Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacld-3.0: Delete older PMK of all APs which have the same PMK

Currently when supplicant sends set_pmkid_cache (Either after initial
connection or after session timeout with AP) to host to set
the new pmkid derived after the EAP is done. Host deletes PMK entry
only if bssid/ssid matches.
For OKC, the PMK derived from the initially associated AP will be
used for deriving PMKID for all APs. In case of connection with OKC
supported APs, If STA receive session timeout from AP, HOST should
delete older PMK of all APs which have the same PMK. Else While
roaming HOST could send older PMK to OKC supported AP and this
results PMK flush in FW and leads to full EAP.

Change-Id: I95881db229d5193cbdc22c5f30e1375b3892fbd4
CRs-Fixed: 2679737
Vulupala Shashank Reddy 5 years ago
parent
8dc196464b
commit
d4724cf9af
2 changed files with 47 additions and 0 deletions
Split View Show Diff Stats
  1. 30 0
      core/sme/src/csr/csr_api_roam.c
  2. 17 0
      core/wma/src/wma_scan_roam.c

+ 30 - 0
core/sme/src/csr/csr_api_roam.c
View File 

@@ -21600,6 +21600,7 @@ static QDF_STATUS csr_process_roam_sync_callback(struct mac_context *mac_ctx,
 
 	struct mlme_roam_after_data_stall *vdev_roam_params;
 
 	bool abort_host_scan_cap = false;
 
 	wlan_scan_id scan_id;
 
+	struct wlan_crypto_pmksa *pmksa;
 
 
 	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(mac_ctx->psoc, session_id,
 
 						    WLAN_LEGACY_SME_ID);
 
@@ -21882,6 +21883,35 @@ static QDF_STATUS csr_process_roam_sync_callback(struct mac_context *mac_ctx,
 
 		} else {
 
 			sme_debug("PMKID Not found in cache for " QDF_MAC_ADDR_STR,
 
 				  QDF_MAC_ADDR_ARRAY(pmkid_cache->BSSID.bytes));
 
+			if (roam_synch_data->pmk_len) {
 
+				pmksa = qdf_mem_malloc(sizeof(*pmksa));
 
+				if (!pmksa) {
 
+					status = QDF_STATUS_E_NOMEM;
 
+					goto end;
 
+				}
 
+
 
+				session->pmk_len = roam_synch_data->pmk_len;
 
+				qdf_mem_zero(session->psk_pmk,
 
+					     sizeof(session->psk_pmk));
 
+				qdf_mem_copy(session->psk_pmk,
 
+					     roam_synch_data->pmk,
 
+					     session->pmk_len);
 
+
 
+				qdf_copy_macaddr(&pmksa->bssid,
 
+						 &session->
 
+						 connectedProfile.bssid);
 
+				qdf_mem_copy(pmksa->pmkid,
 
+					     roam_synch_data->pmkid, PMKID_LEN);
 
+				qdf_mem_copy(pmksa->pmk, roam_synch_data->pmk,
 
+					     roam_synch_data->pmk_len);
 
+				pmksa->pmk_len = roam_synch_data->pmk_len;
 
+
 
+				if (wlan_crypto_set_del_pmksa(vdev, pmksa, true)
 
+					!= QDF_STATUS_SUCCESS) {
 
+					qdf_mem_zero(pmksa, sizeof(*pmksa));
 
+					qdf_mem_free(pmksa);
 
+				}
 
+			}
 
 		}
 
 		qdf_mem_zero(pmkid_cache, sizeof(pmkid_cache));
 
 		qdf_mem_free(pmkid_cache);

+ 17 - 0
core/wma/src/wma_scan_roam.c
View File 

@@ -2499,6 +2499,7 @@ static int wma_fill_roam_synch_buffer(tp_wma_handle wma,
 
 	wmi_key_material_ext *key_ft;
 
 	struct wma_txrx_node *iface = NULL;
 
 	wmi_roam_fils_synch_tlv_param *fils_info;
 
+	wmi_roam_pmk_cache_synch_tlv_param *pmk_cache_info;
 
 	int status = -EINVAL;
 
 	uint8_t kck_len;
 
 	uint8_t kek_len;
 
@@ -2639,6 +2640,22 @@ static int wma_fill_roam_synch_buffer(tp_wma_handle wma,
 
 			 roam_synch_ind_ptr->update_erp_next_seq_num,
 
 			 roam_synch_ind_ptr->next_erp_seq_num);
 
 	}
 
+
 
+	pmk_cache_info = param_buf->roam_pmk_cache_synch_info;
 
+	if (pmk_cache_info && (pmk_cache_info->pmk_len)) {
 
+		if (pmk_cache_info->pmk_len > SIR_PMK_LEN) {
 
+			WMA_LOGE("%s: Invalid pmk_len %d", __func__,
 
+				 pmk_cache_info->pmk_len);
 
+			wma_free_roam_synch_frame_ind(iface);
 
+			return status;
 
+		}
 
+
 
+		roam_synch_ind_ptr->pmk_len = pmk_cache_info->pmk_len;
 
+		qdf_mem_copy(roam_synch_ind_ptr->pmk,
 
+			     pmk_cache_info->pmk, pmk_cache_info->pmk_len);
 
+		qdf_mem_copy(roam_synch_ind_ptr->pmkid,
 
+			     pmk_cache_info->pmkid, PMKID_LEN);
 
+	}
 
 	wma_free_roam_synch_frame_ind(iface);
 
 	return 0;
 
 }