diff options
| author | Eva Huang <evahuang@google.com> | 2020-12-02 15:27:04 +0800 |
|---|---|---|
| committer | Eva Huang <evahuang@google.com> | 2020-12-02 15:27:04 +0800 |
| commit | 5fe2fc2b5bc7ff6f7ecf819a2c14a3ec053cfb0f (patch) | |
| tree | 95577047f01c29ca8c2be469354f9502eece1241 | |
| parent | 83fd7f20724171e7dec926774527ea282018cb85 (diff) | |
| parent | 4cdc041a414bdf3f87b746c42e5a68e95545f37b (diff) | |
| download | qcacld-android-msm-coral-4.14-android11-qpr1.tar.gz | |
Merge branch 'android-msm-floral-4.14-rvc-security' into android-msm-floral-4.14-rvc-qpr1android-11.0.0_r0.54android-msm-coral-4.14-android11-qpr1
Feb 2021.1
Bug: 174415365
Change-Id: I9fbb78f51fb59e5c5bdd22c3468b374944be599b
| -rw-r--r-- | components/mlme/core/inc/wlan_mlme_main.h | 6 | ||||
| -rw-r--r-- | core/mac/src/dph/dph_hash_table.c | 6 | ||||
| -rw-r--r-- | core/mac/src/include/dph_global.h | 4 | ||||
| -rw-r--r-- | core/mac/src/pe/lim/lim_api.c | 46 | ||||
| -rw-r--r-- | core/mac/src/pe/lim/lim_process_deauth_frame.c | 19 | ||||
| -rw-r--r-- | core/mac/src/pe/lim/lim_process_disassoc_frame.c | 18 |
6 files changed, 56 insertions, 43 deletions
diff --git a/components/mlme/core/inc/wlan_mlme_main.h b/components/mlme/core/inc/wlan_mlme_main.h index 3dc20d259f..7c125f516f 100644 --- a/components/mlme/core/inc/wlan_mlme_main.h +++ b/components/mlme/core/inc/wlan_mlme_main.h @@ -35,9 +35,15 @@ /** * struct peer_mlme_priv_obj - peer MLME component object * @ucast_key_cipher: unicast crypto type. + * @is_pmf_enabled: True if PMF is enabled + * @last_assoc_received_time: last assoc received time + * @last_disassoc_deauth_received_time: last disassoc/deauth received time */ struct peer_mlme_priv_obj { uint32_t ucast_key_cipher; + bool is_pmf_enabled; + qdf_time_t last_assoc_received_time; + qdf_time_t last_disassoc_deauth_received_time; }; /** diff --git a/core/mac/src/dph/dph_hash_table.c b/core/mac/src/dph/dph_hash_table.c index ced3e663fc..a34a134848 100644 --- a/core/mac/src/dph/dph_hash_table.c +++ b/core/mac/src/dph/dph_hash_table.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2020 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -267,8 +267,6 @@ tpDphHashNode dph_init_sta_state(tpAniSirGlobal pMac, tSirMacAddr staAddr, pStaDs->added = 1; pStaDs->encPolicy = ENC_POLICY_NULL; pStaDs->is_disassoc_deauth_in_progress = 0; - pStaDs->last_assoc_received_time = 0; - pStaDs->last_disassoc_deauth_received_time = 0; pStaDs->sta_deletion_in_progress = false; pStaDs->valid = 1; return pStaDs; @@ -405,8 +403,6 @@ QDF_STATUS dph_delete_hash_entry(tpAniSirGlobal pMac, tSirMacAddr staAddr, prev->next = ptr->next; ptr->added = 0; ptr->is_disassoc_deauth_in_progress = 0; - ptr->last_assoc_received_time = 0; - ptr->last_disassoc_deauth_received_time = 0; ptr->sta_deletion_in_progress = false; ptr->next = 0; } else { diff --git a/core/mac/src/include/dph_global.h b/core/mac/src/include/dph_global.h index ea1ed1c8cb..c3bdc1e2a7 100644 --- a/core/mac/src/include/dph_global.h +++ b/core/mac/src/include/dph_global.