wlan: Additional Scan IE data is not as per interface.
In middle of p2p0 connection, if there is any wlan0
scan, Addition ScanIE data for connection is being
used as wlan0 scanIE data.
While processing scan from NL, length is being copied
as per interface but Additional IE data will always
point to the latest Additional ScanIE.
CRs-Fixed: 579613
Change-Id: Icef0a94c441a00a0457a1df0b0f187e96c6ddee9
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 779b735..c06d2ca 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -5001,19 +5001,31 @@
if( request->ie_len )
{
/* save this for future association (join requires this) */
+ /*TODO: Array needs to be converted to dynamic allocation,
+ * as multiple ie.s can be sent in cfg80211_scan_request structure
+ * CR 597966
+ */
memset( &pScanInfo->scanAddIE, 0, sizeof(pScanInfo->scanAddIE) );
memcpy( pScanInfo->scanAddIE.addIEdata, request->ie, request->ie_len);
pScanInfo->scanAddIE.length = request->ie_len;
- if((WLAN_HDD_INFRA_STATION == pAdapter->device_mode) ||
+ if ((WLAN_HDD_INFRA_STATION == pAdapter->device_mode) ||
(WLAN_HDD_P2P_CLIENT == pAdapter->device_mode) ||
- (WLAN_HDD_P2P_DEVICE == pAdapter->device_mode)
- )
+ (WLAN_HDD_P2P_DEVICE == pAdapter->device_mode))
{
- pwextBuf->roamProfile.pAddIEScan = pScanInfo->scanAddIE.addIEdata;
- pwextBuf->roamProfile.nAddIEScanLength = pScanInfo->scanAddIE.length;
- }
+ if ( request->ie_len <= SIR_MAC_MAX_IE_LENGTH)
+ {
+ pwextBuf->roamProfile.nAddIEScanLength = request->ie_len;
+ memcpy( pwextBuf->roamProfile.addIEScan,
+ request->ie, request->ie_len);
+ }
+ else
+ {
+ hddLog(VOS_TRACE_LEVEL_ERROR, "Scan Ie length is invalid:"
+ "%d", request->ie_len);
+ }
+ }
scanRequest.uIEFieldLen = pScanInfo->scanAddIE.length;
scanRequest.pIEField = pScanInfo->scanAddIE.addIEdata;
diff --git a/CORE/HDD/src/wlan_hdd_scan.c b/CORE/HDD/src/wlan_hdd_scan.c
index b392fb7..0636af5 100644
--- a/CORE/HDD/src/wlan_hdd_scan.c
+++ b/CORE/HDD/src/wlan_hdd_scan.c
@@ -735,10 +735,20 @@
memcpy( pHddCtx->scan_info.scanAddIE.addIEdata, pwextBuf->genIE.addIEdata,
pwextBuf->genIE.length );
pHddCtx->scan_info.scanAddIE.length = pwextBuf->genIE.length;
-
- pwextBuf->roamProfile.pAddIEScan = pHddCtx->scan_info.scanAddIE.addIEdata;
- pwextBuf->roamProfile.nAddIEScanLength = pHddCtx->scan_info.scanAddIE.length;
-
+ /* Maximum length of each IE is SIR_MAC_MAX_IE_LENGTH */
+ if (SIR_MAC_MAX_IE_LENGTH >= pwextBuf->genIE.length)
+ {
+ memcpy( pwextBuf->roamProfile.addIEScan,
