Clear pmksa cache for deauth with reason code 2

[Yu, Xiaona]

>From 9f985164f474cfd2fb25182d6d4b877627f2c810 Mon Sep 17 00:00:00 2001
From: Xiaona Yu <yxiaona at amazon.com>
Date: Fri, 21 Nov 2025 15:27:28 +0800
Subject: [PATCH] Clear pmksa cache for deauth with reason code 2

In WPA3 connection, when receiving deauth with reason code 2,
wpa_supplicant should clear the PMKSA cache.

In WPA3 connection, when the AP is powered off and turned on,
the STA will use the last PMKSA cache to connect to the AP,
but this PMKSA cache is invalid at this time, the AP will
reject to connect and send a deauth frame with reason code 2
or an assoc reject with status code 53.
If AP sends deauth frame for this case, because supplicant
does not handle this reason code 2 to clear the PMKSA cache,
which causes the next connection to still use this invalid
PMKSA cache to connect, and the AP will reject again.

Signed-off-by: Xiaona Yu <yxiaona at amazon.com>
---
 wpa_supplicant/events.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 7ea1199cb..192df7c53 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -5203,6 +5203,17 @@ static void wpas_event_disconnect(struct wpa_supplicant *wpa_s, const u8 *addr,
 	}
 #endif /* CONFIG_AP */
 
+#ifdef CONFIG_SAE
+	if (reason_code == WLAN_REASON_PREV_AUTH_NOT_VALID &&
+	    wpa_s->sme.sae_pmksa_caching && wpa_s->current_ssid &&
+	    wpa_key_mgmt_sae(wpa_s->current_ssid->key_mgmt)) {
+		wpa_dbg(wpa_s, MSG_DEBUG,
+			"PMKSA caching attempt rejected - drop PMKSA cache entry and fall back to SAE authentication");
+		wpa_sm_aborted_cached(wpa_s->wpa);
+		wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
+	}
+#endif /* CONFIG_SAE */
+
 	if (!locally_generated)
 		wpa_s->own_disconnect_req = 0;
 
-- 
2.43.0