qcacld-3.0: Do not register SAP as requestor again after reinit

During SSR the sap context is reinitialized and it request for
scan request id again deleting the older request id from scan module
this can lead to situation where the scan requestor list is filled by
SAP request id's and thus next request for request id will return 0.

Now during de init when it try to delete the requestor id 0 it delete
the 0th entry which is for CFG. Now if again SAP register the request
id it will get the 0th index which was freed and thus when CFG
requests a scan the sap callback is called instead of CFG leading to
NULL pointer access.

Fix this by not registering for request id again after SSR for SAP.

Change-Id: Ibc8ad0700b602a9c3d2769d979303499df8d6605
CRs-Fixed: 2341133

core/hdd/src/wlan_hdd_hostapd.c

@@ -198,6 +198,7 @@ int hdd_sap_context_init(struct hdd_context *hdd_ctx)
 /**
  * hdd_hostapd_init_sap_session() - To init the sap session completely
  * @adapter: SAP/GO adapter
+ * @reinit: if called as part of reinit
  *
  * This API will do
  * 1) sap_init_ctx()
@@ -205,7 +206,7 @@ int hdd_sap_context_init(struct hdd_context *hdd_ctx)
  * Return: 0 if success else non-zero value.
  */
 static struct sap_context *
-hdd_hostapd_init_sap_session(struct hdd_adapter *adapter)
+hdd_hostapd_init_sap_session(struct hdd_adapter *adapter, bool reinit)
 {
 	struct sap_context *sap_ctx;
 	QDF_STATUS status;
@@ -223,7 +224,7 @@ hdd_hostapd_init_sap_session(struct hdd_adapter *adapter)
 	}
 	status = sap_init_ctx(sap_ctx, adapter->device_mode,
 			       adapter->mac_addr.bytes,
-			       adapter->session_id);
+			       adapter->session_id, reinit);
 	if (QDF_IS_STATUS_ERROR(status)) {
 		hdd_err("wlansap_start failed!! status: %d", status);
 		adapter->session.ap.sap_context = NULL;
@@ -3034,7 +3035,7 @@ QDF_STATUS hdd_init_ap_mode(struct hdd_adapter *adapter, bool reinit)
 	hdd_info("SSR in progress: %d", reinit);
 	qdf_atomic_init(&adapter->session.ap.acs_in_progress);
 
-	sapContext = hdd_hostapd_init_sap_session(adapter);
+	sapContext = hdd_hostapd_init_sap_session(adapter, reinit);
 	if (!sapContext) {
 		hdd_err("Invalid sap_ctx");
 		goto error_release_vdev;

core/sap/inc/sap_api.h

@@ -831,6 +831,7 @@ QDF_STATUS sap_destroy_ctx(struct sap_context *sap_ctx);
  * @mode: Device mode
  * @addr: MAC address of the SAP
  * @session_id: Pointer to the session id
+ * @reinit: if called as part of reinit
  *
  * sap_create_ctx() allocates the sap context which is uninitialized.
  * This API needs to be called to properly initialize the sap context
@@ -842,7 +843,7 @@ QDF_STATUS sap_destroy_ctx(struct sap_context *sap_ctx);
  */
 QDF_STATUS sap_init_ctx(struct sap_context *sap_ctx,
 			 enum QDF_OPMODE mode,
-			 uint8_t *addr, uint32_t session_id);
+			 uint8_t *addr, uint32_t session_id, bool reinit);
 
 /**
  * sap_deinit_ctx() - De-initialize the sap context

core/sap/src/sap_module.c

@@ -275,7 +275,7 @@ struct sap_context *sap_create_ctx(void)
 
 QDF_STATUS sap_init_ctx(struct sap_context *sap_ctx,
 			 enum QDF_OPMODE mode,
-			 uint8_t *addr, uint32_t session_id)
+			 uint8_t *addr, uint32_t session_id, bool reinit)
 {
 	QDF_STATUS qdf_ret_status;
 	tHalHandle hal;
@@ -328,8 +328,10 @@ QDF_STATUS sap_init_ctx(struct sap_context *sap_ctx,
 			__func__, qdf_ret_status);
 		return QDF_STATUS_E_FAILURE;
 	}
-	/* Register with scan component */
-	sap_ctx->req_id = ucfg_scan_register_requester(pmac->psoc, "SAP",
+	/* Register with scan component only during init */
+	if (!reinit)
+		sap_ctx->req_id =
+			ucfg_scan_register_requester(pmac->psoc, "SAP",
 					sap_scan_event_callback, sap_ctx);
 
 	return QDF_STATUS_SUCCESS;