qcacld-3.0: Update pmk cache only for connected BSSID

In OKC enabled cases, when multiple pmk entries exist, the user
space sends set_pmksa command for BSSID other than the connected
bssid. In that case driver updates the global pmksa cache with
the new PMK received for the non-connected BSSID. This results
in invalid pmk sent to firmware.

To avoid this, update the pmk cache only for connected BSSID.

Change-Id: I006595ea5b913d439007a8fb9d767454a71eeac1
CRs-Fixed: 2937182

core/hdd/src/wlan_hdd_cfg80211.c

@@ -6277,10 +6277,12 @@ static int __wlan_hdd_cfg80211_keymgmt_set_key(struct wiphy *wiphy,
 					       struct wireless_dev *wdev,
 					       const void *data, int data_len)
 {
-	uint8_t local_pmk[ROAM_SCAN_PSK_SIZE];
 	struct net_device *dev = wdev->netdev;
 	struct hdd_adapter *hdd_adapter = WLAN_HDD_GET_PRIV_PTR(dev);
 	struct hdd_context *hdd_ctx;
+	struct hdd_station_ctx *sta_ctx =
+			WLAN_HDD_GET_STATION_CTX_PTR(hdd_adapter);
+	struct wlan_crypto_pmksa pmksa;
 	int status;
 	mac_handle_t mac_handle;
 
@@ -6308,11 +6310,15 @@ static int __wlan_hdd_cfg80211_keymgmt_set_key(struct wiphy *wiphy,
 		return status;
 
 	mac_handle = hdd_ctx->mac_handle;
-	qdf_mem_zero(&local_pmk, ROAM_SCAN_PSK_SIZE);
-	qdf_mem_copy(local_pmk, data, data_len);
-	sme_roam_set_psk_pmk(mac_handle, hdd_adapter->vdev_id,
-			     local_pmk, data_len, true);
-	qdf_mem_zero(&local_pmk, ROAM_SCAN_PSK_SIZE);
+	qdf_mem_zero(&pmksa, sizeof(pmksa));
+	pmksa.pmk_len = data_len;
+	qdf_mem_copy(pmksa.pmk, data, data_len);
+
+	qdf_mem_copy(&pmksa.bssid, &sta_ctx->conn_info.bssid,
+		     QDF_MAC_ADDR_SIZE);
+
+	sme_roam_set_psk_pmk(mac_handle, &pmksa, hdd_adapter->vdev_id, true);
+	qdf_mem_zero(&pmksa, sizeof(pmksa));
 	return 0;
 }
 
@@ -19740,8 +19746,7 @@ static QDF_STATUS wlan_hdd_set_pmksa_cache(struct hdd_adapter *adapter,
 	}
 
 	if (result == QDF_STATUS_SUCCESS && pmk_cache->pmk_len) {
-		sme_roam_set_psk_pmk(mac_handle, adapter->vdev_id,
-				     pmk_cache->pmk, pmk_cache->pmk_len,
+		sme_roam_set_psk_pmk(mac_handle, pmksa, adapter->vdev_id,
 				     false);
 		sme_set_pmk_cache_ft(mac_handle, adapter->vdev_id, pmk_cache);
 	}

core/sme/inc/sme_api.h

@@ -594,9 +594,18 @@ sme_get_roam_scan_ch(mac_handle_t mac_handle,
 void sme_get_pmk_info(mac_handle_t mac_handle, uint8_t session_id,
 		      struct wlan_crypto_pmksa *pmk_cache);
 
-QDF_STATUS sme_roam_set_psk_pmk(mac_handle_t mac_handle, uint8_t sessionId,
-				uint8_t *psk_pmk, size_t pmk_len,
-				bool update_to_fw);
+/**
+ * sme_roam_set_psk_pmk  - Set the PMK to vdev cache
+ * @mac_handle: Opaque Mac handle
+ * @pmksa:   Pointer to pmksa cache
+ * @vdev_id: Vdev id
+ * @update_to_fw: Send RSO update config command to firmware to update
+ *
+ * Return: QDF_STATUS
+ */
+QDF_STATUS sme_roam_set_psk_pmk(mac_handle_t mac_handle,
+				struct wlan_crypto_pmksa *pmksa,
+				uint8_t vdev_id, bool update_to_fw);
 
 /**
  * sme_set_pmk_cache_ft() - a wrapper function to request CSR to save MDID
@@ -630,9 +639,9 @@ sme_set_roam_scan_ch_event_cb(mac_handle_t mac_handle,
 }
 
 static inline
-QDF_STATUS sme_roam_set_psk_pmk(mac_handle_t mac_handle, uint8_t sessionId,
-				uint8_t *psk_pmk, size_t pmk_len,
-				bool update_to_fw)
+QDF_STATUS sme_roam_set_psk_pmk(mac_handle_t mac_handle,
+				struct wlan_crypto_pmksa *pmksa,
+				uint8_t vdev_id, bool update_to_fw)
 {
 	return QDF_STATUS_SUCCESS;
 }