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2011-2020 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -241,8 +241,6 @@ typedef struct sDphHashNode { /* key installed for this STA or not in the firmware */ uint8_t is_key_installed; uint8_t is_disassoc_deauth_in_progress; - qdf_time_t last_assoc_received_time; - qdf_time_t last_disassoc_deauth_received_time; uint8_t nss; int8_t del_sta_ctx_rssi; diff --git a/core/mac/src/pe/lim/lim_api.c b/core/mac/src/pe/lim/lim_api.c index 5113565b6f..4ee60032c5 100644 --- a/core/mac/src/pe/lim/lim_api.c +++ b/core/mac/src/pe/lim/lim_api.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2019 The Linux Foundation. All rights reserved. + * Copyright (c) 2011-2020 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -71,6 +71,7 @@ #include <wlan_scan_public_structs.h> #include <wlan_p2p_ucfg_api.h> #include "wlan_utility.h" +#include "wlan_mlme_main.h" static void __lim_init_bss_vars(tpAniSirGlobal pMac) { @@ -2637,33 +2638,44 @@ tMgmtFrmDropReason lim_is_pkt_candidate_for_drop(tpAniSirGlobal pMac, curr_seq_num); return eMGMT_DROP_DUPLICATE_AUTH_FRAME; } - } else if ((subType == SIR_MAC_MGMT_ASSOC_REQ) && - (subType == SIR_MAC_MGMT_DISASSOC) && + } else if ((subType == SIR_MAC_MGMT_ASSOC_REQ) || + (subType == SIR_MAC_MGMT_DISASSOC) || (subType == SIR_MAC_MGMT_DEAUTH)) { - uint16_t assoc_id; - dphHashTableClass *dph_table; - tDphHashNode *sta_ds; + struct peer_mlme_priv_obj *peer_priv; + struct wlan_objmgr_peer *peer; qdf_time_t *timestamp; pHdr = WMA_GET_RX_MAC_HEADER(pRxPacketInfo); psessionEntry = pe_find_session_by_bssid(pMac, pHdr->bssId, &sessionId); if (!psessionEntry) - return eMGMT_DROP_NO_DROP; - dph_table = &psessionEntry->dph.dphHashTable; - sta_ds = dph_lookup_hash_entry(pMac, pHdr->sa, &assoc_id, - dph_table); - if (!sta_ds) { + return eMGMT_DROP_SPURIOUS_FRAME; + + peer = wlan_objmgr_get_peer_by_mac(pMac->psoc, + pHdr->sa, + WLAN_LEGACY_MAC_ID); + if (!peer) { if (subType == SIR_MAC_MGMT_ASSOC_REQ) - return eMGMT_DROP_NO_DROP; - else - return eMGMT_DROP_EXCESSIVE_MGMT_FRAME; + return eMGMT_DROP_NO_DROP; + + return eMGMT_DROP_SPURIOUS_FRAME; } + peer_priv = wlan_objmgr_peer_get_comp_private_obj(peer, + WLAN_UMAC_COMP_MLME); + if (!peer_priv) { + wlan_objmgr_peer_release_ref(peer, WLAN_LEGACY_MAC_ID); + if (subType == SIR_MAC_MGMT_ASSOC_REQ) + return eMGMT_DROP_NO_DROP; + + return eMGMT_DROP_SPURIOUS_FRAME; + } if (subType == SIR_MAC_MGMT_ASSOC_REQ) - timestamp = &sta_ds->last_assoc_received_time; + timestamp = &peer_priv->last_assoc_received_time; else - timestamp = &sta_ds->last_disassoc_deauth_received_time; + timestamp = + &peer_priv->last_disassoc_deauth_received_time; + if (*timestamp > 0 && qdf_system_time_before(qdf_get_system_timestamp(), *timestamp + @@ -2673,10 +2685,12 @@ tMgmtFrmDropReason lim_is_pkt_candidate_for_drop(tpAniSirGlobal pMac, (int)(qdf_get_system_timestamp() - *timestamp), "of last frame. Allow it only after", LIM_DOS_PROTECTION_TIME); + wlan_objmgr_peer_release_ref(peer, WLAN_LEGACY_MAC_ID); return