+ pHddCtx->scan_info.scanAddIE.addIEdata,
+ pHddCtx->scan_info.scanAddIE.length);
+ pwextBuf->roamProfile.nAddIEScanLength =
+ pHddCtx->scan_info.scanAddIE.length;
+ }
+ else
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "Invalid ScanIE, Length is %d", pwextBuf->genIE.length);
+ }
/* clear previous genIE after use it */
memset( &pwextBuf->genIE, 0, sizeof(pwextBuf->genIE) );
}
@@ -1115,9 +1125,20 @@
memcpy( pHddCtx->scan_info.scanAddIE.addIEdata, pwextBuf->genIE.addIEdata,
pwextBuf->genIE.length );
pHddCtx->scan_info.scanAddIE.length = pwextBuf->genIE.length;
-
- pwextBuf->roamProfile.pAddIEScan = pHddCtx->scan_info.scanAddIE.addIEdata;
- pwextBuf->roamProfile.nAddIEScanLength = pHddCtx->scan_info.scanAddIE.length;
+ if (SIR_MAC_MAX_IE_LENGTH >= pwextBuf->genIE.length)
+ {
+ memcpy( pwextBuf->roamProfile.addIEScan,
+ pHddCtx->scan_info.scanAddIE.addIEdata,
+ pHddCtx->scan_info.scanAddIE.length);
+ pwextBuf->roamProfile.nAddIEScanLength =
+ pHddCtx->scan_info.scanAddIE.length;
+ }
+ else
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "Invalid ScanIE, Length is %d",
+ pwextBuf->genIE.length);
+ }
/* clear previous genIE after use it */
memset( &pwextBuf->genIE, 0, sizeof(pwextBuf->genIE) );
diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
index 626f188..55b2100 100644
--- a/CORE/HDD/src/wlan_hdd_wext.c
+++ b/CORE/HDD/src/wlan_hdd_wext.c
@@ -1085,8 +1085,8 @@
#endif
pWextState->roamProfile.bWPSAssociation = VOS_FALSE;
- pWextState->roamProfile.pAddIEScan = (tANI_U8 *)NULL;
pWextState->roamProfile.nAddIEScanLength = 0;
+ memset(pWextState->roamProfile.addIEScan, 0 , SIR_MAC_MAX_IE_LENGTH+2);
pWextState->roamProfile.pAddIEAssoc = (tANI_U8 *)NULL;
pWextState->roamProfile.nAddIEAssocLength = 0;
diff --git a/CORE/SME/inc/csrApi.h b/CORE/SME/inc/csrApi.h
index fe3f43a..b81fa04 100644
--- a/CORE/SME/inc/csrApi.h
+++ b/CORE/SME/inc/csrApi.h
@@ -875,8 +875,13 @@
tANI_U8 *pWAPIReqIE; //If not null, it has the IE byte stream for WAPI
#endif /* FEATURE_WLAN_WAPI */
- tANI_U32 nAddIEScanLength; //The byte count in the pAddIE for scan (at the time of join)
- tANI_U8 *pAddIEScan; //If not null, it has the IE byte stream for additional IE, which can be WSC IE and/or P2P IE
+ //The byte count in the pAddIE for scan (at the time of join)
+ tANI_U32 nAddIEScanLength;
+ /* Additional IE information.
+ * It has the IE byte stream for additional IE,
+ * which can be WSC IE and/or P2P IE
+ */
+ tANI_U8 addIEScan[SIR_MAC_MAX_IE_LENGTH+2]; //Additional IE information.
