1. 11 9月, 2019 3 次提交
  2. 26 7月, 2019 2 次提交
  3. 19 6月, 2019 1 次提交
  4. 14 6月, 2019 1 次提交
  5. 24 5月, 2019 1 次提交
  6. 26 4月, 2019 2 次提交
  7. 09 4月, 2019 1 次提交
    • A
      mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode · 78ad2341
      Alexander Wetzel 提交于
      Restore SW_CRYPTO_CONTROL operation on AP_VLAN interfaces for unicast
      keys, the original override was intended to be done for group keys as
      those are treated specially by mac80211 and would always have been
      rejected.
      
      Now the situation is that AP_VLAN support must be enabled by the driver
      if it can support it (meaning it can support software crypto GTK TX).
      
      Thus, also simplify the code - if we get here with AP_VLAN and non-
      pairwise key, software crypto must be used (driver doesn't know about
      the interface) and can be used (driver must've advertised AP_VLAN if
      it also uses SW_CRYPTO_CONTROL).
      
      Fixes: db3bdcb9 ("mac80211: allow AP_VLAN operation on crypto controlled devices")
      Signed-off-by: NAlexander Wetzel <alexander@wetzel-home.de>
      [rewrite commit message]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      78ad2341
  8. 05 9月, 2018 2 次提交
    • G
      mac80211: remove unnecessary NULL check · 40b5a0f8
      Gustavo A. R. Silva 提交于
      Both old and new cannot be NULL at the same time, hence checking
      new when old is not NULL is unnecessary.
      
      Also, notice that new is being dereferenced before it is checked:
      
      	idx = new->conf.keyidx;
      
      The above triggers a static code analysis warning.
      
      Address this by removing the NULL check on new and adding a code
      comment based on the following piece of code:
      
      387        /* caller must provide at least one old/new */
      388        if (WARN_ON(!new && !old))
      389                return 0;
      
      Addresses-Coverity-ID: 1473176 ("Dereference before null check")
      Signed-off-by: NGustavo A. R. Silva <gustavo@embeddedor.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      40b5a0f8
    • A
      mac80211: Fix PTK rekey freezes and clear text leak · 62872a9b
      Alexander Wetzel 提交于
      Rekeying PTK keys without "Extended Key ID for Individually Addressed
      Frames" did use a procedure not suitable to replace in-use keys and
      could caused the following issues:
      
       1) Freeze caused by incoming frames:
          If the local STA installed the key prior to the remote STA we still
          had the old key active in the hardware when mac80211 switched over
          to the new key.
          Therefore there was a window where the card could hand over frames
          decoded with the old key to mac80211 and bump the new PN (IV) value
          to an incorrect high number. When it happened the local replay
          detection silently started to drop all frames sent with the new key.
      
       2) Freeze caused by outgoing frames:
          If mac80211 was providing the PN (IV) and handed over a clear text
          frame for encryption to the hardware prior to a key change the
          driver/card could have processed the queued frame after switching
          to the new key. This bumped the PN value on the remote STA to an
          incorrect high number, tricking the remote STA to discard all frames
          we sent later.
      
       3) Freeze caused by RX aggregation reorder buffer:
          An aggregation session started with the old key and ending after the
          switch to the new key also bumped the PN to an incorrect high number,
          freezing the connection quite similar to 1).
      
       4) Freeze caused by repeating lost frames in an aggregation session:
          A driver could repeat a lost frame and encrypt it with the new key
          while in a TX aggregation session without updating the PN for the
          new key. This also could freeze connections similar to 2).
      
       5) Clear text leak:
          Removing encryption offload from the card cleared the encryption
          offload flag only after the card had deleted the key and we did not
          stop TX during the rekey. The driver/card could therefore get
          unencrypted frames from mac80211 while no longer be instructed to
          encrypt them.
      
      To prevent those issues the key install logic has been changed:
       - Mac80211 divers known to be able to rekey PTK0 keys have to set
         @NL80211_EXT_FEATURE_CAN_REPLACE_PTK0,
       - mac80211 stops queuing frames depending on the key during the replace
       - the key is first replaced in the hardware and after that in mac80211
       - and mac80211 stops/blocks new aggregation sessions during the rekey.
      
