qcacld-2.0: Drop connect if MFPEnabled is set but AP is non-PMF

If ieee80211w=2 or pmf=2 is an explicit configuration in the
supplicant configuration MFPEnabled is set and driver assume it
as a PMF required connection, even if AP is in open security
mode.

Now when disconnect is received from supplicant driver sends a
protected deauth and assert is observed as firmware do not have
any valid key.

To fix this if ieee80211w=2 or pmf=2 is an explicit configuration
in the supplicant configuration but peer AP is non-PMF drop the
connection request.

Change-Id: I40faf63df4e95b367d66e9b51ff165759989a1d1
CRs-Fixed: 1011976

1 files changed, 15 insertions, 0 deletions

diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index f6646a90433a..427401f0fef6 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -17744,6 +17744,21 @@ int wlan_hdd_cfg80211_connect_start( hdd_adapter_t  *pAdapter,
             pRoamProfile->vht_channel_width = ch_width;
         }
         /*
+         * if MFPEnabled is set but the peer AP is non-PMF i.e ieee80211w=2
+         * or pmf=2 is an explicit configuration in the supplicant
+         * configuration, drop the connection request.
+         */
+         if (pWextState->roamProfile.MFPEnabled &&
+            !(pWextState->roamProfile.MFPRequired ||
+            pWextState->roamProfile.MFPCapable)) {
+             hddLog(LOGE,
+                FL("Drop connect req as supplicant has indicated PMF required for the non-PMF peer. MFPEnabled %d MFPRequired %d MFPCapable %d"),
+                pWextState->roamProfile.MFPEnabled,
+                pWextState->roamProfile.MFPRequired,
+                pWextState->roamProfile.MFPCapable);
+             return -EINVAL;
+        }
+        /*
          * Change conn_state to connecting before sme_RoamConnect(),
          * because sme_RoamConnect() has a direct path to call
          * hdd_smeRoamCallback(), which will change the conn_state