tANI_U32 nAddIEAssocLength; //The byte count in the pAddIE for assoc
tANI_U8 *pAddIEAssoc; //If not null, it has the IE byte stream for additional IE, which can be WSC IE and/or P2P IE
diff --git a/CORE/SME/inc/csrInternal.h b/CORE/SME/inc/csrInternal.h
index 03be8a3..e7c8612 100644
--- a/CORE/SME/inc/csrInternal.h
+++ b/CORE/SME/inc/csrInternal.h
@@ -906,8 +906,11 @@
tANI_U32 nWapiRspIeLength; //the byte count for pWapiRspIE
tANI_U8 *pWapiRspIE; //this contain the WAPI IE in beacon/probe rsp
#endif /* FEATURE_WLAN_WAPI */
- tANI_U32 nAddIEScanLength; //the byte count of pAddIeScanIE;
- tANI_U8 *pAddIEScan; //this contains the additional IE in (unicast) probe request at the time of join
+ tANI_U32 nAddIEScanLength; //length of addIeScan
+ /* This contains the additional IE in (unicast)
+ * probe request at the time of join
+ */
+ tANI_U8 addIEScan[SIR_MAC_MAX_IE_LENGTH+2];
tANI_U32 nAddIEAssocLength; //the byte count for pAddIeAssocIE
tANI_U8 *pAddIEAssoc; //this contains the additional IE in (re) assoc request
diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c
index 39bd618..e36fc39 100644
--- a/CORE/SME/src/csr/csrApiRoam.c
+++ b/CORE/SME/src/csr/csrApiRoam.c
@@ -5961,19 +5961,19 @@
#endif /* FEATURE_WLAN_WAPI */
if(pSrcProfile->nAddIEScanLength)
{
- pDstProfile->pAddIEScan = vos_mem_malloc(pSrcProfile->nAddIEScanLength);
- if ( NULL == pDstProfile->pAddIEScan )
- status = eHAL_STATUS_FAILURE;
- else
- status = eHAL_STATUS_SUCCESS;
-
- if(!HAL_STATUS_SUCCESS(status))
+ memset(pDstProfile->addIEScan, 0 , SIR_MAC_MAX_IE_LENGTH);
+ if ( SIR_MAC_MAX_IE_LENGTH >= pSrcProfile->nAddIEScanLength)
{
- break;
- }
- pDstProfile->nAddIEScanLength = pSrcProfile->nAddIEScanLength;
- vos_mem_copy(pDstProfile->pAddIEScan, pSrcProfile->pAddIEScan,
+ vos_mem_copy(pDstProfile->addIEScan, pSrcProfile->addIEScan,
pSrcProfile->nAddIEScanLength);
+ pDstProfile->nAddIEScanLength = pSrcProfile->nAddIEScanLength;
+ }
+ else
+ {
+ VOS_TRACE( VOS_MODULE_ID_VOSS, VOS_TRACE_LEVEL_ERROR,
+ FL(" AddIEScanLength is not valid %u"),
+ pSrcProfile->nAddIEScanLength);
+ }
}
if(pSrcProfile->nAddIEAssocLength)
{
@@ -9064,7 +9064,6 @@
tCsrRoamSession *pSession = NULL;
tpSirSmeSwitchChannelInd pSwitchChnInd;
tSmeMaxAssocInd *pSmeMaxAssocInd;
- tSmeCmd pCommand;
pSirMsg->messageType = (pSirMsg->messageType);
pSirMsg->length = (pSirMsg->length);
pSirMsg->statusCode = (pSirMsg->statusCode);
@@ -9148,91 +9147,106 @@
}
break;
case eWNI_SME_DISASSOC_IND:
- // Check if AP dis-associated us because of MIC failure. If so,
- // then we need to take action immediately and not wait till the
- // the WmStatusChange requests is pushed and processed
- pDisassocInd = (tSirSmeDisassocInd *)pSirMsg;
- status = csrRoamGetSessionIdFromBSSID( pMac, (tCsrBssid *)pDisassocInd->bssId, &sessionId );
- if( HAL_STATUS_SUCCESS( status ) )
{
- smsLog( pMac, LOGE, FL("DISASSOCIATION Indication from MAC for session %d "), sessionId);
- smsLog( pMac, LOGE, FL("DISASSOCIATION from peer =" MAC_ADDRESS_STR " "
- " reason = %d status = %d "),
- MAC_ADDR_ARRAY(pDisassocInd->peerMacAddr),
- pDisassocInd->reasonCode, pDisassocInd->statusCode);
- // If we are in neighbor preauth done state then on receiving
- // disassoc or deauth we dont roam instead we just disassoc
- // from current ap and then go to disconnected state
- // This happens for CCX and 11r FT connections ONLY.
