diff options
author | Yeshwanth Sriram Guntuka <ysriramg@codeaurora.org> | 2021-02-10 13:17:15 +0530 |
---|---|---|
committer | chenpaul <chenpaul@google.com> | 2021-03-23 18:55:47 +0800 |
commit | 2f2a9f2fa1be6e15947fb704aaea2cfe16d804ef (patch) | |
tree | f4219952172d24cd22b928d413fd2453addc9e7c | |
parent | c27e9d23b4f8d9ac136a246bc9371c76c9a0c8ee (diff) | |
download | qcacld-2f2a9f2fa1be6e15947fb704aaea2cfe16d804ef.tar.gz |
qcacld-3.0: Drop non-EAPOL/WAPI frames from unauthorized peer
Drop non-EAPOL/WAPI frames from unauthorized peer received
in the IPA exception path.
Change-Id: I0c0bc6e60efa193126ba1e3eca36c5e02f7f76a3
CRs-Fixed: 2860206
Bug: 182958222
-rw-r--r-- | components/ipa/core/inc/wlan_ipa_priv.h | 4 | ||||
-rw-r--r-- | components/ipa/core/src/wlan_ipa_core.c | 49 |
2 files changed, 51 insertions, 2 deletions
diff --git a/components/ipa/core/inc/wlan_ipa_priv.h b/components/ipa/core/inc/wlan_ipa_priv.h index ce8bd1c7f6..3b0206710b 100644 --- a/components/ipa/core/inc/wlan_ipa_priv.h +++ b/components/ipa/core/inc/wlan_ipa_priv.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2013-2018, 2021 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -293,6 +293,7 @@ struct wlan_ipa_priv; * @interface_lock: Interface lock * @ifa_address: Interface address * @stats: Interface stats + * @bssid: BSSID. valid only for sta iface ctx; */ struct wlan_ipa_iface_context { struct wlan_ipa_priv *ipa_ctx; @@ -309,6 +310,7 @@ struct wlan_ipa_iface_context { qdf_spinlock_t interface_lock; uint32_t ifa_address; struct wlan_ipa_iface_stats stats; + struct qdf_mac_addr bssid; }; /** diff --git a/components/ipa/core/src/wlan_ipa_core.c b/components/ipa/core/src/wlan_ipa_core.c index 4b784f81ca..0d786989d9 100644 --- a/components/ipa/core/src/wlan_ipa_core.c +++ b/components/ipa/core/src/wlan_ipa_core.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2013-2018, 2021 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -763,6 +763,10 @@ static void __wlan_ipa_w2i_cb(void *priv, qdf_ipa_dp_evt_type_t evt, uint8_t session_id; struct wlan_ipa_iface_context *iface_context; uint8_t fw_desc; + void *peer; + bool is_eapol_wapi = false; + struct qdf_mac_addr peer_mac_addr = QDF_MAC_ADDR_ZERO_INIT; + uint8_t sta_idx; ipa_ctx = (struct wlan_ipa_priv *)priv; if (!ipa_ctx) { @@ -818,6 +822,36 @@ static void __wlan_ipa_w2i_cb(void *priv, qdf_ipa_dp_evt_type_t evt, iface_context->stats.num_rx_ipa_excep++; + if (iface_context->device_mode == QDF_STA_MODE) + qdf_copy_macaddr(&peer_mac_addr, &iface_context->bssid); + else if (iface_context->device_mode == QDF_SAP_MODE) + qdf_mem_copy(&peer_mac_addr.bytes[0], + qdf_nbuf_data(skb) + + QDF_NBUF_SRC_MAC_OFFSET, + QDF_MAC_ADDR_SIZE); + + if (qdf_nbuf_is_ipv4_eapol_pkt(skb) || + qdf_nbuf_is_ipv4_wapi_pkt(skb)) + is_eapol_wapi = true; + + peer = cdp_peer_find_by_addr(ipa_ctx->dp_soc, ipa_ctx->dp_pdev, + peer_mac_addr.bytes, &sta_idx); + + /* + * Check for peer authorized state before allowing + * non-EAPOL/WAPI frames to be intrabss forwarded + * or submitted to stack. + */ + + if (peer && cdp_peer_state_get(ipa_ctx->dp_soc, peer) != + OL_TXRX_PEER_STATE_AUTH && !is_eapol_wapi) { + ipa_err_rl("Non EAPOL/WAPI packet received when peer %pM is unauthorized", + peer_mac_addr.bytes); + ipa_ctx->ipa_rx_internal_drop_count++; + dev_kfree_skb_any(skb); + return; + } + /* Disable to forward Intra-BSS Rx packets when * ap_isolate=1 in hostapd.conf */ @@ -1176,6 +1210,7 @@ static void wlan_ipa_cleanup_iface(struct wlan_ipa_iface_context *iface_context) iface_context->sta_id = WLAN_IPA_MAX_STA_COUNT; qdf_spin_unlock_bh(&iface_context->interface_lock); iface_context->ifa_address = 0; + qdf_zero_macaddr(&iface_context->bssid); if (!iface_context->ipa_ctx->num_iface) { ipa_err("NUM INTF 0, Invalid"); QDF_ASSERT(0); @@ -1388,6 +1423,14 @@ static void wlan_ipa_uc_offload_enable_disable(struct wlan_ipa_priv *ipa_ctx, } } +static inline void +wlan_ipa_save_bssid_iface_ctx(struct wlan_ipa_priv *ipa_ctx, uint8_t iface_id, + uint8_t *mac_addr) +{ + qdf_mem_copy(ipa_ctx->iface_context[iface_id].bssid.bytes, + mac_addr, QDF_MAC_ADDR_SIZE); +} + /** * __wlan_ipa_wlan_evt() - IPA event handler * @net_dev: Interface net device @@ -1571,6 +1614,10 @@ static QDF_STATUS __wlan_ipa_wlan_evt(qdf_netdev_t net_dev, uint8_t device_mode, ipa_ctx->vdev_to_iface[session_id] = wlan_ipa_get_ifaceid(ipa_ctx, session_id); + wlan_ipa_save_bssid_iface_ctx(ipa_ctx, + ipa_ctx->vdev_to_iface[session_id], + mac_addr); + ipa_ctx->sta_connected = 1; qdf_mutex_release(&ipa_ctx->event_lock); |