      For drivers not setting
      @NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 the user space must avoid PTK
      rekeys if "Extended Key ID for Individually Addressed Frames" is not
      being used. Rekeys for mac80211 drivers without this flag will generate a
      warning and use an extra call to ieee80211_flush_queues() to both
      highlight and try to prevent the issues with not updated drivers.
      
      The core of the fix changes the key install procedure from:
       - atomic switch over to the new key in mac80211
       - remove the old key in the hardware (stops encryption offloading, fall
         back to software encryption with a potential clear text packet leak
         in between)
       - delete the inactive old key in mac80211
       - enable hardware encryption offloading for the new key
      to:
       - if it's a PTK mark the old key as tainted to drop TX frames with the
         outgoing key
       - replace the key in hardware with the new one
       - atomic switch over to the new (not marked as tainted) key in
         mac80211 (which also resumes TX)
       - delete the inactive old key in mac80211
      
      With the new sequence the hardware will be unable to decrypt frames
      encrypted with the old key prior to switching to the new key in mac80211
      and thus prevent PNs from packets decrypted with the old key to be
      accounted against the new key.
      
      For that to work the drivers have to provide a clear boundary.
      Mac80211 drivers setting @NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 confirm
      to provide it and mac80211 will then be able to correctly rekey in-use
      PTK keys with those drivers.
      
      The mac80211 requirements for drivers to set the flag have been added to
      the "Hardware crypto acceleration" documentation section. It drills down
      to:
      The drivers must not hand over frames decrypted with the old key to
      mac80211 once the call to set_key() with %DISABLE_KEY has been
      completed. It's allowed to either drop or continue to use the old key
      for any outgoing frames which are already in the queues, but it must not
      send out any of them unencrypted or encrypted with the new key.
      
      Even with the new boundary in place aggregation sessions with the
      reorder buffer are problematic:
      RX aggregation session started prior and completed after the rekey could
      still dump frames received with the old key at mac80211 after it
      switched over to the new key. This is side stepped by stopping all (RX
      and TX) aggregation sessions when replacing a PTK key and hardware key
      offloading.
      Stopping TX aggregation sessions avoids the need to get
      the PNs (IVs) updated in frames prepared for the old key and
      (re)transmitted after the switch to the new key. As a bonus it improves
      the compatibility when the remote STA is not handling rekeys as it
      should.
      
      When using software crypto aggregation sessions are not stopped.
      Mac80211 won't be able to decode the dangerous frames and discard them
      without special handling.
      Signed-off-by: NAlexander Wetzel <alexander@wetzel-home.de>
      [trim overly long rekey warning]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      62872a9b
  9. 24 7月, 2018 1 次提交
    • M
      mac80211: restrict delayed tailroom needed decrement · 133bf90d
      Manikanta Pubbisetty 提交于
      As explained in ieee80211_delayed_tailroom_dec(), during roam,
      keys of the old AP will be destroyed and new keys will be
      installed. Deletion of the old key causes
      crypto_tx_tailroom_needed_cnt to go from 1 to 0 and the new key
      installation causes a transition from 0 to 1.
      
      Whenever crypto_tx_tailroom_needed_cnt transitions from 0 to 1,
      we invoke synchronize_net(); the reason for doing this is to avoid
      a race in the TX path as explained in increment_tailroom_need_count().
      This synchronize_net() operation can be slow and can affect the station
      roam time. To avoid this, decrementing the crypto_tx_tailroom_needed_cnt
      is delayed for a while so that upon installation of new key the
      transition would be from 1 to 2 instead of 0 to 1 and thereby
      improving the roam time.
      
      This is all correct for a STA iftype, but deferring the tailroom_needed
      decrement for other iftypes may be unnecessary.
      
      For example, let's consider the case of a 4-addr client connecting to
      an AP for which AP_VLAN interface is also created, let the initial
      value for tailroom_needed on the AP be 1.
      
      * 4-addr client connects to the AP (AP: tailroom_needed = 1)
      * AP will clear old keys, delay decrement of tailroom_needed count
      * AP_VLAN is created, it takes the tailroom count from master
        (AP_VLAN: tailroom_needed = 1, AP: tailroom_needed = 1)
      * Install new key for the station, assume key is plumbed in the HW,
        there won't be any change in tailroom_needed count on AP iface
      * Delayed decrement of tailroom_needed count on AP
        (AP: tailroom_needed = 0, AP_VLAN: tailroom_needed = 1)
      
      Because of the delayed decrement on AP iface, tailroom_needed count goes
      out of sync between AP(master iface) and AP_VLAN(slave iface) and
      there would be unnecessary tailroom created for the packets going
      through AP_VLAN iface.
      