-#ifdef WLAN_FEATURE_VOWIFI_11R
- if (csrRoamIs11rAssoc(pMac) && (csrNeighborRoamStatePreauthDone(pMac)))
+ // Check if AP dis-associated us because of MIC failure. If so,
+ // then we need to take action immediately and not wait till the
+ // the WmStatusChange requests is pushed and processed
+ tSmeCmd *pCommand;
+
+ pDisassocInd = (tSirSmeDisassocInd *)pSirMsg;
+ status = csrRoamGetSessionIdFromBSSID( pMac,
+ (tCsrBssid *)pDisassocInd->bssId, &sessionId );
+ if( HAL_STATUS_SUCCESS( status ) )
{
- csrNeighborRoamTranistionPreauthDoneToDisconnected(pMac);
- }
+ smsLog( pMac, LOGE, FL("DISASSOCIATION Indication from MAC"
+ " for session %d "), sessionId);
+ smsLog( pMac, LOGE, FL("DISASSOCIATION from peer ="
+ MAC_ADDRESS_STR " "
+ " reason = %d status = %d "),
+ MAC_ADDR_ARRAY(pDisassocInd->peerMacAddr),
+ pDisassocInd->reasonCode,
+ pDisassocInd->statusCode);
+ // If we are in neighbor preauth done state then on receiving
+ // disassoc or deauth we dont roam instead we just disassoc
+ // from current ap and then go to disconnected state
+ // This happens for CCX and 11r FT connections ONLY.
+#ifdef WLAN_FEATURE_VOWIFI_11R
+ if (csrRoamIs11rAssoc(pMac) && (csrNeighborRoamStatePreauthDone(pMac)))
+ {
+ csrNeighborRoamTranistionPreauthDoneToDisconnected(pMac);
+ }
#endif
#ifdef FEATURE_WLAN_CCX
- if (csrRoamIsCCXAssoc(pMac) && (csrNeighborRoamStatePreauthDone(pMac)))
- {
- csrNeighborRoamTranistionPreauthDoneToDisconnected(pMac);
- }
+ if (csrRoamIsCCXAssoc(pMac) && (csrNeighborRoamStatePreauthDone(pMac)))
+ {
+ csrNeighborRoamTranistionPreauthDoneToDisconnected(pMac);
+ }
#endif
#ifdef FEATURE_WLAN_LFR
- if (csrRoamIsFastRoamEnabled(pMac, sessionId) && (csrNeighborRoamStatePreauthDone(pMac)))
- {
- csrNeighborRoamTranistionPreauthDoneToDisconnected(pMac);
- }
+ if (csrRoamIsFastRoamEnabled(pMac, sessionId) && (csrNeighborRoamStatePreauthDone(pMac)))
+ {
+ csrNeighborRoamTranistionPreauthDoneToDisconnected(pMac);
+ }
#endif
- pSession = CSR_GET_SESSION( pMac, sessionId );
+ pSession = CSR_GET_SESSION( pMac, sessionId );
- if(!pSession)
- {
- smsLog(pMac, LOGE, FL(" session %d not found "), sessionId);
- return;
- }
+ if (!pSession)
+ {
+ smsLog(pMac, LOGE, FL(" session %d not found "), sessionId);
+ return;
+ }
- if ( csrIsConnStateInfra( pMac, sessionId ) )
- {
- pSession->connectState = eCSR_ASSOC_STATE_TYPE_NOT_CONNECTED;
- }
+ if ( csrIsConnStateInfra( pMac, sessionId ) )
+ {
+ pSession->connectState = eCSR_ASSOC_STATE_TYPE_NOT_CONNECTED;
+ }
#ifndef WLAN_MDM_CODE_REDUCTION_OPT
- sme_QosCsrEventInd(pMac, (v_U8_t)sessionId, SME_QOS_CSR_DISCONNECT_IND, NULL);
+ sme_QosCsrEventInd(pMac, (v_U8_t)sessionId, SME_QOS_CSR_DISCONNECT_IND, NULL);
#endif
- csrRoamLinkDown(pMac, sessionId);
