Re: nl80211 related warning w/ 4-way handshake offload and failure to associate

From: Arend Van Spriel <arend.vanspriel@broadcom.com>
To: Eric Blau <eblau@eblau.com>, linux-wireless@vger.kernel.org
Subject: Re: nl80211 related warning w/ 4-way handshake offload and failure to associate
Date: Thu, 3 Jan 2019 23:52:25 +0100	[thread overview]
Message-ID: <d834abf2-c6cd-175d-5a88-47b0ca83b100@broadcom.com> (raw)
In-Reply-To: <CADU241NrgYUq+eEyaNXteTA+KkPgcLXRHraR9y1OZm2bYY7U3g@mail.gmail.com>

On 1/3/2019 5:29 PM, Eric Blau wrote:
> Hi folks,
> 
> Myself and several others are hitting a issue with the latest
> wpa_supplicant version (2.7). wpa_supplicant has added support for
> 4-way handshake offload for 802.1X. With this new version,
> wpa_supplicant fails to associate and hits a kernel warning which
> appears related to how the driver or firmware advertises 4-way
> handshake offload support.
> 
> There is an Arch Linux bug open on this with a bunch of details here:
> 
> https://bugs.archlinux.org/task/61119
> 
> The wpa_supplicant folks note that this appears to be a driver issue
> and suggested I report the problem here. Reverting to wpa_supplicant
> 2.6 without 4-way handshake offload support works around the problem.
> 
> Here is the kernel warning:
> 
> kernel: WARNING: CPU: 0 PID: 16169 at
> drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:5130
> brcmf_cfg80211_set_pmk+0x50/0x70 [brcmfmac]
> kernel: Modules linked in: brcmfmac ipt_MASQUERADE
> nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo fuse iptable_nat
> nf_nat_ipv4 xt_addrtype iptable_filter xt_conntrack nf_nat
> nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c crc32c_generic
> br_netfilter bridge stp llc cmac bnep nls_iso8859_1 nls_cp437 vfat fat
> snd_hda_codec_hdmi sg crypto_user btusb btrtl btbcm btintel bluetooth
> asix usbnet joydev mii mousedev bcm5974 input_leds libphy ecdh_generic
> crc16 msr ofpart cmdlinepart intel_spi_platform intel_spi brcmutil
> intel_rapl spi_nor x86_pkg_temp_thermal intel_powerclamp coretemp
> kvm_intel mtd cfg80211 iTCO_wdt iTCO_vendor_support i915 kvmgt
> vfio_mdev mdev vfio_iommu_type1 vfio kvm i2c_algo_bit drm_kms_helper
> drm snd_hda_codec_cirrus snd_hda_codec_generic snd_hda_intel
> snd_hda_codec applesmc irqbypass input_polldev intel_cstate
> snd_hda_core mmc_core intel_uncore snd_hwdep intel_rapl_perf snd_pcm
> thunderbolt mei_me pcspkr lpc_ich intel_gtt i2c_i801 intel_pch_thermal
> snd_timer
> kernel: agpgart mei rfkill snd syscopyarea spi_pxa2xx_pci sysfillrect
> sysimgblt acpi_als fb_sys_fops soundcore kfifo_buf sbs evdev
> industrialio sbshc mac_hid spi_pxa2xx_platform ac apple_bl pcc_cpufreq
> facetimehd(OE) videobuf2_dma_sg videobuf2_memops videobuf2_v4l2
> videobuf2_common videodev media ip_tables x_tables zfs(POE)
> zunicode(POE) zavl(POE) icp(POE) zcommon(POE) znvpair(POE) spl(OE)
> algif_skcipher af_alg hid_apple hid_generic usbhid hid dm_crypt dm_mod
> sd_mod crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel
> ahci libahci libata scsi_mod aesni_intel xhci_pci aes_x86_64
> crypto_simd xhci_hcd cryptd glue_helper [last unloaded: brcmfmac]
> kernel: CPU: 0 PID: 16169 Comm: wpa_supplicant Tainted: P W OE
> 4.20.0-arch1-1-ARCH #1
> kernel: Hardware name: Apple Inc. MacBookPro12,1/Mac-E43C1C25D4880AD6,
> BIOS MBP121.88Z.0177.B00.1806051659 06/05/2018
> kernel: RIP: 0010:brcmf_cfg80211_set_pmk+0x50/0x70 [brcmfmac]
