AP MLD: Clear rejected links in wpa_state_machine

When a non-AP MLD requests ML association, the wpa_state_machine
(sta->wpa_sm) object for the STA is created while processing IEs of the
link in which the (Re)Association Request frame is received and all link
information is updated to sm->mld_links[].

Later while processing STA profiles, links that don't satisfy the
necessary conditions for the affiliated AP of the AP MLD to accept the
links will be rejected, but these links are still marked as valid in
wpa_sm. This results in unnecessary link KDE mismatch in EAPOL 2/4 and
additional Group KDEs in EAPOL 3/4.

Reset the valid flag of rejected links in wpa_sm and release its wpa
group references.

Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 7d207fcde63557900ac6d29091a886152ecefdc3..7a33dd48779fc85bd0c2a020d93d298477c0ce44 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -4885,6 +4885,8 @@ out:
 
        wpa_printf(MSG_DEBUG, "MLD: link: status=%u", status);
        if (status != WLAN_STATUS_SUCCESS) {
+               wpa_release_link_auth_ref(origin_sta->wpa_sm,
+                                         hapd->mld_link_id);
                if (sta)
                        ap_free_sta(hapd, sta);
                return -1;

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index a27a66a07684f5d38ef26b54af41de8b68bf16e4..fb9a74a879f591dffc12a5d47f14edfeb072fbb2 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -125,17 +125,23 @@ static void wpa_gkeydone_sta(struct wpa_state_machine *sm)
 
 #ifdef CONFIG_IEEE80211BE
 
-void wpa_release_link_auth_ref(struct wpa_state_machine *sm,
-                              int release_link_id)
+void wpa_release_link_auth_ref(struct wpa_state_machine *sm, u8 link_id)
 {
-       int link_id;
+       struct wpa_authenticator *wpa_auth;
+       struct mld_link *link;
 
-       if (!sm || release_link_id >= MAX_NUM_MLD_LINKS)
+       if (!sm || link_id >= MAX_NUM_MLD_LINKS)
                return;
 
-       for_each_sm_auth(sm, link_id) {
-               if (link_id == release_link_id)
-                       sm->mld_links[link_id].wpa_auth = NULL;
+       link = &sm->mld_links[link_id];
+       if (link->valid) {
+               link->valid = false;
+               wpa_auth = link->wpa_auth;
+               if (wpa_auth) {
+                       link->wpa_auth = NULL;
+                       wpa_group_put(wpa_auth, wpa_auth->group);
+               }
+               sm->n_mld_affiliated_links--;
        }
 }
 

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 140eeac79bb2459d2b924810e82227b223660a09..1de467e01904daa46ddde8aeeb1d87bc58f66b10 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -683,8 +683,7 @@ void wpa_auth_ml_get_key_info(struct wpa_authenticator *a,
                              bool mgmt_frame_prot, bool beacon_prot,
                              bool rekey);
 
-void wpa_release_link_auth_ref(struct wpa_state_machine *sm,
-                              int release_link_id);
+void wpa_release_link_auth_ref(struct wpa_state_machine *sm, u8 link_id);
 
 #define for_each_sm_auth(sm, link_id) \
        for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++)       \