- csrRoamIssueWmStatusChange( pMac, sessionId, eCsrDisassociated, pSirMsg );
- if(CSR_IS_INFRA_AP(&pSession->connectedProfile))
- {
+ csrRoamLinkDown(pMac, sessionId);
+ csrRoamIssueWmStatusChange( pMac, sessionId, eCsrDisassociated, pSirMsg );
+ if (CSR_IS_INFRA_AP(&pSession->connectedProfile))
+ {
- pRoamInfo = &roamInfo;
+ pCommand = csrGetCommandBuffer(pMac);
+ if (NULL == pCommand)
+ {
+ smsLog( pMac, LOGE, FL(" fail to get command buffer") );
+ status = eHAL_STATUS_RESOURCES;
+ }
+ pRoamInfo = &roamInfo;
+ pRoamInfo->statusCode = pDisassocInd->statusCode;
+ pRoamInfo->u.pConnectedProfile = &pSession->connectedProfile;
+ pRoamInfo->staId = (tANI_U8)pDisassocInd->staId;
- pRoamInfo->statusCode = pDisassocInd->statusCode;
- pRoamInfo->u.pConnectedProfile = &pSession->connectedProfile;
+ vos_mem_copy(pRoamInfo->peerMac, pDisassocInd->peerMacAddr,
+ sizeof(tSirMacAddr));
+ vos_mem_copy(&pRoamInfo->bssid, pDisassocInd->bssId,
+ sizeof(tCsrBssid));
- pRoamInfo->staId = (tANI_U8)pDisassocInd->staId;
+ status = csrRoamCallCallback(pMac, sessionId, pRoamInfo, 0,
+ eCSR_ROAM_INFRA_IND, eCSR_ROAM_RESULT_DISASSOC_IND);
- vos_mem_copy(pRoamInfo->peerMac, pDisassocInd->peerMacAddr,
- sizeof(tSirMacAddr));
- vos_mem_copy(&pRoamInfo->bssid, pDisassocInd->bssId,
- sizeof(tCsrBssid));
+ /*
+ * STA/P2P client got disassociated so remove any pending deauth
+ * commands in sme pending list
+ */
+ pCommand->command = eSmeCommandRoam;
+ pCommand->sessionId = (tANI_U8)sessionId;
+ pCommand->u.roamCmd.roamReason = eCsrForcedDeauthSta;
+ vos_mem_copy(pCommand->u.roamCmd.peerMac,
+ pDisassocInd->peerMacAddr,
+ sizeof(tSirMacAddr));
+ csrRoamRemoveDuplicateCommand(pMac, sessionId, pCommand, eCsrForcedDeauthSta);
+ csrReleaseCommand( pMac, pCommand );
- status = csrRoamCallCallback(pMac, sessionId, pRoamInfo, 0, eCSR_ROAM_INFRA_IND, eCSR_ROAM_RESULT_DISASSOC_IND);
-
- /*
- * STA/P2P client got disassociated so remove any pending deauth
- * commands in sme pending list
- */
- pCommand.command = eSmeCommandRoam;
- pCommand.sessionId = (tANI_U8)sessionId;
- pCommand.u.roamCmd.roamReason = eCsrForcedDeauthSta;
- vos_mem_copy(pCommand.u.roamCmd.peerMac,
- pDisassocInd->peerMacAddr,
- sizeof(tSirMacAddr));
- csrRoamRemoveDuplicateCommand(pMac, sessionId, &pCommand, eCsrForcedDeauthSta);
+ }
}
- }
- else
- {
- smsLog(pMac, LOGE, FL(" Session Id not found for BSSID " MAC_ADDRESS_STR),
- MAC_ADDR_ARRAY(pDisassocInd->bssId));
+ else
+ {
+ smsLog(pMac, LOGE, FL(" Session Id not found for BSSID " MAC_ADDRESS_STR),
+ MAC_ADDR_ARRAY(pDisassocInd->bssId));
+ }
}
break;
case eWNI_SME_DEAUTH_IND:
@@ -12609,38 +12623,22 @@
}
#endif /* FEATURE_WLAN_CCX */
// addIEScan
