Re: wpa_supplicant 2.8 fails in brcmf_cfg80211_set_pmk

[Arend Van Spriel <arend.vanspriel@broadcom.com>]

+ Jouni

On 6/18/2019 7:33 AM, Chi-Hsien Lin wrote:
> 
> 
> On 06/17/2019 10:33, Marcel Holtmann wrote:
>> Hi Chi-hsien,
>>
>>>>> i was able to reproduce an (maybe older issue) with 4-way handshake
>>>>> offloading for 802.1X in the brcmfmac driver. My setup consists of
>>>>> Raspberry Pi 3 B (current linux-next, arm64/defconfig) on STA side and a
>>>>> Raspberry Pi 3 A+ (Linux 4.19) on AP side.
>>>>
>>>> Looks like Raspberry Pi isn't the only affected platform [3], [4].
>>>>
>>>> [3] - https://bugzilla.redhat.com/show_bug.cgi?id=1665608
>>>> [4] - https://bugzilla.kernel.org/show_bug.cgi?id=202521
>>>
>>> Stefan,
>>>
>>> Could you please try the attached patch for your wpa_supplicant? We'll
>>> upstream if it works for you.
>>
>> I hope that someone is also providing a kernel patch to fix the issue. Hacking around a kernel issue in userspace is not enough. Fix the root cause in the kernel.
> 
> Marcel,
> 
> This is a kernel warning for invalid application PMK set actions, so the
> fix is to only set PMK to wifi driver when 4-way is offloaded. I think
> Arend added the WARN_ON() intentionally to catch application misuse of
  > PMK setting.
> 
> You may also remove the warnings with the attached patch, but let's see
> what Arend says first.
> 
> 
> Arend,
> 
> Any comment?

Hi Chi-Hsien, Marcel

 From the kernel side I do not see an issue. In order to use 802.1X 
offload the NL80211_ATTR_WANT_1X_4WAY_HS flag must be set in 
NL80211_CMD_CONNECT. Otherwise, NL80211_CMD_SET_PMK is not accepted. The 
only improvement would be to document this more clearly in the "WPA/WPA2 
EAPOL handshake offload" DOC section in nl80211.h.

As for the wpa_supplicant behavior it seemed a good idea to reuse the 
req_key_mgmt_offload parameter at the time, but it seems to bite each 
other. Maybe it is better to have a separate flag like 
'req_handshake_offload'. Jouni, any thoughts on this?

Regards,
Arend