Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3321301pxj; Tue, 1 Jun 2021 02:33:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJykPPYuQF+1dmcGrPCDnqDYpBXlBbqYJKb0nTJhsEttIUkDR3fCuDsp0gtxmdqLDBA8Rca7 X-Received: by 2002:a17:906:8608:: with SMTP id o8mr22131246ejx.72.1622539992297; Tue, 01 Jun 2021 02:33:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622539992; cv=none; d=google.com; s=arc-20160816; b=RVai4x6MotHsFEo0/P+NE5EqLsFPLZ8lIiZvvCEU9+JQkPlmGpgtfXKrXvZ395ggbV bfljGY8gb7rGpGKzffxBONjNl7Em69Wia+8B6VD0eeoYYDHAfn+aaVmycu1jgnVPrvBk KZmjlnOPM0XdZCH4Sr/v1rhvo/OVgS7KokjEQFSVYmJfG8szWVWi0Y3BxORJQohZaPS/ rH2eumKAoQAEZx/73bFJYhtoNcXASawe/fORMgRTGbBu6OUUG2XqFdZoqyCBm33VFxDK zMFXoP+fPWLNgqwg5G7XoQGz23r1VtQomw1ISlccyvBRRjirvO9UISO9a1ynlWqcb7nJ N18w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=oaLkNf3lsUXGMldaAj5+p+CWMB0Y+C616FM8GrQKrv8=; b=SZE/XQV+br3dMBpjK827YfOuCoEJgOPl9H/5AyQSAV6I2cO0qSiP+Xwm6dgPDafcn7 1w+3bGDb/TLg7cPJIJs0OZp3iJ0KXSUnqa8RAbQnFsrFCv3XTOJg70LASrNJmmVrar/m 8TKNo0p6E8DjstQOhZ7WYZJY67dOiRjvXHdlynzqvgpxZQa9F/FSVFUV9qIDxfL9MfBR CTMyEe84cTGAXeb6lNMcSp5UAEg//YdQgja/O9LXgHnHgVzZEWsT+vfP5FjaJ7y7b9IP bMAJ9mVtw/jsDt8ZQ6tb5h99SUoFlm/t+3A1DMZmFyc2PN0wMsQCxuDgfThCZK4GytcI Moww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m2si10875273edr.433.2021.06.01.02.32.50; Tue, 01 Jun 2021 02:33:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233694AbhFAJdI (ORCPT + 99 others); Tue, 1 Jun 2021 05:33:08 -0400 Received: from jabberwock.ucw.cz ([46.255.230.98]:45654 "EHLO jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233573AbhFAJdH (ORCPT ); Tue, 1 Jun 2021 05:33:07 -0400 Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id F0F4D1C0B7C; Tue, 1 Jun 2021 11:31:25 +0200 (CEST) Date: Tue, 1 Jun 2021 11:31:25 +0200 From: Pavel Machek To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Johannes Berg Subject: Re: [PATCH 5.10 030/252] mac80211: prevent attacks on TKIP/WEP as well Message-ID: <20210601093125.GA30646@amd> References: <20210531130657.971257589@linuxfoundation.org> <20210531130659.005193399@linuxfoundation.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="LZvS9be/3tNcYl/X" Content-Disposition: inline In-Reply-To: <20210531130659.005193399@linuxfoundation.org> User-Agent: Mutt/1.5.23 (2014-03-12) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --LZvS9be/3tNcYl/X Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! So this changes bool variables to u8:1, but still assigns true/false there, which looks like "interesting" style. Should we switch to 0/1? Best regards, Pavel > --- a/net/mac80211/rx.c > +++ b/net/mac80211/rx.c > @@ -2284,6 +2284,7 @@ ieee80211_rx_h_defragment(struct ieee802 > * next fragment has a sequential PN value. > */ > entry->check_sequential_pn =3D true; > + entry->is_protected =3D true; > entry->key_color =3D rx->key->color; > memcpy(entry->last_pn, > rx->key->u.ccmp.rx_pn[queue], > @@ -2296,6 +2297,9 @@ ieee80211_rx_h_defragment(struct ieee802 > sizeof(rx->key->u.gcmp.rx_pn[queue])); > BUILD_BUG_ON(IEEE80211_CCMP_PN_LEN !=3D > IEEE80211_GCMP_PN_LEN); > + } else if (rx->key && ieee80211_has_protected(fc)) { > + entry->is_protected =3D true; > + entry->key_color =3D rx->key->color; > } > return RX_QUEUED; > } > @@ -2337,6 +2341,14 @@ ieee80211_rx_h_defragment(struct ieee802 > if (memcmp(pn, rpn, IEEE80211_CCMP_PN_LEN)) > return RX_DROP_UNUSABLE; > memcpy(entry->last_pn, pn, IEEE80211_CCMP_PN_LEN); > + } else if (entry->is_protected && > + (!rx->key || !ieee80211_has_protected(fc) || > + rx->key->color !=3D entry->key_color)) { > + /* Drop this as a mixed key or fragment cache attack, even > + * if for TKIP Michael MIC should protect us, and WEP is a > + * lost cause anyway. > + */ > + return RX_DROP_UNUSABLE; > } > =20 > skb_pull(rx->skb, ieee80211_hdrlen(fc)); > --- a/net/mac80211/sta_info.h > +++ b/net/mac80211/sta_info.h > @@ -453,7 +453,8 @@ struct ieee80211_fragment_entry { > u16 extra_len; > u16 last_frag; > u8 rx_queue; > - bool check_sequential_pn; /* needed for CCMP/GCMP */ > + u8 check_sequential_pn:1, /* needed for CCMP/GCMP */ > + is_protected:1; > u8 last_pn[6]; /* PN of the last fragment if CCMP was used */ > unsigned int key_color; > }; >=20 --=20 DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany --LZvS9be/3tNcYl/X Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAmC1/m0ACgkQMOfwapXb+vIl4QCeMJ0/Km/hKFlB00POoK8ZQTUB O1YAn1kfj4yM4Bw5QNvf3wkgAkSTrSYU =qtqE -----END PGP SIGNATURE----- --LZvS9be/3tNcYl/X--