Merge "wlan: Fix possible OOB in lim_chk_n_process_wpa_rsn_ie" into wlan-driver.lnx.1.0
diff --git a/CORE/HDD/inc/wlan_hdd_cfg80211.h b/CORE/HDD/inc/wlan_hdd_cfg80211.h
index bbd92df..9ef5a8c 100644
--- a/CORE/HDD/inc/wlan_hdd_cfg80211.h
+++ b/CORE/HDD/inc/wlan_hdd_cfg80211.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -1391,10 +1391,10 @@
QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_RATE_FLAGS = 2,
/* Unsigned 32bit value for operating frequency */
QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_FREQ = 3,
- /* Unsigned 32bit value for STA flags*/
- QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_STA_FLAGS = 4,
/* An array of 6 Unsigned 8bit values for the STA MAC address*/
- QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_STA_MAC = 5,
+ QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_MAC_ADDR = 4,
+ /* Unsigned 32bit value for STA flags*/
+ QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_STA_FLAGS = 5,
/* KEEP LAST */
QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_AFTER_LAST,
@@ -1876,8 +1876,15 @@
}
#endif
-struct cfg80211_bss* wlan_hdd_cfg80211_update_bss_list(
- hdd_adapter_t *pAdapter, tSirMacAddr bssid);
+/*
+ * wlan_hdd_cfg80211_unlink_bss :to inform nl80211
+ * interface that BSS might have been lost.
+ * @pAdapter: adapter
+ * @bssid: bssid which might have been lost
+ *
+ * Return: void
+ */
+void wlan_hdd_cfg80211_unlink_bss(hdd_adapter_t *pAdapter, tSirMacAddr bssid);
struct cfg80211_bss *wlan_hdd_cfg80211_inform_bss_frame(hdd_adapter_t *pAdapter,
tSirBssDescription *bss_desc);
diff --git a/CORE/HDD/src/wlan_hdd_assoc.c b/CORE/HDD/src/wlan_hdd_assoc.c
index f7ce1b8..aa6bf28 100644
--- a/CORE/HDD/src/wlan_hdd_assoc.c
+++ b/CORE/HDD/src/wlan_hdd_assoc.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -1872,7 +1872,7 @@
/* clear scan cache for Link Lost */
if (pRoamInfo && !pRoamInfo->reasonCode &&
(eCSR_ROAM_LOSTLINK == roamStatus)) {
- wlan_hdd_cfg80211_update_bss_list(pAdapter,
+ wlan_hdd_cfg80211_unlink_bss(pAdapter,
pHddStaCtx->conn_info.bssId);
sme_remove_bssid_from_scan_list(pHddCtx->hHal,
pHddStaCtx->conn_info.bssId);
@@ -2668,7 +2668,7 @@
((eSIR_SME_JOIN_TIMEOUT_RESULT_CODE == pRoamInfo->statusCode) ||
(eSIR_SME_AUTH_TIMEOUT_RESULT_CODE == pRoamInfo->statusCode) ||
(eSIR_SME_ASSOC_TIMEOUT_RESULT_CODE == pRoamInfo->statusCode)))) {
- wlan_hdd_cfg80211_update_bss_list(pAdapter,
+ wlan_hdd_cfg80211_unlink_bss(pAdapter,
pRoamInfo ? pRoamInfo->bssid : pWextState->req_bssId);
sme_remove_bssid_from_scan_list(pHddCtx->hHal,
pRoamInfo ? pRoamInfo->bssid : pWextState->req_bssId);
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 80fadbb..166217e 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -13006,8 +13006,8 @@
const v_MACADDR_t *mac_addr)
{
struct sk_buff *vendor_event;
- uint32_t sta_flags = 0;
VOS_STATUS status;
+ struct nl80211_sta_flag_update sta_flags;
ENTER();
@@ -13032,18 +13032,22 @@
return -EINVAL;
}
- sta_flags |= BIT(NL80211_STA_FLAG_AUTHORIZED);
+ sta_flags.mask |= BIT(NL80211_STA_FLAG_AUTHORIZED);
+ sta_flags.set = true;
- status = nla_put_u32(vendor_event,
- QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_STA_FLAGS,
- sta_flags);
+ status = nla_put(vendor_event,
+ QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_STA_FLAGS,
+ sizeof(struct nl80211_sta_flag_update),
+ &sta_flags);
+
if (status) {
hddLog(VOS_TRACE_LEVEL_ERROR, FL("STA flag put fails"));
kfree_skb(vendor_event);
return VOS_STATUS_E_FAILURE;
}
+
status = nla_put(vendor_event,
- QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_STA_MAC,
+ QCA_WLAN_VENDOR_ATTR_LINK_PROPERTIES_MAC_ADDR,
VOS_MAC_ADDR_SIZE, mac_addr->bytes);
if (status) {
hddLog(VOS_TRACE_LEVEL_ERROR, FL("STA MAC put fails"));
@@ -14247,16 +14251,7 @@
rssi, GFP_KERNEL );
}
-/*
- * wlan_hdd_cfg80211_update_bss_list :to inform nl80211
- * interface that BSS might have been lost.
- * @pAdapter: adaptor
- * @bssid: bssid which might have been lost
- *
- * Return: bss which is unlinked from kernel cache
- */
-struct cfg80211_bss* wlan_hdd_cfg80211_update_bss_list(
- hdd_adapter_t *pAdapter, tSirMacAddr bssid)
+void wlan_hdd_cfg80211_unlink_bss(hdd_adapter_t *pAdapter, tSirMacAddr bssid)
{
struct net_device *dev = pAdapter->dev;
struct wireless_dev *wdev = dev->ieee80211_ptr;
@@ -14266,14 +14261,15 @@
bss = hdd_get_bss_entry(wiphy,
NULL, bssid,
NULL, 0);
- if (bss == NULL) {
+ if (!bss) {
hddLog(LOGE, FL("BSS not present"));
} else {
hddLog(LOG1, FL("cfg80211_unlink_bss called for BSSID "
MAC_ADDRESS_STR), MAC_ADDR_ARRAY(bssid));
cfg80211_unlink_bss(wiphy, bss);
+ /* cfg80211_get_bss get bss with ref count so release it */
+ cfg80211_put_bss(wiphy, bss);
}
- return bss;
}
diff --git a/CORE/MAC/src/pe/lim/limProcessDisassocFrame.c b/CORE/MAC/src/pe/lim/limProcessDisassocFrame.c
index 805ad5f..88ca7f8 100644
--- a/CORE/MAC/src/pe/lim/limProcessDisassocFrame.c
+++ b/CORE/MAC/src/pe/lim/limProcessDisassocFrame.c
@@ -203,6 +203,14 @@
}
}
+ if ((psessionEntry->limSystemRole == eLIM_STA_ROLE) &&
+ psessionEntry->limMlmState == eLIM_MLM_WT_ADD_STA_RSP_STATE) {
+ PELOGE(limLog(pMac, LOGE, FL("received Disassoc from the AP in"
+ "add sta response state, disconnecting"));)
+ psessionEntry->fDeauthReceived = true;
+ return;
+ }
+
if ( (psessionEntry->limSystemRole == eLIM_AP_ROLE) ||
(psessionEntry->limSystemRole == eLIM_BT_AMP_AP_ROLE) )
{