* [PATCH] mac80211: fix EAPoL rekey fail in 802.3 rx path
@ 2022-02-12 16:20 ` Deren Wu
0 siblings, 0 replies; 4+ messages in thread
From: Deren Wu @ 2022-02-12 16:20 UTC (permalink / raw)
To: Johannes Berg
Cc: Felix Fietkau, Lorenzo Bianconi, Sean Wang, Soul Huang, YN Chen,
Leon Yen, Eric-SY Chang, Deren Wu, KM Lin, Robin Chiu, CH Yeh,
Posh Sun, Eric Liang, Stella Chang, Evelyn Tsai, Ryder Lee,
Shayne Chen, linux-wireless, linux-mediatek, Deren Wu
From: Deren Wu <deren.wu@mediatek.com>
mac80211 set capability NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211
to upper layer by default. That means we should pass EAPoL packets through
nl80211 path only, and should not send the EAPoL skb to netdevice diretly.
At the meanwhile, wpa_supplicant would not regist sock to listen EAPoL skb
on the netdevice.
However, there is no contorl_port_protocol handler in mac80211 for 802.3 RX
packets, mac80211 driver would pass up the EAPoL rekey frame to netdevice
and wpa_supplicant would be never interactive with this kind of packets,
if SUPPORTS_RX_DECAP_OFFLOAD is enabled. This causes STA always rekey fail
if EAPoL frame go through 802.3 path.
To avoid this problem, align the same process as 802.11 type to handle
this frame before put it into network stack.
Fixes: 80a915ec4427 ("mac80211: add rx decapsulation offload support")
Signed-off-by: Deren Wu <deren.wu@mediatek.com>
---
net/mac80211/rx.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 0544563ede52..57f5d5500282 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -4509,12 +4509,7 @@ static void ieee80211_rx_8023(struct ieee80211_rx_data *rx,
/* deliver to local stack */
skb->protocol = eth_type_trans(skb, fast_rx->dev);
- memset(skb->cb, 0, sizeof(skb->cb));
- if (rx->list)
- list_add_tail(&skb->list, rx->list);
- else
- netif_receive_skb(skb);
-
+ ieee80211_deliver_skb_to_local_stack(skb, rx);
}
static bool ieee80211_invoke_fast_rx(struct ieee80211_rx_data *rx,
--
2.18.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH] mac80211: fix EAPoL rekey fail in 802.3 rx path
@ 2022-02-12 16:20 ` Deren Wu
0 siblings, 0 replies; 4+ messages in thread
From: Deren Wu @ 2022-02-12 16:20 UTC (permalink / raw)
To: Johannes Berg
Cc: Felix Fietkau, Lorenzo Bianconi, Sean Wang, Soul Huang, YN Chen,
Leon Yen, Eric-SY Chang, Deren Wu, KM Lin, Robin Chiu, CH Yeh,
Posh Sun, Eric Liang, Stella Chang, Evelyn Tsai, Ryder Lee,
Shayne Chen, linux-wireless, linux-mediatek, Deren Wu
From: Deren Wu <deren.wu@mediatek.com>
mac80211 set capability NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211
to upper layer by default. That means we should pass EAPoL packets through
nl80211 path only, and should not send the EAPoL skb to netdevice diretly.
At the meanwhile, wpa_supplicant would not regist sock to listen EAPoL skb
on the netdevice.
However, there is no contorl_port_protocol handler in mac80211 for 802.3 RX
packets, mac80211 driver would pass up the EAPoL rekey frame to netdevice
and wpa_supplicant would be never interactive with this kind of packets,
if SUPPORTS_RX_DECAP_OFFLOAD is enabled. This causes STA always rekey fail
if EAPoL frame go through 802.3 path.
To avoid this problem, align the same process as 802.11 type to handle
this frame before put it into network stack.
Fixes: 80a915ec4427 ("mac80211: add rx decapsulation offload support")
Signed-off-by: Deren Wu <deren.wu@mediatek.com>
---
net/mac80211/rx.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 0544563ede52..57f5d5500282 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -4509,12 +4509,7 @@ static void ieee80211_rx_8023(struct ieee80211_rx_data *rx,
/* deliver to local stack */
skb->protocol = eth_type_trans(skb, fast_rx->dev);
- memset(skb->cb, 0, sizeof(skb->cb));
- if (rx->list)
- list_add_tail(&skb->list, rx->list);
- else
- netif_receive_skb(skb);
-
+ ieee80211_deliver_skb_to_local_stack(skb, rx);
}
static bool ieee80211_invoke_fast_rx(struct ieee80211_rx_data *rx,
--
2.18.0
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] mac80211: fix EAPoL rekey fail in 802.3 rx path
2022-02-12 16:20 ` Deren Wu
@ 2022-02-12 19:13 ` Johannes Berg
-1 siblings, 0 replies; 4+ messages in thread
From: Johannes Berg @ 2022-02-12 19:13 UTC (permalink / raw)
To: Deren Wu
Cc: Felix Fietkau, Lorenzo Bianconi, Sean Wang, Soul Huang, YN Chen,
Leon Yen, Eric-SY Chang, KM Lin, Robin Chiu, CH Yeh, Posh Sun,
Eric Liang, Stella Chang, Evelyn Tsai, Ryder Lee, Shayne Chen,
linux-wireless, linux-mediatek
On Sun, 2022-02-13 at 00:20 +0800, Deren Wu wrote:
> From: Deren Wu <deren.wu@mediatek.com>
>
> mac80211 set capability NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211
> to upper layer by default. That means we should pass EAPoL packets through
> nl80211 path only, and should not send the EAPoL skb to netdevice diretly.
