qcacld-3.0: Process deauth even in middle of SAE authentication

When SAE authentication fails due to some reason and if the
failure is detected while processing confirm request from the
station, some APs send deauth instead of confirm response.

Current driver/wpa_suplicant wait for the confirm response and
driver drops the deauth frame as it's in the middle of SAE
authentication. This results in connect timeout.
Driver is supposed to process the deauth from AP and indicate
failure to userspace. To resolve this, consider the deauth from AP
as SAE failure and abort the connection. Send connect failure to
userspace.

CRs-Fixed: 3157178
Change-Id: I09c9d8b19539e4986665c6052d3a7f52b3e49600

core/mac/inc/sir_api.h

@@ -5110,6 +5110,12 @@ struct sir_sae_info {
  * @vdev_id: vdev id
  * @sae_status: SAE status, 0: Success, Non-zero: Failure.
  * @peer_mac_addr: peer MAC address
+ * @result_code: This carries the reason of the SAE auth failure.
+ *               Currently, SAE authentication failure may happen due to
+ *               1. Authentication failure detected as part of SAE auth frame
+ *                  exchanges and validation.
+ *               2. Deauth received from AP while SAE authentication is in
+ *                  progress.
  */
 struct sir_sae_msg {
 	uint16_t message_type;
@@ -5117,6 +5123,7 @@ struct sir_sae_msg {
 	uint16_t vdev_id;
 	uint8_t sae_status;
 	tSirMacAddr peer_mac_addr;
+	tSirResultCodes result_code;
 };
 
 #ifdef WLAN_FEATURE_MOTION_DETECTION

core/mac/src/pe/lim/lim_process_deauth_frame.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2011-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2021 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2021-2022 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -40,6 +40,7 @@
 #include "sch_api.h"
 #include "lim_send_messages.h"
 #include "wlan_connectivity_logging.h"
+#include "cds_ieee80211_common.h"
 
 /**
  * lim_process_deauth_frame
@@ -82,7 +83,9 @@ lim_process_deauth_frame(struct mac_context *mac, uint8_t *pRxPacketInfo,
 	}
 
 	if (LIM_IS_STA_ROLE(pe_session) &&
-	    !lim_is_sb_disconnect_allowed(pe_session)) {
+	    !(lim_is_sb_disconnect_allowed(pe_session) ||
+	      (pe_session->limMlmState == eLIM_MLM_WT_SAE_AUTH_STATE &&
+	       pe_session->limSmeState == eLIM_SME_WT_AUTH_STATE))) {
 		/*Every 15th deauth frame will be logged in kmsg */
 		if (!(mac->lim.deauthMsgCnt & 0xF)) {
 			pe_debug("received Deauth frame in DEAUTH_WT_STATE"
@@ -319,6 +322,40 @@ lim_process_deauth_frame(struct mac_context *mac, uint8_t *pRxPacketInfo,
 
 } /*** end lim_process_deauth_frame() ***/
 
+#ifdef WLAN_FEATURE_SAE
+/*
+ * lim_process_sae_auth_msg() - Process auth msg after recieving deauth
+ * @mac_ctx: Global MAC context
+ * @pe_session: PE session entry pointer
+ * @addr: peer address/ source address
+ *
+ * Return: None
+ */
+static void lim_process_sae_auth_msg(struct mac_context *mac_ctx,
+				     struct pe_session *pe_session,
+				     tSirMacAddr addr)
+{
+	struct sir_sae_msg *sae_msg;
+
+	sae_msg = qdf_mem_malloc(sizeof(*sae_msg));
+	if (!sae_msg)
+		return;
+
+	sae_msg->vdev_id = pe_session->vdev_id;
+	sae_msg->sae_status = IEEE80211_STATUS_UNSPECIFIED;
+	sae_msg->result_code = eSIR_SME_DEAUTH_WHILE_JOIN;
+	qdf_mem_copy(sae_msg->peer_mac_addr, addr, QDF_MAC_ADDR_SIZE);
+	lim_process_sae_msg(mac_ctx, sae_msg);
+
+	qdf_mem_free(sae_msg);
+}
+#else
+static inline void lim_process_sae_auth_msg(struct mac_context *mac_ctx,
+					    struct pe_session *pe_session,
+					    tSirMacAddr addr)
+{}
+#endif
+
 void lim_perform_deauth(struct mac_context *mac_ctx, struct pe_session *pe_session,
 			uint16_t rc, tSirMacAddr addr, int32_t frame_rssi)
 {
@@ -476,6 +513,18 @@ void lim_perform_deauth(struct mac_context *mac_ctx, struct pe_session *pe_sessi
 				QDF_MAC_ADDR_REF(addr));
 			break;
 