> kernel: Code: 8b 83 c8 08 00 00 83 b8 80 07 00 00 02 75 1b 0f b6 55 08
> 80 fa 20 77 1c 48 8b 75 10 48 8d bb c0 08 00 00 5b 5d e9 80 fe ff ff
> <0f> 0b b8 ea ff ff ff 5b 5d c3 b8 de ff ff ff eb f6 66 66 2e 0f 1f
> kernel: RSP: 0018:ffffaad283d0ba98 EFLAGS: 00010293
> kernel: RAX: ffff9aa6ee816000 RBX: ffff9aa6ee811000 RCX: ffff9aa80a77c000
> kernel: RDX: ffffffffc10b8b7d RSI: ffffffffc10ade80 RDI: 0000000000000002
> kernel: RBP: ffffaad283d0bab0 R08: 00000000000000fe R09: ffff9aa80a77c000
> kernel: R10: 0000000000000000 R11: ffffffff848f5e58 R12: ffff9aa6ee816050
> kernel: R13: ffff9aa6ee811000 R14: ffff9aa76cc10000 R15: ffff9aa76cc10300
> kernel: FS: 00007fcfeb90a480(0000) GS:ffff9aa826a00000(0000)
> knlGS:0000000000000000
> kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> kernel: CR2: 000055d5ae8e5fe0 CR3: 0000000227530005 CR4: 00000000003606f0
> kernel: Call Trace:
> kernel: nl80211_set_pmk+0x178/0x270 [cfg80211]
> kernel: genl_family_rcv_msg+0x1c4/0x3c0
> kernel: ? sock_def_readable+0xe/0x80
> kernel: ? __netlink_sendskb+0x3d/0x50
> kernel: genl_rcv_msg+0x47/0x90
> kernel: ? __kmalloc_node_track_caller+0x1ed/0x290
> kernel: ? genl_family_rcv_msg+0x3c0/0x3c0
> kernel: netlink_rcv_skb+0x4c/0x120
> kernel: genl_rcv+0x24/0x40
> kernel: netlink_unicast+0x196/0x240
> kernel: netlink_sendmsg+0x1fd/0x3c0
> kernel: sock_sendmsg+0x33/0x40
> kernel: ___sys_sendmsg+0x295/0x2f0
> kernel: ? dev_get_by_name_rcu+0x73/0x90
> kernel: ? dev_ioctl+0x171/0x3d0
> kernel: ? __check_object_size+0xa0/0x189
> kernel: ? preempt_count_add+0x79/0xb0
> kernel: ? __inode_wait_for_writeback+0x7f/0xf0
> kernel: ? preempt_count_add+0x79/0xb0
> kernel: ? _raw_spin_lock+0x13/0x30
> kernel: ? _raw_spin_unlock+0x16/0x30
> kernel: ? __dentry_kill+0x116/0x160
> kernel: __sys_sendmsg+0x57/0xa0
> kernel: do_syscall_64+0x5b/0x170
> kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9
> kernel: RIP: 0033:0x7fcfebe41fd8
> kernel: Code: 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 80 00 00 00 00 f3
> 0f 1e fa 48 8d 05 65 65 0c 00 8b 00 85 c0 75 17 b8 2e 00 00 00 0f 05
> <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 41 89 d4 55
> kernel: RSP: 002b:00007ffdff680c48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
> kernel: RAX: ffffffffffffffda RBX: 000055cd5d162040 RCX: 00007fcfebe41fd8
> kernel: RDX: 0000000000000000 RSI: 00007ffdff680c80 RDI: 0000000000000005
> kernel: RBP: 000055cd5d189110 R08: 0000000000000004 R09: 00007fcfebf04150
> kernel: R10: 00007ffdff680d54 R11: 0000000000000246 R12: 000055cd5d161f50
> kernel: R13: 00007ffdff680c80 R14: ffffffffffffffff R15: 0000000000000000
> kernel: ---[ end trace 462c92ab814d0cda ]---
> 
> 
> The problem looks related to this commit:
> 
> commit 2526ff21aa77c205f72e8263335f20b7d7e636fc
> Author: Arend van Spriel <arend.vanspriel@broadcom.com>
> AuthorDate: Fri Jun 9 13:08:48 2017 +0100
> Commit: Kalle Valo <kvalo@codeaurora.org>
> CommitDate: Fri Jun 30 09:38:22 2017 +0300
> 
> brcmfmac: support 4-way handshake offloading for 802.1X
> 
> Adding callbacks for PMK provisioning. If firmware supports offloading
> it is indicated to user-space that 802.1X offload is supported.
> 
> Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
> 
> 
> ChangeLog for wpa_supplicant:
> 
> 2018-12-02 - v2.7
> * added support for nl80211 to offload 4-way handshake into the driver
> 
> 
> Thanks in advance for your help.