eMGMT_DROP_EXCESSIVE_MGMT_FRAME; } *timestamp = qdf_get_system_timestamp(); + wlan_objmgr_peer_release_ref(peer, WLAN_LEGACY_MAC_ID); } diff --git a/core/mac/src/pe/lim/lim_process_deauth_frame.c b/core/mac/src/pe/lim/lim_process_deauth_frame.c index 9f0f7dec44..49cfb4c1c1 100644 --- a/core/mac/src/pe/lim/lim_process_deauth_frame.c +++ b/core/mac/src/pe/lim/lim_process_deauth_frame.c @@ -159,16 +159,6 @@ lim_process_deauth_frame(tpAniSirGlobal pMac, uint8_t *pRxPacketInfo, reasonCode, lim_dot11_reason_str(reasonCode), MAC_ADDR_ARRAY(pHdr->sa)); - if (pMac->roam.configParam.enable_fatal_event && - (reasonCode != eSIR_MAC_UNSPEC_FAILURE_REASON && - reasonCode != eSIR_MAC_DEAUTH_LEAVING_BSS_REASON && - reasonCode != eSIR_MAC_DISASSOC_LEAVING_BSS_REASON)) { - cds_flush_logs(WLAN_LOG_TYPE_FATAL, - WLAN_LOG_INDICATOR_HOST_DRIVER, - WLAN_LOG_REASON_DISCONNECT, - false, false); - } - lim_diag_event_report(pMac, WLAN_PE_DIAG_DEAUTH_FRAME_EVENT, psessionEntry, 0, reasonCode); @@ -319,6 +309,15 @@ lim_process_deauth_frame(tpAniSirGlobal pMac, uint8_t *pRxPacketInfo, lim_perform_deauth(pMac, psessionEntry, reasonCode, pHdr->sa, frame_rssi); + if (pMac->roam.configParam.enable_fatal_event && + (reasonCode != eSIR_MAC_UNSPEC_FAILURE_REASON && + reasonCode != eSIR_MAC_DEAUTH_LEAVING_BSS_REASON && + reasonCode != eSIR_MAC_DISASSOC_LEAVING_BSS_REASON)) { + cds_flush_logs(WLAN_LOG_TYPE_FATAL, + WLAN_LOG_INDICATOR_HOST_DRIVER, + WLAN_LOG_REASON_DISCONNECT, + false, false); + } } /*** end lim_process_deauth_frame() ***/ diff --git a/core/mac/src/pe/lim/lim_process_disassoc_frame.c b/core/mac/src/pe/lim/lim_process_disassoc_frame.c index 7b41e1b9c2..e9c447be84 100644 --- a/core/mac/src/pe/lim/lim_process_disassoc_frame.c +++ b/core/mac/src/pe/lim/lim_process_disassoc_frame.c @@ -157,15 +157,6 @@ lim_process_disassoc_frame(tpAniSirGlobal pMac, uint8_t *pRxPacketInfo, lim_diag_event_report(pMac, WLAN_PE_DIAG_DISASSOC_FRAME_EVENT, psessionEntry, 0, reasonCode); - if (pMac->roam.configParam.enable_fatal_event && - (reasonCode != eSIR_MAC_UNSPEC_FAILURE_REASON && - reasonCode != eSIR_MAC_DEAUTH_LEAVING_BSS_REASON && - reasonCode != eSIR_MAC_DISASSOC_LEAVING_BSS_REASON)) { - cds_flush_logs(WLAN_LOG_TYPE_FATAL, - WLAN_LOG_INDICATOR_HOST_DRIVER, - WLAN_LOG_REASON_DISCONNECT, - false, false); - } /** * Extract 'associated' context for STA, if any. * This is maintained by DPH and created by LIM. @@ -314,6 +305,15 @@ lim_process_disassoc_frame(tpAniSirGlobal pMac, uint8_t *pRxPacketInfo, lim_perform_disassoc(pMac, frame_rssi, reasonCode, psessionEntry, pHdr->sa); + if (pMac->roam.configParam.enable_fatal_event && + (reasonCode != eSIR_MAC_UNSPEC_FAILURE_REASON && + reasonCode != eSIR_MAC_DEAUTH_LEAVING_BSS_REASON && + reasonCode != eSIR_MAC_DISASSOC_LEAVING_BSS_REASON)) { + cds_flush_logs(WLAN_LOG_TYPE_FATAL, + WLAN_LOG_INDICATOR_HOST_DRIVER, + WLAN_LOG_REASON_DISCONNECT, + false, false); + } } /*** end lim_process_disassoc_frame() ***/ #ifdef FEATURE_WLAN_TDLS |