core/sme/src/common/sme_api.c

@@ -3436,29 +3436,26 @@ void sme_get_pmk_info(mac_handle_t mac_handle, uint8_t session_id,
  * sme_roam_set_psk_pmk() - a wrapper function to request CSR to save PSK/PMK
  * This is a synchronous call.
  * @mac_handle:  Global structure
- * @sessionId:   SME sessionId
- * @pPSK_PMK:    pointer to an array of Psk[]/Pmk
- * @pmk_len:     Length could be only 16 bytes in case if LEAP
- *               connections. Need to pass this information to
- *               firmware.
+ * @vdev_id:  vdev id
+ * @pmksa : PMK entry
  * @update_to_fw: True - send RSO update to firmware after updating
  *                       session->psk_pmk.
  *                False - Copy the pmk to session->psk_pmk and return
  *
- * Return: QDF_STATUS -status whether PSK/PMK is set or not
+ * Return: QDF_STATUS - status whether PSK/PMK is set or not
  */
-QDF_STATUS sme_roam_set_psk_pmk(mac_handle_t mac_handle, uint8_t sessionId,
-				uint8_t *psk_pmk, size_t pmk_len,
-				bool update_to_fw)
+QDF_STATUS sme_roam_set_psk_pmk(mac_handle_t mac_handle,
+				struct wlan_crypto_pmksa *pmksa,
+				uint8_t vdev_id, bool update_to_fw)
 {
 	QDF_STATUS status = QDF_STATUS_E_FAILURE;
 	struct mac_context *mac = MAC_CONTEXT(mac_handle);
 
 	status = sme_acquire_global_lock(&mac->sme);
 	if (QDF_IS_STATUS_SUCCESS(status)) {
-		if (CSR_IS_SESSION_VALID(mac, sessionId))
-			status = csr_roam_set_psk_pmk(mac, sessionId, psk_pmk,
-						      pmk_len, update_to_fw);
+		if (CSR_IS_SESSION_VALID(mac, vdev_id))
+			status = csr_roam_set_psk_pmk(mac, pmksa, vdev_id,
+						      update_to_fw);
 		else
 			status = QDF_STATUS_E_INVAL;
 		sme_release_global_lock(&mac->sme);

core/sme/src/csr/csr_api_roam.c

@@ -5661,11 +5661,42 @@ void csr_get_pmk_info(struct mac_context *mac_ctx, uint8_t session_id,
 			    &pmk_cache->pmk_len);
 }
 
-QDF_STATUS csr_roam_set_psk_pmk(struct mac_context *mac, uint8_t vdev_id,
-				uint8_t *psk_pmk, size_t pmk_len,
-				bool update_to_fw)
+QDF_STATUS csr_roam_set_psk_pmk(struct mac_context *mac,
+				struct wlan_crypto_pmksa *pmksa,
+				uint8_t vdev_id, bool update_to_fw)
 {
-	wlan_cm_set_psk_pmk(mac->pdev, vdev_id, psk_pmk, pmk_len);
+	struct wlan_objmgr_vdev *vdev;
+	struct qdf_mac_addr connected_bssid = {0};
+
+	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(mac->psoc, vdev_id,
+						    WLAN_LEGACY_SME_ID);
+	if (!vdev) {
+		sme_err("vdev is NULL");
+		return QDF_STATUS_E_FAILURE;
+	}
+
+	wlan_mlme_get_bssid_vdev_id(mac->pdev, vdev_id, &connected_bssid);
+
+	/*
+	 * If the set_pmksa is received from the userspace in
+	 * connected state and if the connected BSSID is not
+	 * same as the PMKSA entry bssid, then reject this
+	 * global cache updation.
+	 *
+	 * Also for FILS connection, the set_pmksa will not have
+	 * the BSSID. So avoid this check for FILS connection.
+	 */
+	if (wlan_vdev_mlme_get_state(vdev) == WLAN_VDEV_S_UP &&
+	    !pmksa->ssid_len &&
+	    !qdf_is_macaddr_equal(&connected_bssid, &pmksa->bssid)) {
+		wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
+		sme_debug("Set pmksa received for non-connected bss");
+		return QDF_STATUS_E_INVAL;
+	}
+
+	wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
+
+	wlan_cm_set_psk_pmk(mac->pdev, vdev_id, pmksa->pmk, pmksa->pmk_len);
 	if (update_to_fw)
 		wlan_roam_update_cfg(mac->psoc, vdev_id,
 				     REASON_ROAM_PSK_PMK_CHANGED);
@@ -5692,7 +5723,9 @@ QDF_STATUS csr_set_pmk_cache_ft(struct mac_context *mac, uint32_t session_id,
 	}
 
 	akm = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_KEY_MGMT);
+
 	wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
+
 	if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_CCKM)) {
 		sme_debug("PMK update is not required for ESE");
 		return QDF_STATUS_SUCCESS;

core/sme/src/csr/csr_inside_api.h

@@ -384,18 +384,17 @@ void csr_get_pmk_info(struct mac_context *mac_ctx, uint8_t session_id,
 
 /*
  * csr_roam_set_psk_pmk() - store PSK/PMK in CSR session
- *
  * @mac  - pointer to global structure for MAC
+ * @pmksa: PMKSA entry
  * @vdev_id - vdev id
- * @psk_pmk - pointer to an array of PSK/PMK
  * @update_to_fw - Send RSO update config command to firmware to update
  * PMK
  *
  * Return QDF_STATUS - usually it succeed unless sessionId is not found
  */
-QDF_STATUS csr_roam_set_psk_pmk(struct mac_context *mac, uint8_t vdev_id,
-				uint8_t *psk_pmk, size_t pmk_len,
-				bool update_to_fw);
+QDF_STATUS csr_roam_set_psk_pmk(struct mac_context *mac,
+				struct wlan_crypto_pmksa *pmksa,
+				uint8_t vdev_id, bool update_to_fw);
 
 /**
  * csr_set_pmk_cache_ft() - store MDID in PMK cache