qcacld-3.0: Don't use vdev_mlme object in the vdev delete response

As part of the new changes, vdev mlme object will be freed before
the vdev delete response is received from the firmware. Hence do
not use the vdev_mlme object in the vdev delete response handler.

Change-Id: Idec5775f6c7ac767baedd173a7bde0d3a358d0fe
CRs-Fixed: 2563381

components/mlme/core/src/wlan_mlme_vdev_mgr_interface.c

@@ -1081,12 +1081,11 @@ static QDF_STATUS mon_mlme_vdev_down_send(struct vdev_mlme_obj *vdev_mlme,
  * Return: QDF_STATUS
  */
 static QDF_STATUS
-vdevmgr_vdev_delete_rsp_handle(struct vdev_mlme_obj *vdev_mlme,
+vdevmgr_vdev_delete_rsp_handle(struct wlan_objmgr_psoc *psoc,
 			       struct vdev_delete_response *rsp)
 {
-	mlme_legacy_debug("vdev id = %d ",
-			  vdev_mlme->vdev->vdev_objmgr.vdev_id);
-	return wma_vdev_detach_callback(vdev_mlme, rsp);
+	mlme_legacy_debug("vdev id = %d ", rsp->vdev_id);
+	return wma_vdev_detach_callback(rsp);
 }
 
 /**
@@ -1319,7 +1318,6 @@ static struct vdev_mlme_ops sta_mlme_ops = {
 	.mlme_vdev_stop_continue = vdevmgr_mlme_stop_continue,
 	.mlme_vdev_down_send = vdevmgr_mlme_vdev_down_send,
 	.mlme_vdev_notify_down_complete = vdevmgr_notify_down_complete,
-	.mlme_vdev_ext_delete_rsp = vdevmgr_vdev_delete_rsp_handle,
 	.mlme_vdev_ext_stop_rsp = vdevmgr_vdev_stop_rsp_handle,
 	.mlme_vdev_ext_start_rsp = vdevmgr_vdev_start_rsp_handle,
 };
@@ -1370,7 +1368,6 @@ static struct vdev_mlme_ops ap_mlme_ops = {
 	.mlme_vdev_down_send = vdevmgr_mlme_vdev_down_send,
 	.mlme_vdev_notify_down_complete = vdevmgr_notify_down_complete,
 	.mlme_vdev_is_newchan_no_cac = ap_mlme_vdev_is_newchan_no_cac,
-	.mlme_vdev_ext_delete_rsp = vdevmgr_vdev_delete_rsp_handle,
 	.mlme_vdev_ext_stop_rsp = vdevmgr_vdev_stop_rsp_handle,
 	.mlme_vdev_ext_start_rsp = vdevmgr_vdev_start_rsp_handle,
 };
@@ -1383,7 +1380,6 @@ static struct vdev_mlme_ops mon_mlme_ops = {
 	.mlme_vdev_disconnect_peers = mon_mlme_vdev_disconnect_peers,
 	.mlme_vdev_stop_send = mon_mlme_vdev_stop_send,
 	.mlme_vdev_down_send = mon_mlme_vdev_down_send,
-	.mlme_vdev_ext_delete_rsp = vdevmgr_vdev_delete_rsp_handle,
 	.mlme_vdev_ext_start_rsp = vdevmgr_vdev_start_rsp_handle,
 };
 
@@ -1393,4 +1389,5 @@ static struct mlme_ext_ops ext_ops = {
 	.mlme_vdev_ext_hdl_create = vdevmgr_mlme_ext_hdl_create,
 	.mlme_vdev_ext_hdl_destroy = vdevmgr_mlme_ext_hdl_destroy,
 	.mlme_vdev_ext_hdl_post_create = vdevmgr_mlme_ext_post_hdl_create,
+	.mlme_vdev_ext_delete_rsp = vdevmgr_vdev_delete_rsp_handle,
 };

core/wma/inc/wma_api.h

@@ -679,7 +679,6 @@ QDF_STATUS wma_mon_mlme_vdev_down_send(struct vdev_mlme_obj *vdev_mlme,
 
 /**
  * wma_vdev_detach_callback() - VDEV delete response handler
- * @vdev_mlme_obj:  VDEV MLME comp object
  * @rsp: pointer to vdev delete response
  *
  * This API proccesses vdev delete response and gives to upper layers
@@ -687,9 +686,7 @@ QDF_STATUS wma_mon_mlme_vdev_down_send(struct vdev_mlme_obj *vdev_mlme,
  * Return: SUCCESS on successful completion of VDEV delete operation
  *         FAILURE, if it fails due to any
  */
-QDF_STATUS wma_vdev_detach_callback(
-				struct vdev_mlme_obj *vdev_mlme,
-				struct vdev_delete_response *rsp);
+QDF_STATUS wma_vdev_detach_callback(struct vdev_delete_response *rsp);
 
 /**
  * wma_vdev_stop_resp_handler() - vdev stop response handler

core/wma/src/wma_dev_if.c

@@ -439,9 +439,7 @@ static inline void wma_send_vdev_del_resp(struct del_vdev_params *param)
 		qdf_mem_free(param);
 }
 
-QDF_STATUS wma_vdev_detach_callback(
-				struct vdev_mlme_obj *vdev_mlme,
-				struct vdev_delete_response *rsp)
+QDF_STATUS wma_vdev_detach_callback(struct vdev_delete_response *rsp)
 {
 	tp_wma_handle wma;
 	struct wma_txrx_node *iface = NULL;
@@ -454,7 +452,15 @@ QDF_STATUS wma_vdev_detach_callback(
 		return QDF_STATUS_E_FAILURE;
 	}
 
-	iface = &wma->interfaces[vdev_mlme->vdev->vdev_objmgr.vdev_id];
+	/* Sanitize the vdev id*/
+	if (rsp->vdev_id > wma->max_bssid) {
+		wma_err("vdev delete response with invalid vdev_id :%d",
+			rsp->vdev_id);
+		QDF_BUG(0);
+		return QDF_STATUS_E_FAILURE;
+	}
+
+	iface = &wma->interfaces[rsp->vdev_id];
 
 	if (!iface->del_staself_req) {
 		wma_err(" iface handle is NULL for VDEV_%d", rsp->vdev_id);