qcacmn: Drop remaining IEs if any corrupted IEs are present

Scan entry fails if any coruppted IEs are present

Introduced new ini parameters to enable scan based on ie
corruption. If ini parameter is enable then scan module skips
all IEs following coruppted IEs and adds scan entry without
completely dropping the frame. Otherwise if ini parameter is
disable then scan entry fails on corrupted ie.

Change-Id: If17b68448dd3e6ac3e98ed854ed67d7f16d9dff7
CRs-Fixed: 2806932

umac/scan/core/src/wlan_scan_main.h

@@ -513,6 +513,8 @@ struct scan_cb {
  * @duty_cycle_cnt_6ghz: Scan count to track the full scans and decide whether
  *                        to optimizate 6g channels in the scan request based
  *                        on the ini scan_mode_6ghz_duty_cycle.
+ * @allow_bss_with_incomplete_ie: Continue scan entry even if any corrupted IES are
+ *			    present.
  */
 struct wlan_scan_obj {
 	uint32_t scan_disabled;
@@ -547,6 +549,7 @@ struct wlan_scan_obj {
 	uint64_t scm_scan_to_post_scan_duration;
 #endif
 	uint16_t duty_cycle_cnt_6ghz;
+	bool allow_bss_with_incomplete_ie;
 };
 
 #ifdef ENABLE_SCAN_PROFILE

umac/scan/dispatcher/inc/wlan_scan_cfg.h

@@ -1285,6 +1285,30 @@ enum scan_mode_6ghz {
 			CFG_VALUE_OR_DEFAULT, \
 			"6ghz scan mode duty cycle")
 
+/*
+ * <ini>
+ * scan_allow_bss_with_corrupted_ie - Continue scan even if corrupted IEs are
+ * present.
+ * @Min: 0
+ * @Max: 1
+ * @Default: 0
+ *
+ * This ini is used to continue scan even if corrupted IEs are present. If this
+ * ini is enable, the scan module skips the IEs following corrupted IEs(IE's
+ * with invalid len) and adds the scan entry without completely dropping the
+ * frame.
+ *
+ * Related: scan
+ *
+ * Usage: External
+ *
+ * <ini>
+ */
+#define CFG_SCAN_ALLOW_BSS_WITH_CORRUPTED_IE CFG_INI_BOOL( \
+			"scan_allow_bss_with_corrupted_ie", \
+			false, \
+			"scan allow bss with corrupted ie")
+
 #define CFG_SCAN_ALL \
 	CFG(CFG_DROP_BCN_ON_CHANNEL_MISMATCH) \
 	CFG(CFG_DROP_BCN_ON_INVALID_FREQ) \
@@ -1318,6 +1342,7 @@ enum scan_mode_6ghz {
 	CFG(CFG_ENABLE_SKIP_DFS_IN_P2P_SEARCH) \
 	CFG(CFG_6GHZ_SCAN_MODE) \
 	CFG(CFG_6GHZ_SCAN_MODE_DUTY_CYCLE) \
+	CFG(CFG_SCAN_ALLOW_BSS_WITH_CORRUPTED_IE) \
 	CFG_SCAN_PNO
 
 #endif /* __CONFIG_SCAN_H */

umac/scan/dispatcher/src/wlan_scan_ucfg_api.c

@@ -838,6 +838,8 @@ wlan_scan_global_init(struct wlan_objmgr_psoc *psoc,
 	scan_obj->scan_def.scan_mode_6g = cfg_get(psoc, CFG_6GHZ_SCAN_MODE);
 	scan_obj->scan_def.duty_cycle_6ghz =
 		cfg_get(psoc, CFG_6GHZ_SCAN_MODE_DUTY_CYCLE);
+	scan_obj->allow_bss_with_incomplete_ie =
+		cfg_get(psoc, CFG_SCAN_ALLOW_BSS_WITH_CORRUPTED_IE);
 	/* init scan id seed */
 	qdf_atomic_init(&scan_obj->scan_ids);
 

umac/scan/dispatcher/src/wlan_scan_utils_api.c

@@ -927,8 +927,15 @@ util_scan_populate_bcn_ie_list(struct wlan_objmgr_pdev *pdev,
 		}
 
 		if (ie_len < ie->ie_len) {
-			scm_debug("Incomplete corrupted IE:%x",
-				ie->ie_id);
+			if (scan_obj->allow_bss_with_incomplete_ie) {
+				scm_debug(QDF_MAC_ADDR_FMT": Scan allowed with incomplete corrupted IE:%x, ie_len: %d, ie->ie_len: %d, stop processing further",
+					  QDF_MAC_ADDR_REF(scan_params->bssid.bytes),
+					  ie->ie_id, ie_len, ie->ie_len);
+				break;
+			}
+			scm_debug(QDF_MAC_ADDR_FMT": Scan not allowed with incomplete corrupted IE:%x, ie_len: %d, ie->ie_len: %d, stop processing further",
+				  QDF_MAC_ADDR_REF(scan_params->bssid.bytes),
+				  ie->ie_id, ie_len, ie->ie_len);
 			return QDF_STATUS_E_INVAL;
 		}