Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3197801pxb; Mon, 9 Nov 2020 05:23:20 -0800 (PST) X-Google-Smtp-Source: ABdhPJx5R/0+k6XB/Sval62Zu49sPSLmtMw+A7p3na5E1xYMnF30QRKLE8tNfYDlDZjZWCcItD7P X-Received: by 2002:a17:906:3899:: with SMTP id q25mr15687914ejd.0.1604928199782; Mon, 09 Nov 2020 05:23:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604928199; cv=none; d=google.com; s=arc-20160816; b=T6IELYPY5043P8jJB1gPbkdMSK4OXsYEHinLGTfKNaGDdj46xgb5NW99j4KWxKOhqf fKzBVFH45RRj8EsD/knxgNrwWI6yuKnnpXyuGQVptJJf1cHHU05t8SSYrAca+IaJnnNs cUYmfhKIgknMYyC3HNuqdkR0HQV00wq6DGTRfGnFRSaXAmvQQCb+dDZ9Mw5md4cfofPY Wku/95BUAaOJ/pSa83pOQ0ZmaOVJT+cuVqp2za8nlNW98uLweyVjGnmaBIxFZox/d5mj 1F/mXB+XpqxF4qFRW+ybF7N1KqskcuNAYDT5vOH2N0Qhkdh6BjTJLR6tmCSGAZLUroj0 4zuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=YNf8GH4vSKO13sVvfQLLTzJCbrnIPHOf1y5lVU48Ntg=; b=TVsQOJ19S0AviPCibQc9KBzAs4Z4MGCuMS5N3n6XLE325NqOkfv6wwBzxNskdyxPgn HfPBlHmYw7I8rrqxVJUNMhZt+kfHCZIhNZ50PMaRJBFuxtljbkIn5E/SnaI2MxM8DKsM e+Oh/l8rJ8XAaZWb+mnjRqlfw9ZzwsztJ6IKXsww7t3lfqDHMVhRq+KxkQgv2ZRKSFw7 LcAHSviWafl7lHaDxjqoipR5PclQR36HR9n87P2FibuG+JzZlo/i0Fdgvq5DQAv3uc8n EMSmZb5IkQZMKNKVACkR5y9ypuRPMRdZvNHsbZkiv0o4EMu73l93395JnAcC+u3rgTJG JCXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=SiB0qGi2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d10si6740351ejh.20.2020.11.09.05.22.56; Mon, 09 Nov 2020 05:23:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=SiB0qGi2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732964AbgKINVk (ORCPT + 99 others); Mon, 9 Nov 2020 08:21:40 -0500 Received: from mail.kernel.org ([198.145.29.99]:49494 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388088AbgKINVj (ORCPT ); Mon, 9 Nov 2020 08:21:39 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AA7F22065D; Mon, 9 Nov 2020 13:21:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604928098; bh=0UJ8wjG8e3mJkJAcQS878fIT03u4N7tu2eZskINx980=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SiB0qGi2cj1EsJX6c4xXjBhAEArDPfLsC1RJCs57rSAadxq8Ugh3+83I1ooUiNUjP GDVLrRcembRGukOhDv4FIF0Vc9mjD0WhKjFeO+ocSQ5RUCj9q2G8N9GgB0IDMvHZnK fjGFHK8PACLDpaqI9HO+k9FAxVzO3HWPh0J9M3cM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Thomas Deutschmann , Christian Hesse , Mathy Vanhoef , Johannes Berg Subject: [PATCH 5.9 125/133] mac80211: fix regression where EAPOL frames were sent in plaintext Date: Mon, 9 Nov 2020 13:56:27 +0100 Message-Id: <20201109125036.699937228@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201109125030.706496283@linuxfoundation.org> References: <20201109125030.706496283@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mathy Vanhoef commit 804fc6a2931e692f50e8e317fcb0c8887331b405 upstream. When sending EAPOL frames via NL80211 they are treated as injected frames in mac80211. Due to commit 1df2bdba528b ("mac80211: never drop injected frames even if normally not allowed") these injected frames were not assigned a sta context in the function ieee80211_tx_dequeue, causing certain wireless network cards to always send EAPOL frames in plaintext. This may cause compatibility issues with some clients or APs, which for instance can cause the group key handshake to fail and in turn would cause the station to get disconnected. This commit fixes this regression by assigning a sta context in ieee80211_tx_dequeue to injected frames as well. Note that sending EAPOL frames in plaintext is not a security issue since they contain their own encryption and authentication protection. Cc: stable@vger.kernel.org Fixes: 1df2bdba528b ("mac80211: never drop injected frames even if normally not allowed") Reported-by: Thomas Deutschmann Tested-by: Christian Hesse Tested-by: Thomas Deutschmann Signed-off-by: Mathy Vanhoef Link: https://lore.kernel.org/r/20201019160113.350912-1-Mathy.Vanhoef@kuleuven.be Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman --- net/mac80211/tx.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -3613,13 +3613,14 @@ begin: tx.skb = skb; tx.sdata = vif_to_sdata(info->control.vif); - if (txq->sta && !(info->flags & IEEE80211_TX_CTL_INJECTED)) { + if (txq->sta) { tx.sta = container_of(txq->sta, struct sta_info, sta); /* * Drop unicast frames to unauthorised stations unless they are - * EAPOL frames from the local station. + * injected frames or EAPOL frames from the local station. */ - if (unlikely(ieee80211_is_data(hdr->frame_control) && + if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) && + ieee80211_is_data(hdr->frame_control) && !ieee80211_vif_is_mesh(&tx.sdata->vif) && tx.sdata->vif.type != NL80211_IFTYPE_OCB && !is_multicast_ether_addr(hdr->addr1) &&