Startseite Erkunden Hilfe
Anmelden
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Quellcode durchsuchen

qcacld-3.0: Don't free sae auth retry frame for invalid auth rsp

In the noisy environment observation is, host sends SAE commit req to
AP and gets SAE commit response from AP, then host sends SAE confirm
req to AP but due to noisy environment AP miss the ack for SAE commit
response and keep sending SAE commit response even host send SAE
confirm. As host cleans SAE auth retry frames on reception of SAE auth
rx from AP, host cleanups SAE auth confirm req and disable SAE auth
retry timer. This leads to SAE auth failure. To avoid this host matches
auth frame's "sae algo sequence number" with last sent auth frame's "sae
algo sequence number", if it matches then only free sae auth retry frame
and deactivate sae auth retry timer.

Change-Id: Ia9ae2e5d82c696efdc0aaf4e04b6760b9829c510
CRs-Fixed: 2720436
Abhishek Ambure vor 4 Jahren
Ursprung
8ae1be9cfe
Commit
8500973b30
1 geänderte Dateien mit 49 neuen und 4 gelöschten Zeilen
Geteilte Ansicht Diff-Statistik anzeigen
  1. 49 4
      core/mac/src/pe/lim/lim_process_auth_frame.c

+ 49 - 4
core/mac/src/pe/lim/lim_process_auth_frame.c
Datei anzeigen 

@@ -354,6 +354,48 @@ void lim_sae_auth_cleanup_retry(struct mac_context *mac_ctx,
 
 	mlme_free_sae_auth_retry(pe_session->vdev);
 
 }
 
 
+#define SAE_AUTH_ALGO_BYTES 2
 
+#define SAE_AUTH_SEQ_NUM_BYTES 2
 
+#define SAE_AUTH_SEQ_OFFSET 1
 
+
 
+/**
 
+ * lim_is_sae_auth_algo_match()- Match SAE auth seq in queued SAE auth and
 
+ * SAE auth rx frame
 
+ * @queued_frame: Pointer to queued SAE auth retry frame
 
+ * @q_len: length of queued sae auth retry frame
 
+ * @rx_pkt_info: Rx packet
 
+ *
 
+ * Return: True if SAE auth seq is mached else false
 
+ */
 
+static bool lim_is_sae_auth_algo_match(uint8_t *queued_frame, uint16_t q_len,
 
+				       uint8_t *rx_pkt_info)
 
+{
 
+	tpSirMacMgmtHdr qmac_hdr = (tpSirMacMgmtHdr)queued_frame;
 
+	uint16_t *rxbody_ptr, *qbody_ptr, rxframe_len, min_len;
 
+
 
+	min_len = sizeof(tSirMacMgmtHdr) + SAE_AUTH_ALGO_BYTES +
 
+			SAE_AUTH_SEQ_NUM_BYTES;
 
+
 
+	rxframe_len = WMA_GET_RX_PAYLOAD_LEN(rx_pkt_info);
 
+	if (rxframe_len < min_len || q_len < min_len) {
 
+		pe_debug("rxframe_len %d, queued_frame_len %d, min_len %d",
 
+			 rxframe_len, q_len, min_len);
 
+		return false;
 
+	}
 
+
 
+	rxbody_ptr = (uint16_t *)WMA_GET_RX_MPDU_DATA(rx_pkt_info);
 
+	qbody_ptr = (uint16_t *)((uint8_t *)qmac_hdr + sizeof(tSirMacMgmtHdr));
 
+
 
+	pe_debug("sae_auth : rx pkt auth seq %d queued pkt auth seq %d",
 
+		 rxbody_ptr[SAE_AUTH_SEQ_OFFSET],
 
+		 qbody_ptr[SAE_AUTH_SEQ_OFFSET]);
 
+	if (rxbody_ptr[SAE_AUTH_SEQ_OFFSET] ==
 
+	    qbody_ptr[SAE_AUTH_SEQ_OFFSET])
 
+		return true;
 
+
 
+	return false;
 
+}
 
+
 
 /**
 
  * lim_process_sae_auth_frame()-Process SAE authentication frame
 
  * @mac_ctx: MAC context
 
@@ -408,10 +450,13 @@ static void lim_process_sae_auth_frame(struct mac_context *mac_ctx,
 
 
 	sae_retry = mlme_get_sae_auth_retry(pe_session->vdev);
 
 	if (LIM_IS_STA_ROLE(pe_session) && sae_retry &&
 
-	    sae_retry->sae_auth.data)
 
-		lim_sae_auth_cleanup_retry(mac_ctx,
 
-					   pe_session->vdev_id);
 
-
 
+	    sae_retry->sae_auth.data) {
 
+		if (lim_is_sae_auth_algo_match(
 
+		    sae_retry->sae_auth.data, sae_retry->sae_auth.len,
 
+		     rx_pkt_info))
 
+			lim_sae_auth_cleanup_retry(mac_ctx,
 
+						   pe_session->vdev_id);
 
+	}
 
 	lim_send_sme_mgmt_frame_ind(mac_ctx, mac_hdr->fc.subType,
 
 				    (uint8_t *)mac_hdr,
 
 				    frame_len + sizeof(tSirMacMgmtHdr),