From: Johannes Berg <johannes@sipsolutions.net>
To: "Pali Rohár" <pali@kernel.org>
Cc: Sasha Levin <sashal@kernel.org>, Luca Coelho <luca@coelho.fi>,
linux-wireless@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH v2 11/12] mac80211: drop data frames without key on encrypted links
Date: Wed, 30 Jun 2021 08:49:16 +0200 [thread overview]
Message-ID: <33878426ded4c2b5af3e0cd5b36fbc2e475e2f43.camel@sipsolutions.net> (raw)
In-Reply-To: <20210629213214.wgypgbxor7mhutni@pali>
On Tue, 2021-06-29 at 23:32 +0200, Pali Rohár wrote:
> On Wednesday 23 June 2021 14:16:12 Johannes Berg wrote:
> > On Fri, 2021-06-11 at 12:10 +0200, Pali Rohár wrote:
> > >
> > > @@ -341,8 +341,11 @@ static void ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
> > > if (sta) {
> > > if (pairwise) {
> > > rcu_assign_pointer(sta->ptk[idx], new);
> > > - sta->ptk_idx = idx;
> > > - ieee80211_check_fast_xmit(sta);
> > > + if (new) {
> > > + set_sta_flag(new->sta, WLAN_STA_USES_ENCRYPTION);
> > > + new->sta->ptk_idx = new->conf.keyidx;
> >
> > I'm not entirely sure moving that assignment under the guard is correct.
> >
> > > + ieee80211_check_fast_xmit(new->sta);
> >
> > and I'm pretty sure that moving call under the guard is incorrect,
> > although in the end it probably doesn't even matter if we will drop all
> > frames anyway (due to this patch).
> >
> > So all you need under the assignment is the flag, but also only
> > theoretically, because the function cannot be called with old==NULL &&
> > new==NULL, the first time around it's called we must have old==NULL (no
> > key was ever installed), and so the first time it's called it must be
> > old==NULL && new!=NULL, and then the flag gets set and we never want to
> > clear it again, so I believe you don't need the "if (new)" condition at
> > all.
> >
> > In the code as it was in (and before) my patch the condition is
> > necessary because we use 'new' to obtain the 'sta' and 'local' pointers,
> > but otherwise we don't really need it even in the current version.
> >
> > johannes
>
> Now I see, thank you for explanation. So the code should be like this:
>
> if (pairwise) {
> rcu_assign_pointer(sta->ptk[idx], new);
> + set_sta_flag(sta, WLAN_STA_USES_ENCRYPTION);
> sta->ptk_idx = idx;
> ieee80211_check_fast_xmit(sta);
> } else {
>
> Right?
Yes, I think so.
johannes
next prev parent reply other threads:[~2021-06-30 6:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <iwlwifi.20200326150855.6865c7f28a14.I9fb1d911b064262d33e33dfba730cdeef83926ca@changeid>
2020-03-27 15:03 ` [PATCH v2 11/12] mac80211: drop data frames without key on encrypted links Sasha Levin
2021-06-11 10:10 ` Pali Rohár
2021-06-22 23:15 ` Pali Rohár
2021-06-23 14:55 ` Greg KH
2021-06-23 12:16 ` Johannes Berg
2021-06-29 21:32 ` Pali Rohár
2021-06-30 6:49 ` Johannes Berg [this message]
2021-08-16 13:44 ` [PATCH] " Pali Rohár
2021-08-16 13:54 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=33878426ded4c2b5af3e0cd5b36fbc2e475e2f43.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=luca@coelho.fi \
--cc=pali@kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).