      Also, WARN_ONs were observed while trying to bring down the AP_VLAN
      interface:
      (warn_slowpath_common) (warn_slowpath_null+0x18/0x20)
      (warn_slowpath_null) (ieee80211_free_keys+0x114/0x1e4)
      (ieee80211_free_keys) (ieee80211_del_virtual_monitor+0x51c/0x850)
      (ieee80211_del_virtual_monitor) (ieee80211_stop+0x30/0x3c)
      (ieee80211_stop) (__dev_close_many+0x94/0xb8)
      (__dev_close_many) (dev_close_many+0x5c/0xc8)
      
      Restricting delayed decrement to station interface alone fixes the problem
      and it makes sense to do so because delayed decrement is done to improve
      roam time which is applicable only for client devices.
      Signed-off-by: NManikanta Pubbisetty <mpubbise@codeaurora.org>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      133bf90d
  10. 29 3月, 2018 1 次提交
    • M
      mac80211: allow AP_VLAN operation on crypto controlled devices · db3bdcb9
      Manikanta Pubbisetty 提交于
      In the current implementation, mac80211 advertises the support of
      AP_VLANs based on the driver's support for AP mode; it also
      blocks encrypted AP_VLAN operation on devices advertising
      SW_CRYPTO_CONTROL.
      
      The implementation seems weird in it's current form and could be
      often confusing, this is because there can be drivers advertising
      both SW_CRYPTO_CONTROL and AP mode support (ex: ath10k) in which case
      AP_VLAN will still be supported but only in open BSS and not in
      secured BSS.
      
      When SW_CRYPTO_CONTROL is enabled, it makes more sense if the decision
      to support AP_VLANs is left to the driver. Mac80211 can then allow
      AP_VLAN operations depending on the driver support.
      Signed-off-by: NManikanta Pubbisetty <mpubbise@codeaurora.org>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      db3bdcb9
  11. 11 12月, 2017 1 次提交
  12. 25 10月, 2017 1 次提交
    • J
      mac80211: don't compare TKIP TX MIC key in reinstall prevention · cfbb0d90
      Johannes Berg 提交于
      For the reinstall prevention, the code I had added compares the
      whole key. It turns out though that iwlwifi firmware doesn't
      provide the TKIP TX MIC key as it's not needed in client mode,
      and thus the comparison will always return false.
      
      For client mode, thus always zero out the TX MIC key part before
      doing the comparison in order to avoid accepting the reinstall
      of the key with identical encryption and RX MIC key, but not the
      same TX MIC key (since the supplicant provides the real one.)
      
      Fixes: fdf7cb41 ("mac80211: accept key reinstall without changing anything")
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      cfbb0d90
  13. 18 10月, 2017 1 次提交
  14. 16 10月, 2017 1 次提交
    • J
      mac80211: accept key reinstall without changing anything · fdf7cb41
      Johannes Berg 提交于
      When a key is reinstalled we can reset the replay counters
      etc. which can lead to nonce reuse and/or replay detection
      being impossible, breaking security properties, as described
      in the "KRACK attacks".
      
      In particular, CVE-2017-13080 applies to GTK rekeying that
      happened in firmware while the host is in D3, with the second
      part of the attack being done after the host wakes up. In
      this case, the wpa_supplicant mitigation isn't sufficient
      since wpa_supplicant doesn't know the GTK material.
      
      In case this happens, simply silently accept the new key
      coming from userspace but don't take any action on it since
      it's the same key; this keeps the PN replay counters intact.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      fdf7cb41
  15. 13 12月, 2016 1 次提交
    • J
      mac80211: don't call drv_set_default_unicast_key() for VLANs · ec4efc4a
      Johannes Berg 提交于
      Since drivers know nothing about AP_VLAN interfaces, trying to
      call drv_set_default_unicast_key() just results in a warning
      and no call to the driver. Avoid the warning by not calling the
      driver for this on AP_VLAN interfaces.
      