> At the meanwhile, wpa_supplicant would not regist sock to listen EAPoL skb
> on the netdevice.
>
> However, there is no contorl_port_protocol handler in mac80211 for 802.3 RX
> packets, mac80211 driver would pass up the EAPoL rekey frame to netdevice
> and wpa_supplicant would be never interactive with this kind of packets,
> if SUPPORTS_RX_DECAP_OFFLOAD is enabled. This causes STA always rekey fail
> if EAPoL frame go through 802.3 path.
>
> To avoid this problem, align the same process as 802.11 type to handle
> this frame before put it into network stack.
>
> Fixes: 80a915ec4427 ("mac80211: add rx decapsulation offload support")
> Signed-off-by: Deren Wu <deren.wu@mediatek.com>
> ---
> net/mac80211/rx.c | 7 +------
> 1 file changed, 1 insertion(+), 6 deletions(-)
>
> diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
> index 0544563ede52..57f5d5500282 100644
> --- a/net/mac80211/rx.c
> +++ b/net/mac80211/rx.c
> @@ -4509,12 +4509,7 @@ static void ieee80211_rx_8023(struct ieee80211_rx_data *rx,
>
> /* deliver to local stack */
> skb->protocol = eth_type_trans(skb, fast_rx->dev);
> - memset(skb->cb, 0, sizeof(skb->cb));
> - if (rx->list)
> - list_add_tail(&skb->list, rx->list);
> - else
> - netif_receive_skb(skb);
> -
> + ieee80211_deliver_skb_to_local_stack(skb, rx);
> }
This looks like a really good idea even for the security fix in
ieee80211_deliver_skb_to_local_stack() ... :)
johannes
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] mac80211: fix EAPoL rekey fail in 802.3 rx path
@ 2022-02-12 19:13 ` Johannes Berg
0 siblings, 0 replies; 4+ messages in thread
From: Johannes Berg @ 2022-02-12 19:13 UTC (permalink / raw)
To: Deren Wu
Cc: Felix Fietkau, Lorenzo Bianconi, Sean Wang, Soul Huang, YN Chen,
Leon Yen, Eric-SY Chang, KM Lin, Robin Chiu, CH Yeh, Posh Sun,
Eric Liang, Stella Chang, Evelyn Tsai, Ryder Lee, Shayne Chen,
linux-wireless, linux-mediatek
On Sun, 2022-02-13 at 00:20 +0800, Deren Wu wrote:
> From: Deren Wu <deren.wu@mediatek.com>
>
> mac80211 set capability NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211
> to upper layer by default. That means we should pass EAPoL packets through
> nl80211 path only, and should not send the EAPoL skb to netdevice diretly.
> At the meanwhile, wpa_supplicant would not regist sock to listen EAPoL skb
> on the netdevice.
>
> However, there is no contorl_port_protocol handler in mac80211 for 802.3 RX
> packets, mac80211 driver would pass up the EAPoL rekey frame to netdevice
> and wpa_supplicant would be never interactive with this kind of packets,
> if SUPPORTS_RX_DECAP_OFFLOAD is enabled. This causes STA always rekey fail
> if EAPoL frame go through 802.3 path.
>
> To avoid this problem, align the same process as 802.11 type to handle
> this frame before put it into network stack.
>
> Fixes: 80a915ec4427 ("mac80211: add rx decapsulation offload support")
> Signed-off-by: Deren Wu <deren.wu@mediatek.com>
> ---
> net/mac80211/rx.c | 7 +------
> 1 file changed, 1 insertion(+), 6 deletions(-)
>
> diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
> index 0544563ede52..57f5d5500282 100644
> --- a/net/mac80211/rx.c
> +++ b/net/mac80211/rx.c
> @@ -4509,12 +4509,7 @@ static void ieee80211_rx_8023(struct ieee80211_rx_data *rx,
>
> /* deliver to local stack */
> skb->protocol = eth_type_trans(skb, fast_rx->dev);
> - memset(skb->cb, 0, sizeof(skb->cb));
> - if (rx->list)
> - list_add_tail(&skb->list, rx->list);
> - else
> - netif_receive_skb(skb);
> -
> + ieee80211_deliver_skb_to_local_stack(skb, rx);
> }
This looks like a really good idea even for the security fix in
ieee80211_deliver_skb_to_local_stack() ... :)
johannes
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-02-12 19:13 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-12 16:20 [PATCH] mac80211: fix EAPoL rekey fail in 802.3 rx path Deren Wu
2022-02-12 16:20 ` Deren Wu
2022-02-12 19:13 ` Johannes Berg
2022-02-12 19:13 ` Johannes Berg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.