8_t sap_ch_switch_beacon_cnt;
 	uint8_t sap_ch_switch_mode;
 	uint16_t reduced_beacon_interval;
+	uint8_t vdev_id;
 } tSapDfsInfo;
 
 /* MAX number of CAC channels to be recorded */

core/sap/src/sap_api_link_cntl.c

@@ -741,6 +741,7 @@ wlansap_roam_process_dfs_radar_found(struct mac_context *mac_ctx,
 			sap_err("sapdfs: sap_radar_found_status is false");
 			return;
 		}
+
 		sap_debug("sapdfs:Posting event eSAP_DFS_CHANNEL_CAC_RADAR_FOUND");
 		/*
 		 * If Radar is found, while in DFS CAC WAIT State then post stop
@@ -754,6 +755,7 @@ wlansap_roam_process_dfs_radar_found(struct mac_context *mac_ctx,
 					sap.SapDfsInfo.sap_dfs_cac_timer);
 		}
 		mac_ctx->sap.SapDfsInfo.is_dfs_cac_timer_running = false;
+		mac_ctx->sap.SapDfsInfo.vdev_id = WLAN_INVALID_VDEV_ID;
 
 		/*
 		 * User space is already indicated the CAC start and if
@@ -1038,8 +1040,9 @@ static void wlan_sap_pre_cac_radar_ind(struct sap_context *sap_ctx,
 		qdf_mc_timer_stop(dfs_timer);
 		qdf_mc_timer_destroy(dfs_timer);
 	}
-
 	mac_ctx->sap.SapDfsInfo.is_dfs_cac_timer_running = false;
+	mac_ctx->sap.SapDfsInfo.vdev_id = WLAN_INVALID_VDEV_ID;
+
 	wlan_pre_cac_handle_radar_ind(sap_ctx->vdev);
 }
 #else

core/sap/src/sap_fsm.c

@@ -4709,6 +4709,12 @@ void sap_dfs_cac_timer_callback(void *data)
 		return;
 	}
 
+	if (mac->sap.SapDfsInfo.vdev_id != sap_ctx->vdev_id) {
+		sap_err("vdev mismatch sap_ctx->vdev_id %d mac->sap.SapDfsInfo.vdev_id %d",
+			sap_ctx->vdev_id, mac->sap.SapDfsInfo.vdev_id);
+		return;
+	}
+
 	/*
 	 * SAP may not be in CAC wait state, when the timer runs out.
 	 * if following flag is set, then timer is in initialized state,
@@ -4719,6 +4725,7 @@ void sap_dfs_cac_timer_callback(void *data)
 			qdf_mc_timer_destroy(
 				&mac->sap.SapDfsInfo.sap_dfs_cac_timer);
 		mac->sap.SapDfsInfo.is_dfs_cac_timer_running = false;
+		mac->sap.SapDfsInfo.vdev_id = WLAN_INVALID_VDEV_ID;
 	}
 
 	/*
@@ -4751,8 +4758,15 @@ static int sap_stop_dfs_cac_timer(struct sap_context *sap_ctx)
 		return 0;
 	}
 
+	if (mac->sap.SapDfsInfo.vdev_id != sap_ctx->vdev_id) {
+		sap_err("Invalid vdev Id sap_ctx_vdev_id %d mac_ctx vdev id %d",
+			sap_ctx->vdev_id, mac->sap.SapDfsInfo.vdev_id);
+		return 0;
+	}
+
 	if (sap_ctx->dfs_cac_offload) {
 		mac->sap.SapDfsInfo.is_dfs_cac_timer_running = 0;
+		mac->sap.SapDfsInfo.vdev_id = WLAN_INVALID_VDEV_ID;
 		return 0;
 	}
 
@@ -4764,6 +4778,7 @@ static int sap_stop_dfs_cac_timer(struct sap_context *sap_ctx)
 
 	qdf_mc_timer_stop(&mac->sap.SapDfsInfo.sap_dfs_cac_timer);
 	mac->sap.SapDfsInfo.is_dfs_cac_timer_running = 0;
+	mac->sap.SapDfsInfo.vdev_id = WLAN_INVALID_VDEV_ID;
 	qdf_mc_timer_destroy(&mac->sap.SapDfsInfo.sap_dfs_cac_timer);
 
 	return 0;
@@ -4790,10 +4805,16 @@ static int sap_start_dfs_cac_timer(struct sap_context *sap_ctx)
 		sap_err("Invalid MAC context");
 		return 0;
 	}
+	/* start time only when is_dfs_cac_timer_running is not running */
+	if (mac->sap.SapDfsInfo.is_dfs_cac_timer_running) {
+		sap_err("Invalid state is_dfs_cac_timer_running");
+		return 0;
+	}
 
 	if (sap_ctx->dfs_cac_offload) {
 		sap_debug("cac timer offloaded to firmware");
 		mac->sap.SapDfsInfo.is_dfs_cac_timer_running = true;
+		mac->sap.SapDfsInfo.vdev_id = sap_ctx->vdev_id;
 		return 1;
 	}
 
@@ -4821,11 +4842,13 @@ static int sap_start_dfs_cac_timer(struct sap_context *sap_ctx)
 	}
 
 	mac->sap.SapDfsInfo.is_dfs_cac_timer_running = true;
+	mac->sap.SapDfsInfo.vdev_id = sap_ctx->vdev_id;
 
 	return 0;
 
 destroy_timer:
 	mac->sap.SapDfsInfo.is_dfs_cac_timer_running = false;
+	mac->sap.SapDfsInfo.vdev_id = WLAN_INVALID_VDEV_ID;
 	qdf_mc_timer_destroy(&mac->sap.SapDfsInfo.sap_dfs_cac_timer);
 
 	return 1;

core/sap/src/sap_module.c

@@ -3012,15 +3012,24 @@ void wlansap_cleanup_cac_timer(struct sap_context *sap_ctx)
 		return;
 	}
 
+	if (mac->sap.SapDfsInfo.vdev_id != sap_ctx->vdev_id) {
+		sap_err("sapdfs, force cleanup vdev mismatch sap vdev id %d mac_ctx vdev id %d",
+			sap_ctx->vdev_id, mac->sap.SapDfsInfo.vdev_id);
+		return;
+	}
+
 	if (mac->sap.SapDfsInfo.is_dfs_cac_timer_running) {
 		mac->sap.SapDfsInfo.is_dfs_cac_timer_running = 0;
+		mac->sap.SapDfsInfo.vdev_id = WLAN_INVALID_VDEV_ID;
+
 		if (!sap_ctx->dfs_cac_offload) {
 			qdf_mc_timer_stop(
 				&mac->sap.SapDfsInfo.sap_dfs_cac_timer);
 			qdf_mc_timer_destroy(
 				&mac->sap.SapDfsInfo.sap_dfs_cac_timer);
+			sap_debug("sapdfs, force cleanup running dfs cac timer vdev id %d",
+				  sap_ctx->vdev_id);
 		}
-		sap_err("sapdfs, force cleanup running dfs cac timer");
 	}
 }