From 3c1e1b799d38f8a1990cd1078bc6dca0b3ae566d Mon Sep 17 00:00:00 2001 From: Surya Prakash Sivaraj Date: Fri, 8 Jul 2022 19:02:52 +0530 Subject: [PATCH] qcacld-3.0: Do not allow 6 GHz SAP in non-WPA3 Reject the SAP if the frequency is 6 GHz and the security is non-WPA3 AKM suite. Also, use the ini "check_6ghz_security" to allow the 6 GHz SAP to be operational on an open security mode for test purposes. Change-Id: Ifc57656a556ef5b6829ed56bb1ec360b5b84379e CRs-Fixed: 3176629 --- core/hdd/src/wlan_hdd_hostapd.c | 17 ++++++++++++----- core/sap/src/sap_fsm.c | 3 +++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/core/hdd/src/wlan_hdd_hostapd.c b/core/hdd/src/wlan_hdd_hostapd.c index cc6b13df1d..ceba918994 100644 --- a/core/hdd/src/wlan_hdd_hostapd.c +++ b/core/hdd/src/wlan_hdd_hostapd.c @@ -3815,11 +3815,18 @@ uint32_t hdd_get_ap_6ghz_capable(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) return 0; } - if (!keymgmt || (keymgmt & (1 << WLAN_CRYPTO_KEY_MGMT_NONE | - 1 << WLAN_CRYPTO_KEY_MGMT_SAE | - 1 << WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B | - 1 << WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192 | - 1 << WLAN_CRYPTO_KEY_MGMT_OWE))) { + /* + * 6 GHz SAP is allowed in open mode only if the + * check_6ghz_security ini is disabled. + */ + if (!cfg_get(psoc, CFG_CHECK_6GHZ_SECURITY) && + (!keymgmt || (keymgmt & (1 << WLAN_CRYPTO_KEY_MGMT_NONE)))) + capable |= CONN_6GHZ_FLAG_SECURITY_ALLOWED; + + if ((keymgmt & (1 << WLAN_CRYPTO_KEY_MGMT_SAE | + 1 << WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B | + 1 << WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192 | + 1 << WLAN_CRYPTO_KEY_MGMT_OWE))) { capable |= CONN_6GHZ_FLAG_SECURITY_ALLOWED; } capable |= CONN_6GHZ_FLAG_VALID; diff --git a/core/sap/src/sap_fsm.c b/core/sap/src/sap_fsm.c index 79bbebd7a1..c85014647c 100644 --- a/core/sap/src/sap_fsm.c +++ b/core/sap/src/sap_fsm.c @@ -2971,6 +2971,9 @@ static QDF_STATUS sap_goto_starting(struct sap_context *sap_ctx, qdf_status = sap_validate_dfs_nol(sap_ctx, mac_ctx); if (!QDF_IS_STATUS_SUCCESS(qdf_status)) return qdf_status; + } else if (!policy_mgr_get_ap_6ghz_capable(mac_ctx->psoc, + sap_ctx->sessionId, NULL)) { + return QDF_STATUS_E_FAILURE; } /*