qcacld-3.0: Clear PMK cache from driver

Currently PMK cache is not getting cleared inside driver,
which can lead to information disclosure.
To address this issue, clear PMK information from all the
possible places in the driver.

Change-Id: I83758920f414c5287292ebdbebdcc9bf7238103c
CRs-fixed: 2403441

core/hdd/src/wlan_hdd_cfg80211.c

@@ -4647,6 +4647,7 @@ static int __wlan_hdd_cfg80211_keymgmt_set_key(struct wiphy *wiphy,
 	qdf_mem_copy(local_pmk, data, data_len);
 	sme_roam_set_psk_pmk(mac_handle, hdd_adapter->vdev_id,
 			     local_pmk, data_len);
+	qdf_mem_zero(&local_pmk, SIR_ROAM_SCAN_PSK_SIZE);
 	return 0;
 }
 
@@ -19572,7 +19573,9 @@ static int __wlan_hdd_cfg80211_set_pmksa(struct wiphy *wiphy,
 	sme_set_del_pmkid_cache(mac_handle, adapter->vdev_id,
 				&pmk_cache, true);
 
+	qdf_mem_zero(&pmk_cache, sizeof(pmk_cache));
 	hdd_exit();
+
 	return QDF_IS_STATUS_SUCCESS(result) ? 0 : -EINVAL;
 }
 
@@ -19665,6 +19668,8 @@ static int __wlan_hdd_cfg80211_del_pmksa(struct wiphy *wiphy,
 
 	sme_set_del_pmkid_cache(mac_handle, adapter->vdev_id, &pmk_cache,
 				false);
+	qdf_mem_zero(&pmk_cache, sizeof(pmk_cache));
+
 	hdd_exit();
 	return status;
 }

core/hdd/src/wlan_hdd_main.c

@@ -5446,6 +5446,13 @@ QDF_STATUS hdd_stop_adapter(struct hdd_context *hdd_ctx,
 		wlan_hdd_cleanup_actionframe(adapter);
 		wlan_hdd_cleanup_remain_on_channel_ctx(adapter);
 		hdd_clear_fils_connection_info(adapter);
+
+		status = sme_roam_del_pmkid_from_cache(mac_handle,
+						       adapter->vdev_id,
+						       NULL, true);
+		if (QDF_IS_STATUS_ERROR(status))
+			hdd_err("Cannot flush PMKIDCache");
+
 		hdd_deregister_tx_flow_control(adapter);
 
 #ifdef WLAN_OPEN_SOURCE

core/sme/src/common/sme_api.c

@@ -13639,7 +13639,10 @@ send_flush_cmd:
 				   QDF_MODULE_ID_WMA,
 				   QDF_MODULE_ID_WMA, &msg)) {
 		sme_err("Not able to post message to WDA");
-		qdf_mem_free(pmk_cache);
+		if (pmk_cache) {
+			qdf_mem_zero(pmk_cache, sizeof(*pmk_cache));
+			qdf_mem_free(pmk_cache);
+		}
 		return QDF_STATUS_E_FAILURE;
 	}
 

core/sme/src/csr/csr_api_roam.c

@@ -14188,6 +14188,18 @@ csr_roam_set_pmkid_cache(struct mac_context *mac, uint32_t sessionId,
 	return QDF_STATUS_SUCCESS;
 }
 
+#ifdef WLAN_FEATURE_ROAM_OFFLOAD
+static void csr_mem_zero_psk_pmk(struct csr_roam_session *session)
+{
+	qdf_mem_zero(session->psk_pmk, sizeof(session->psk_pmk));
+	session->pmk_len = 0;
+}
+#else
+static void csr_mem_zero_psk_pmk(struct csr_roam_session *session)
+{
+}
+#endif
+
 QDF_STATUS csr_roam_del_pmkid_from_cache(struct mac_context *mac,
 					 uint32_t sessionId,
 					 tPmkidCacheInfo *pmksa,
@@ -14217,6 +14229,7 @@ QDF_STATUS csr_roam_del_pmkid_from_cache(struct mac_context *mac,
 			     sizeof(tPmkidCacheInfo) * CSR_MAX_PMKID_ALLOWED);
 		pSession->NumPmkidCache = 0;
 		pSession->curr_cache_idx = 0;
+		csr_mem_zero_psk_pmk(pSession);
 		return QDF_STATUS_SUCCESS;
 	}
 

core/sme/src/csr/csr_util.c

@@ -4017,6 +4017,8 @@ uint8_t csr_construct_rsn_ie(struct mac_context *mac, uint32_t sessionId,
 		}
 		session->rsn_caps = RSNCapabilities;
 
+		qdf_mem_zero(&pmkid_cache, sizeof(pmkid_cache));
+
 #ifdef WLAN_FEATURE_11W
 		/* Advertise BIP in group cipher key management only if PMF is
 		 * enabled and AP is capable.

core/wma/src/wma_main.c

@@ -8892,7 +8892,11 @@ static QDF_STATUS wma_mc_process_msg(struct scheduler_msg *msg)
 		break;
 	case SIR_HAL_SET_DEL_PMKID_CACHE:
 		wma_set_del_pmkid_cache(wma_handle, msg->bodyptr);
-		qdf_mem_free(msg->bodyptr);
+		if (msg->bodyptr) {
+			qdf_mem_zero(msg->bodyptr,
+				     sizeof(struct wmi_unified_pmk_cache));
+			qdf_mem_free(msg->bodyptr);
+		}
 		break;
 	case SIR_HAL_HLP_IE_INFO:
 		wma_roam_scan_send_hlp(wma_handle,