Hi Eric,

Not sure what the root cause is yet, but the warning means wpa_s is 
issuing a NL80211_CMD_SET_PMK, but it did not pass the 
NL80211_ATTR_WANT_1X_4WAY_HS flag attribute in the NL80211_CMD_CONNECT.

So at first glance it looks like user-space does not adhere to the api 
description:

/**
  * DOC: WPA/WPA2 EAPOL handshake offload
  *
  * By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK flag drivers
  * can indicate they support offloading EAPOL handshakes for WPA/WPA2
  * preshared key authentication. In %NL80211_CMD_CONNECT the preshared
  * key should be specified using %NL80211_ATTR_PMK. Drivers supporting
  * this offload may reject the %NL80211_CMD_CONNECT when no preshared
  * key material is provided, for example when that driver does not
  * support setting the temporal keys through %CMD_NEW_KEY.
  *
  * Similarly @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X flag can be
  * set by drivers indicating offload support of the PTK/GTK EAPOL
  * handshakes during 802.1X authentication. In order to use the offload
  * the %NL80211_CMD_CONNECT should have %NL80211_ATTR_WANT_1X_4WAY_HS
  * attribute flag. Drivers supporting this offload may reject the
  * %NL80211_CMD_CONNECT when the attribute flag is not present.
  *
  * For 802.1X the PMK or PMK-R0 are set by providing %NL80211_ATTR_PMK
  * using %NL80211_CMD_SET_PMK. For offloaded FT support also
  * %NL80211_ATTR_PMKR0_NAME must be provided.
  */

However, better make sure there is nothing wrong in the driver. Could 
you apply the patch below and let me know what the warning looks like.

Regards,
Arend
---

diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c 
b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
index ce2c547..106322e 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -5122,12 +5122,15 @@ static int brcmf_cfg80211_set_pmk(struct wiphy 
*wiphy, struct net_device *dev,
  				  const struct cfg80211_pmk_conf *conf)
  {
  	struct brcmf_if *ifp;
+	enum brcmf_profile_fwsup use_fwsup;

  	brcmf_dbg(TRACE, "enter\n");

  	/* expect using firmware supplicant for 1X */
  	ifp = netdev_priv(dev);
-	if (WARN_ON(ifp->vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_1X))
+	use_fwsup = ifp->vif->profile.use_fwsup;
+	if (WARN(use_fwsup != BRCMF_PROFILE_FWSUP_1X,
+		 "use_fwsup=%X\n", use_fwsup))
  		return -EINVAL;

  	if (conf->pmk_len > BRCMF_WSEC_MAX_PSK_LEN)
