[PATCH AUTOSEL 5.16 113/217] ath10k: drop beacon and probe response which leak from other channel

[Sasha Levin]

From: Wen Gong <quic_wg...@quicinc.com>

[ Upstream commit 3bf2537ec2e33310b431b53fd84be8833736c256 ]

When scan request on channel 1, it also receive beacon from other
channels, and the beacon also indicate to mac80211 and wpa_supplicant,
and then the bss info appears in radio measurement report of radio
measurement sent from wpa_supplicant, thus lead RRM case fail.

This is to drop the beacon and probe response which is not the same
channel of scanning.

Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00049

Signed-off-by: Wen Gong <quic_wg...@quicinc.com>
Signed-off-by: Kalle Valo <quic_kv...@quicinc.com>
Link: https://lore.kernel.org/r/20211208061752.16564-1-quic_wg...@quicinc.com
Signed-off-by: Sasha Levin <sas...@kernel.org>
---
 drivers/net/wireless/ath/ath10k/wmi.c | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath10k/wmi.c 
b/drivers/net/wireless/ath/ath10k/wmi.c
index 7c1c2658cb5f8..4733fd7fb169e 100644
--- a/drivers/net/wireless/ath/ath10k/wmi.c
+++ b/drivers/net/wireless/ath/ath10k/wmi.c
@@ -2611,9 +2611,30 @@ int ath10k_wmi_event_mgmt_rx(struct ath10k *ar, struct 
sk_buff *skb)
                ath10k_mac_handle_beacon(ar, skb);
 
        if (ieee80211_is_beacon(hdr->frame_control) ||
-           ieee80211_is_probe_resp(hdr->frame_control))
+           ieee80211_is_probe_resp(hdr->frame_control)) {
+               struct ieee80211_mgmt *mgmt = (void *)skb->data;
+               u8 *ies;
+               int ies_ch;
+
                status->boottime_ns = ktime_get_boottime_ns();
 
+               if (!ar->scan_channel)
+                       goto drop;
+
+               ies = mgmt->u.beacon.variable;
+
+               ies_ch = 
cfg80211_get_ies_channel_number(mgmt->u.beacon.variable,
+                                                        skb_tail_pointer(skb) 
- ies,
+                                                        sband->band);
+
+               if (ies_ch > 0 && ies_ch != channel) {
+                       ath10k_dbg(ar, ATH10K_DBG_MGMT,
+                                  "channel mismatched ds channel %d scan 
channel %d\n",
+                                  ies_ch, channel);
+                       goto drop;
+               }
+       }
+
        ath10k_dbg(ar, ATH10K_DBG_MGMT,
                   "event mgmt rx skb %pK len %d ftype %02x stype %02x\n",
                   skb, skb->len,
@@ -2627,6 +2648,10 @@ int ath10k_wmi_event_mgmt_rx(struct ath10k *ar, struct 
sk_buff *skb)
        ieee80211_rx_ni(ar->hw, skb);
 
        return 0;
+
+drop:
+       dev_kfree_skb(skb);
+       return 0;
 }
 
 static int freq_to_idx(struct ath10k *ar, int freq)
-- 
2.34.1


_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k