      This means that drivers that somehow need this call for AP mode
      will fail to work properly in the presence of VLAN interfaces,
      but the current drivers don't seem to use it, and mac80211 will
      select and indicate the key - so drivers should be OK now.
      Reported-by: NJouni Malinen <j@w1.fi>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      ec4efc4a
  16. 06 4月, 2016 1 次提交
    • J
      mac80211: add fast-rx path · 49ddf8e6
      Johannes Berg 提交于
      The regular RX path has a lot of code, but with a few
      assumptions on the hardware it's possible to reduce the
      amount of code significantly. Currently the assumptions
      on the driver are the following:
       * hardware/driver reordering buffer (if supporting aggregation)
       * hardware/driver decryption & PN checking (if using encryption)
       * hardware/driver did de-duplication
       * hardware/driver did A-MSDU deaggregation
       * AP_LINK_PS is used (in AP mode)
       * no client powersave handling in mac80211 (in client mode)
      
      of which some are actually checked per packet:
       * de-duplication
       * PN checking
       * decryption
      and additionally packets must
       * not be A-MSDU (have been deaggregated by driver/device)
       * be data packets
       * not be fragmented
       * be unicast
       * have RFC 1042 header
      
      Additionally dynamically we assume:
       * no encryption or CCMP/GCMP, TKIP/WEP/other not allowed
       * station must be authorized
       * 4-addr format not enabled
      
      Some data needed for the RX path is cached in a new per-station
      "fast_rx" structure, so that we only need to look at this and
      the packet, no other memory when processing packets on the fast
      RX path.
      
      After doing the above per-packet checks, the data path collapses
      down to a pretty simple conversion function taking advantage of
      the data cached in the small fast_rx struct.
      
      This should speed up the RX processing, and will make it easier
      to reason about parallelizing RX (for which statistics will need
      to be per-CPU still.)
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      49ddf8e6
  17. 24 2月, 2016 2 次提交
  18. 04 12月, 2015 1 次提交
  19. 17 7月, 2015 1 次提交
  20. 22 6月, 2015 1 次提交
    • J
      mac80211: fix locking in update_vlan_tailroom_need_count() · 51f458d9
      Johannes Berg 提交于
      Unfortunately, Michal's change to fix AP_VLAN crypto tailroom
      caused a locking issue that was reported by lockdep, but only
      in a few cases - the issue was a classic ABBA deadlock caused
      by taking the mtx after the key_mtx, where normally they're
      taken the other way around.
      
      As the key mutex protects the field in question (I'm adding a
      few annotations to make that clear) only the iteration needs
      to be protected, but we can also iterate the interface list
      with just RCU protection while holding the key mutex.
      
      Fixes: f9dca80b ("mac80211: fix AP_VLAN crypto tailroom calculation")
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      51f458d9
  21. 10 6月, 2015 1 次提交
    • J
      mac80211: convert HW flags to unsigned long bitmap · 30686bf7
      Johannes Berg 提交于
      As we're running out of hardware capability flags pretty quickly,
      convert them to use the regular test_bit() style unsigned long
      bitmaps.
      
      This introduces a number of helper functions/macros to set and to
      test the bits, along with new debugfs code.
      
      The occurrences of an explicit __clear_bit() are intentional, the
      drivers were never supposed to change their supported bits on the
      fly. We should investigate changing this to be a per-frame flag.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      30686bf7
  22. 02 6月, 2015 1 次提交
    • J
      mac80211: move TX PN to public part of key struct · db388a56
      Johannes Berg 提交于
      For drivers supporting TSO or similar features, but that still have
      PN assignment in software, there's a need to have some memory to
      store the current PN value. As mac80211 already stores this and it's
      somewhat complicated to add a per-driver area to the key struct (due
      to the dynamic sizing thereof) it makes sense to just move the TX PN
      to the keyconf, i.e. the public part of the key struct.
      
      As TKIP is more complicated and we won't able to offload it in this
      way right now (fast-xmit is skipped for TKIP unless the HW does it
      all, and our hardware needs MMIC calculation in software) I've not
      moved that for now - it's possible but requires exposing a lot of
      the internal TKIP state.
      
      As an bonus side effect, we can remove a lot of code by assuming the
      keyseq struct has a certain layout - with BUILD_BUG_ON to verify it.
      