- if(pProfile->nAddIEScanLength && pProfile->pAddIEScan)
+ if (pProfile->nAddIEScanLength)
{
ieLen = pProfile->nAddIEScanLength;
- if(ieLen > pSession->nAddIEScanLength)
- {
- if(pSession->pAddIEScan && pSession->nAddIEScanLength)
- {
- vos_mem_free(pSession->pAddIEScan);
- }
- pSession->pAddIEScan = vos_mem_malloc(ieLen);
- if (NULL == pSession->pAddIEScan)
- status = eHAL_STATUS_FAILURE;
- else
- status = eHAL_STATUS_SUCCESS;
- if(!HAL_STATUS_SUCCESS(status)) break;
- }
+ memset(pSession->addIEScan, 0 , pSession->nAddIEScanLength);
pSession->nAddIEScanLength = ieLen;
- vos_mem_copy(pSession->pAddIEScan, pProfile->pAddIEScan, ieLen);
+ vos_mem_copy(pSession->addIEScan, pProfile->addIEScan, ieLen);
wTmp = pal_cpu_to_be16( ieLen );
vos_mem_copy(pBuf, &wTmp, sizeof(tANI_U16));
pBuf += sizeof(tANI_U16);
- vos_mem_copy(pBuf, pProfile->pAddIEScan, ieLen);
+ vos_mem_copy(pBuf, pProfile->addIEScan, ieLen);
pBuf += ieLen;
}
else
{
+ memset(pSession->addIEScan, 0, pSession->nAddIEScanLength);
pSession->nAddIEScanLength = 0;
- if(pSession->pAddIEScan)
- {
- vos_mem_free(pSession->pAddIEScan);
- pSession->pAddIEScan = NULL;
- }
*pBuf = 0;
*(pBuf + 1) = 0;
pBuf += 2;
@@ -14282,12 +14280,12 @@
}
pSession->nWapiRspIeLength = 0;
#endif /* FEATURE_WLAN_WAPI */
- if (pSession->pAddIEScan)
+ if (pSession->nAddIEScanLength)
{
- vos_mem_free(pSession->pAddIEScan);
- pSession->pAddIEScan = NULL;
+ memset(pSession->addIEScan, 0 , SIR_MAC_MAX_IE_LENGTH);
}
pSession->nAddIEScanLength = 0;
+
if (pSession->pAddIEAssoc)
{
vos_mem_free(pSession->pAddIEAssoc);
diff --git a/CORE/SME/src/csr/csrApiScan.c b/CORE/SME/src/csr/csrApiScan.c
index dc2a1ba..0ff0c84 100644
--- a/CORE/SME/src/csr/csrApiScan.c
+++ b/CORE/SME/src/csr/csrApiScan.c
@@ -7213,7 +7213,7 @@
{
pScanCmd->u.scanCmd.u.scanRequest.p2pSearch = 1;
}
- if(pProfile->pAddIEScan)
+ if(pProfile->nAddIEScanLength)
{
pScanCmd->u.scanCmd.u.scanRequest.pIEField = vos_mem_malloc(
pProfile->nAddIEScanLength);
@@ -7226,7 +7226,7 @@
if (HAL_STATUS_SUCCESS(status))
{
vos_mem_copy(pScanCmd->u.scanCmd.u.scanRequest.pIEField,
- pProfile->pAddIEScan, pProfile->nAddIEScanLength);
+ pProfile->addIEScan, pProfile->nAddIEScanLength);
pScanCmd->u.scanCmd.u.scanRequest.uIEFieldLen = pProfile->nAddIEScanLength;
}
else
diff --git a/CORE/SME/src/csr/csrUtil.c b/CORE/SME/src/csr/csrUtil.c
index 1164dd6..2403543 100644
--- a/CORE/SME/src/csr/csrUtil.c
+++ b/CORE/SME/src/csr/csrUtil.c
@@ -5816,10 +5816,10 @@
}
#endif /* FEATURE_WLAN_WAPI */
- if(pProfile->pAddIEScan)
+ if (pProfile->nAddIEScanLength)
{
- vos_mem_free(pProfile->pAddIEScan);
- pProfile->pAddIEScan = NULL;
+ memset(pProfile->addIEScan, 0 , SIR_MAC_MAX_IE_LENGTH+2);
+ pProfile->nAddIEScanLength = 0;
}
if(pProfile->pAddIEAssoc)