From: Luca Coelho <luca@coelho.fi>
To: kvalo@codeaurora.org
Cc: luca@coelho.fi, linux-wireless@vger.kernel.org
Subject: [PATCH v2 07/12] iwlwifi: mvm: don't use FW key ID in beacon protection
Date: Thu, 26 Aug 2021 22:47:43 +0300 [thread overview]
Message-ID: <iwlwifi.20210826224715.30e665d39b07.I78bf7d304ef5a80cecf5fa1c1fca0b51b956cceb@changeid> (raw)
In-Reply-To: <20210826194748.826360-1-luca@coelho.fi>
From: Johannes Berg <johannes.berg@intel.com>
To check beacon protection had a mismatch of the key ID we
currently use the key ID from the firmware, but firmware
side we want to clean up the API to stop reporting this.
Instead, check the IWL_RX_MPDU_STATUS_KEY_VALID bit that
indicates that the firmware used the correct key, and if
that's set but we get invalid MIC/replay use the key ID
from the frame to look up the key and notify mac80211 of
MIC error or replay. Since both keys must have the same
cipher and thus MIC length, we can use either of them to
look up the MIC length.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 41 ++++++++++++-------
1 file changed, 27 insertions(+), 14 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
index 06cc03820dd5..c12f303cf652 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
@@ -279,7 +279,6 @@ static int iwl_mvm_rx_mgmt_prot(struct ieee80211_sta *sta,
{
struct iwl_mvm_sta *mvmsta;
struct iwl_mvm_vif *mvmvif;
- u8 fwkeyid = u32_get_bits(status, IWL_RX_MPDU_STATUS_KEY);
u8 keyid;
struct ieee80211_key_conf *key;
u32 len = le16_to_cpu(desc->mpdu_len);
@@ -299,6 +298,10 @@ static int iwl_mvm_rx_mgmt_prot(struct ieee80211_sta *sta,
if (!ieee80211_is_beacon(hdr->frame_control))
return 0;
+ /* key mismatch - will also report !MIC_OK but we shouldn't count it */
+ if (!(status & IWL_RX_MPDU_STATUS_KEY_VALID))
+ return -1;
+
/* good cases */
if (likely(status & IWL_RX_MPDU_STATUS_MIC_OK &&
!(status & IWL_RX_MPDU_STATUS_REPLAY_ERROR)))
@@ -309,26 +312,36 @@ static int iwl_mvm_rx_mgmt_prot(struct ieee80211_sta *sta,
mvmsta = iwl_mvm_sta_from_mac80211(sta);
- /* what? */
- if (fwkeyid != 6 && fwkeyid != 7)
- return -1;
-
mvmvif = iwl_mvm_vif_from_mac80211(mvmsta->vif);
- key = rcu_dereference(mvmvif->bcn_prot.keys[fwkeyid - 6]);
- if (!key)
- return -1;
+ /*
+ * both keys will have the same cipher and MIC length, use
+ * whichever one is available
+ */
+ key = rcu_dereference(mvmvif->bcn_prot.keys[0]);
+ if (!key) {
+ key = rcu_dereference(mvmvif->bcn_prot.keys[1]);
+ if (!key)
+ return -1;
+ }
if (len < key->icv_len + IEEE80211_GMAC_PN_LEN + 2)
return -1;
- /*
- * See if the key ID matches - if not this may be due to a
- * switch and the firmware may erroneously report !MIC_OK.
- */
+ /* get the real key ID */
keyid = frame[len - key->icv_len - IEEE80211_GMAC_PN_LEN - 2];
- if (keyid != fwkeyid)
- return -1;
+ /* and if that's the other key, look it up */
+ if (keyid != key->keyidx) {
+ /*
+ * shouldn't happen since firmware checked, but be safe
+ * in case the MIC length is wrong too, for example
+ */
+ if (keyid != 6 && keyid != 7)
+ return -1;
+ key = rcu_dereference(mvmvif->bcn_prot.keys[keyid - 6]);
+ if (!key)
+ return -1;
+ }
/* Report status to mac80211 */
if (!(status & IWL_RX_MPDU_STATUS_MIC_OK))
--
2.33.0
next prev parent reply other threads:[~2021-08-26 19:48 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-26 19:47 [PATCH v2 00/12] iwlwifi: updates intended for v5.15 2021-08-20 v2 Luca Coelho
2021-08-26 19:47 ` [PATCH v2 01/12] iwlwifi: mvm: add support for range request command version 13 Luca Coelho
2021-08-26 20:38 ` Luca Coelho
2021-08-26 19:47 ` [PATCH v2 02/12] iwlwifi: mvm: add support for responder config command version 9 Luca Coelho
2021-08-26 19:47 ` [PATCH v2 03/12] iwlwifi: move get pnvm file name to a separate function Luca Coelho
2021-08-26 19:47 ` [PATCH v2 04/12] iwlwifi: mvm: introduce iwl_stored_beacon_notif_v3 Luca Coelho
2021-08-26 19:47 ` [PATCH v2 05/12] iwlwifi: mvm: support broadcast TWT alone Luca Coelho
2021-08-26 19:47 ` [PATCH v2 06/12] iwlwifi: mvm: Fix scan channel flags settings Luca Coelho
2021-08-26 19:47 ` Luca Coelho [this message]
2021-08-26 19:47 ` [PATCH v2 08/12] iwlwifi: export DHC framework and add first public entry, twt_setup Luca Coelho
2021-08-26 19:47 ` [PATCH v2 09/12] iwlwifi: mvm: add fixed_rate debugfs entry to public DHC Luca Coelho
2021-08-26 19:47 ` [PATCH v2 10/12] iwlwifi: Add support for getting rf id with blank otp Luca Coelho
2021-10-22 6:25 ` Luca Coelho
2021-10-22 7:13 ` Luca Coelho
2021-10-22 7:41 ` Luca Coelho
2021-08-26 19:47 ` [PATCH v2 11/12] iwlwifi: Add support for more BZ HWs Luca Coelho
2021-08-26 19:47 ` [PATCH v2 12/12] iwlwifi: Start scratch debug register for Bz family Luca Coelho
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=iwlwifi.20210826224715.30e665d39b07.I78bf7d304ef5a80cecf5fa1c1fca0b51b956cceb@changeid \
--to=luca@coelho.fi \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).