      This might also improve performance, since now TX and RX no longer
      share a cacheline.
      Reviewed-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      db388a56
  23. 20 5月, 2015 1 次提交
    • M
      mac80211: fix AP_VLAN crypto tailroom calculation · f9dca80b
      Michal Kazior 提交于
      Some splats I was seeing:
      
       (a) WARNING: CPU: 1 PID: 0 at /devel/src/linux/net/mac80211/wep.c:102 ieee80211_wep_add_iv
       (b) WARNING: CPU: 1 PID: 0 at /devel/src/linux/net/mac80211/wpa.c:73 ieee80211_tx_h_michael_mic_add
       (c) WARNING: CPU: 3 PID: 0 at /devel/src/linux/net/mac80211/wpa.c:433 ieee80211_crypto_ccmp_encrypt
      
      I've seen (a) and (b) with ath9k hw crypto and (c)
      with ath9k sw crypto. All of them were related to
      insufficient skb tailroom and I was able to
      trigger these with ping6 program.
      
      AP_VLANs may inherit crypto keys from parent AP.
      This wasn't considered and yielded problems in
      some setups resulting in inability to transmit
      data because mac80211 wouldn't resize skbs when
      necessary and subsequently drop some packets due
      to insufficient tailroom.
      
      For efficiency purposes don't inspect both AP_VLAN
      and AP sdata looking for tailroom counter. Instead
      update AP_VLAN tailroom counters whenever their
      master AP tailroom counter changes.
      Signed-off-by: NMichal Kazior <michal.kazior@tieto.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      f9dca80b
  24. 06 5月, 2015 2 次提交
  25. 22 4月, 2015 1 次提交
    • J
      mac80211: add TX fastpath · 17c18bf8
      Johannes Berg 提交于
      In order to speed up mac80211's TX path, add the "fast-xmit" cache
      that will cache the data frame 802.11 header and other data to be
      able to build the frame more quickly. This cache is rebuilt when
      external triggers imply changes, but a lot of the checks done per
      packet today are simplified away to the check for the cache.
      
      There's also a more detailed description in the code.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      17c18bf8
  26. 17 3月, 2015 1 次提交
  27. 27 1月, 2015 4 次提交
  28. 23 1月, 2015 1 次提交
    • J
      mac80211: allow drivers to control software crypto · fa7e1fbc
      Johannes Berg 提交于
      Some drivers unfortunately cannot support software crypto, but
      mac80211 currently assumes that they do.
      
      This has the issue that if the hardware enabling fails for some
      reason, the software fallback is used, which won't work. This
      clearly isn't desirable, the error should be reported and the
      key setting refused.
      
      Support this in mac80211 by allowing drivers to set a new HW
      flag IEEE80211_HW_SW_CRYPTO_CONTROL, in which case mac80211 will
      only allow software fallback if the set_key() method returns 1.
      The driver will also need to advertise supported cipher suites
      so that mac80211 doesn't advertise any (future) software ciphers
      that the driver can't actually do.
      
      While at it, to make it easier to support this, refactor the
      ieee80211_init_cipher_suites() code.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      fa7e1fbc
  29. 07 1月, 2015 1 次提交
    • I
      mac80211: Re-fix accounting of the tailroom-needed counter · db12847c
      Ido Yariv 提交于
      When hw acceleration is enabled, the GENERATE_IV or PUT_IV_SPACE flags
      only require headroom space. Therefore, the tailroom-needed counter can
      safely be decremented for most drivers.
      
      The older incarnation of this patch (ca34e3b5) assumed that the above
      holds true for all drivers. As reported by Christopher Chavez and
      researched by Christian Lamparter and Larry Finger, this isn't a valid
      assumption for p54 and cw1200.
      
      Drivers that still require tailroom for ICV/MIC even when HW encryption
      is enabled can use IEEE80211_KEY_FLAG_RESERVE_TAILROOM to indicate it.
      Signed-off-by: NIdo Yariv <idox.yariv@intel.com>
      Cc: Christopher Chavez <chrischavez@gmx.us>
      Cc: Christian Lamparter <chunkeey@googlemail.com>
      Cc: Larry Finger <Larry.Finger@lwfinger.net>
      Cc: Solomon Peachy <pizza@shaftnet.org>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      db12847c
  30. 05 1月, 2015 1 次提交