qcacmn: Add vdev id sanity check in extract_gtk_rsp_event_tlv

While handling WMI_GTK_OFFLOAD_STATUS_EVENTID, QDF_BUG()
can occur in pmo_tgt_gtk_rsp_evt->pmo_psoc_get_vdev if
vdev_id is out of range. As the value is directly from
WLAN FW and can be outside the trust boundary.

Add sanity check for vdev id once get parameter from
wlan fw.

Change-Id: I335df52fece39c1a51a556ba4678bd43f470673a
CRs-Fixed: 2321523

wmi/inc/wmi_unified_priv.h

@@ -138,6 +138,12 @@ struct wmi_ext_dbg_msg {
 #define wmi_nofl_debug(params...) \
 	QDF_TRACE_DEBUG_NO_FL(QDF_MODULE_ID_WMI, ## params)
 
+#define wmi_alert_rl(params...) QDF_TRACE_FATAL_RL(QDF_MODULE_ID_WMI, params)
+#define wmi_err_rl(params...) QDF_TRACE_ERROR_RL(QDF_MODULE_ID_WMI, params)
+#define wmi_warn_rl(params...) QDF_TRACE_WARN_RL(QDF_MODULE_ID_WMI, params)
+#define wmi_info_rl(params...) QDF_TRACE_INFO_RL(QDF_MODULE_ID_WMI, params)
+#define wmi_debug_rl(params...) QDF_TRACE_DEBUG_RL(QDF_MODULE_ID_WMI, params)
+
 /**
  * struct wmi_command_debug - WMI command log buffer data type
  * @ command - Store WMI Command id

wmi/src/wmi_unified_tlv.c

@@ -12540,6 +12540,12 @@ static QDF_STATUS extract_gtk_rsp_event_tlv(wmi_unified_t wmi_handle,
 
 	fixed_param = (WMI_GTK_OFFLOAD_STATUS_EVENT_fixed_param *)
 		param_buf->fixed_param;
+
+	if (fixed_param->vdev_id >= WLAN_UMAC_PSOC_MAX_VDEVS) {
+		wmi_err_rl("Invalid vdev_id %u", fixed_param->vdev_id);
+		return QDF_STATUS_E_INVAL;
+	}
+
 	gtk_rsp_param->vdev_id = fixed_param->vdev_id;
 	gtk_rsp_param->status_flag = QDF_STATUS_SUCCESS;
 	gtk_rsp_param->refresh_cnt = fixed_param->refresh_cnt;