+		case eLIM_MLM_WT_SAE_AUTH_STATE:
+			pe_debug("received Deauth frame state %X with "
+				 "reasonCode=%d from " QDF_MAC_ADDR_FMT,
+				 pe_session->limMlmState, rc,
+				 QDF_MAC_ADDR_REF(addr));
+
+			/* this will be treated as SAE authenticaton failure
+			 * and connect failure to userspace.
+			 */
+			lim_process_sae_auth_msg(mac_ctx, pe_session, addr);
+			return;
+
 		default:
 			pe_err("received Deauth frame in state %X with "
 				"reasonCode=%d from " QDF_MAC_ADDR_FMT,

core/mac/src/pe/lim/lim_process_message_queue.c

@@ -98,8 +98,9 @@ static void lim_process_sae_msg_sta(struct mac_context *mac,
 						    STATUS_SUCCESS,
 						    session);
 		else
-			lim_restore_from_auth_state(mac, eSIR_SME_AUTH_REFUSED,
-				STATUS_UNSPECIFIED_FAILURE, session);
+			lim_restore_from_auth_state(mac, sae_msg->result_code,
+						    STATUS_UNSPECIFIED_FAILURE,
+						    session);
 		break;
 	default:
 		/* SAE msg is received in unexpected state */
@@ -192,7 +193,7 @@ static void lim_process_sae_msg_ap(struct mac_context *mac,
  *
  * Return: None
  */
-static void lim_process_sae_msg(struct mac_context *mac, struct sir_sae_msg *body)
+void lim_process_sae_msg(struct mac_context *mac, struct sir_sae_msg *body)
 {
 	struct sir_sae_msg *sae_msg = body;
 	struct pe_session *session;
@@ -228,9 +229,6 @@ static void lim_process_sae_msg(struct mac_context *mac, struct sir_sae_msg *bod
 	else
 		pe_debug("SAE message on unsupported interface");
 }
-#else
-static inline void lim_process_sae_msg(struct mac_context *mac, void *body)
-{}
 #endif
 
 /**

core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c

@@ -585,8 +585,12 @@ void lim_process_mlm_auth_cnf(struct mac_context *mac_ctx, uint32_t *msg)
 			 * password is used. Then AP will still reject the
 			 * authentication even correct password is used unless
 			 * STA send deauth to AP upon authentication failure.
+			 *
+			 * Do not send deauth mgmt frame when already in Deauth
+			 * state while joining.
 			 */
-			if (auth_type == eSIR_AUTH_TYPE_SAE) {
+			if (auth_type == eSIR_AUTH_TYPE_SAE &&
+			    auth_cnf->resultCode != eSIR_SME_DEAUTH_WHILE_JOIN) {
 				pe_debug("Send deauth for SAE auth failure");
 				lim_send_deauth_mgmt_frame(mac_ctx,
 						       auth_cnf->protStatusCode,

core/mac/src/pe/lim/lim_utils.h

@@ -2803,4 +2803,18 @@ void
 lim_fill_oci_params(struct mac_context *mac, struct pe_session *session,
 		    tDot11fIEoci *oci);
 
+#ifdef WLAN_FEATURE_SAE
+/**
+ * lim_process_sae_msg() - Process SAE message
+ * @mac: Global MAC pointer
+ * @body: Buffer pointer
+ *
+ * Return: None
+ */
+void lim_process_sae_msg(struct mac_context *mac, struct sir_sae_msg *body);
+#else
+static inline void lim_process_sae_msg(struct mac_context *mac, void *body);
+{}
+#endif
+
 #endif /* __LIM_UTILS_H */

core/sme/src/common/sme_api.c

@@ -14651,6 +14651,7 @@ QDF_STATUS sme_handle_sae_msg(mac_handle_t mac_handle,
 		sae_msg->length = sizeof(*sae_msg);
 		sae_msg->vdev_id = session_id;
 		sae_msg->sae_status = sae_status;
+		sae_msg->result_code = eSIR_SME_AUTH_REFUSED;
 		qdf_mem_copy(sae_msg->peer_mac_addr,
 			     peer_mac_addr.bytes,
 			     QDF_MAC_ADDR_SIZE);