Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp2833236pxv;
        Mon, 12 Jul 2021 03:04:51 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzZd9etNXaDUPOW1nOgY0gL7IOCF5+NJeik0385MgbBsOoKhvwzy2J2N7NsGURZzttOaZZP
X-Received: by 2002:a92:360b:: with SMTP id d11mr36005745ila.111.1626084291524;
        Mon, 12 Jul 2021 03:04:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1626084291; cv=none;
        d=google.com; s=arc-20160816;
        b=H13FKGW0lMPqLheK8IUzS/+hYBQMqarlgNCiKCQIPzhvrkb66HdrNe4PLntOlOZRyQ
         f0uQ2vTY/XkA14s+3JALHJfZCs2qPcSngK5/rGRc+fFVHTpXX9MQVTDs4jpWTr7mix/u
         Q/uoWbR6852AlcBwe9KXBAOHJbHfI0M5BSCIHnqpfOUdT5e6GK1Rx1NPbf4HZsyEFhVu
         c5W3AivPNHarSNfo/56H92nTqMu5vhIey52XyOCJy+aGv9k0cVQGnhZ0kw+EjVQIWCa3
         0H9PByb7g2XV51bbyapAZhHEccZ/ck40gSp2b7U1AuMu9BHwnw2AJJTAdaMtecVcIx4m
         SfGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=LcldxvKWCObfMdjHqquZ/bFY5hu8CU5QESZmIIfCoqA=;
        b=V2QWqxBBO6P1wkf9RmK7WuqHUiHpiCfPsTtCjLD1kb3+5ja5IQlTPH+A05ibKdY8w9
         4vLjd0eE2fUV08MdTVsdoHk4zZFvl/oGuQ1KuYUqFTWCC/HT96RgL5/Plxfhp6vnE/V/
         O7fPgG7cPTu6onQnL8cajWDVZ3UAox0zM7XnJc9JGRu6YNWzk2WwsSQwRPb6tdBD33oG
         lM2z6ZvC4pWRFqZ6h5FmU9dypbEKMMpv/8vdfaF7qtawWHU9vqUZRV09B/vTlrpk1DKH
         1uZk7JKpMGcjl8IagGPln/qTtkDsPOBMOPksxqQdVd2cBPNmMC0K0w/haO8ZxHKz3DuB
         AqkQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="jKy0x/q3";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id g3si9729313ile.55.2021.07.12.03.04.39;
        Mon, 12 Jul 2021 03:04:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="jKy0x/q3";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S245522AbhGLH1N (ORCPT <rfc822;manabu.ori@gmail.com> + 99 others);
        Mon, 12 Jul 2021 03:27:13 -0400
Received: from mail.kernel.org ([198.145.29.99]:34444 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S242224AbhGLG7x (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 12 Jul 2021 02:59:53 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id F1D4161004;
        Mon, 12 Jul 2021 06:57:03 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1626073024;
        bh=8xG8nUNhpybY9cQUvP2T6D9544SiSdMnpuMukcWwowg=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=jKy0x/q3R5VFzDK8Rz295JyYwIA2hDAYLOX0FsQxp3A68aJJILpLrzPAjOZjCyS5b
         MuFHdJRzQzX6JJJuum3NxmeTO7NXsnaoWJgg3VeGTnoUrjaclRyIxOGdMyzygUkbUU
         dZXrqZNrhoY7jvN0fEXKDlJyjyt4DZTZqRSss/dE=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Martin Fuzzey <martin.fuzzey@flowbird.group>,
        Kalle Valo <kvalo@codeaurora.org>
Subject: [PATCH 5.12 101/700] rsi: fix AP mode with WPA failure due to encrypted EAPOL
Date:   Mon, 12 Jul 2021 08:03:04 +0200
Message-Id: <20210712060939.088179220@linuxfoundation.org>
X-Mailer: git-send-email 2.32.0
In-Reply-To: <20210712060924.797321836@linuxfoundation.org>
References: <20210712060924.797321836@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Martin Fuzzey <martin.fuzzey@flowbird.group>

commit 314538041b5632ffaf64798faaeabaf2793fe029 upstream.

In AP mode WPA2-PSK connections were not established.

The reason was that the AP was sending the first message
of the 4 way handshake encrypted, even though no pairwise
key had (correctly) yet been set.

Encryption was enabled if the "security_enable" driver flag
was set and encryption was not explicitly disabled by
IEEE80211_TX_INTFL_DONT_ENCRYPT.

However security_enable was set when *any* key, including
the AP GTK key, had been set which was causing unwanted
encryption even if no key was avaialble for the unicast
packet to be sent.

Fix this by adding a check that we have a key and drop
the old security_enable driver flag which is insufficient
and redundant.

The Redpine downstream out of tree driver does it this way too.

Regarding the Fixes tag the actual code being modified was
introduced earlier, with the original driver submission, in
dad0d04fa7ba ("rsi: Add RS9113 wireless driver"), however
at that time AP mode was not yet supported so there was
no bug at that point.

So I have tagged the introduction of AP support instead
which was part of the patch set "rsi: support for AP mode" [1]

It is not clear whether AP WPA has ever worked, I can see nothing
on the kernel side that broke it afterwards yet the AP support
patch series says "Tests are performed to confirm aggregation,
connections in WEP and WPA/WPA2 security."

One possibility is that the initial tests were done with a modified
userspace (hostapd).

[1] https://www.spinics.net/lists/linux-wireless/msg165302.html

Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group>
Fixes: 38ef62353acb ("rsi: security enhancements for AP mode")
CC: stable@vger.kernel.org
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1622564459-24430-1-git-send-email-martin.fuzzey@flowbird.group
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/rsi/rsi_91x_hal.c      |    2 +-
 drivers/net/wireless/rsi/rsi_91x_mac80211.c |    3 ---
 drivers/net/wireless/rsi/rsi_91x_mgmt.c     |    3 +--
 drivers/net/wireless/rsi/rsi_main.h         |    1 -
 4 files changed, 2 insertions(+), 7 deletions(-)

--- a/drivers/net/wireless/rsi/rsi_91x_hal.c
+++ b/drivers/net/wireless/rsi/rsi_91x_hal.c
@@ -203,7 +203,7 @@ int rsi_prepare_data_desc(struct rsi_com
 		wh->frame_control |= cpu_to_le16(RSI_SET_PS_ENABLE);
 
 	if ((!(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) &&
-	    (common->secinfo.security_enable)) {
+	    info->control.hw_key) {
 		if (rsi_is_cipher_wep(common))
 			ieee80211_size += 4;
 		else
--- a/drivers/net/wireless/rsi/rsi_91x_mac80211.c
+++ b/drivers/net/wireless/rsi/rsi_91x_mac80211.c
@@ -1028,7 +1028,6 @@ static int rsi_mac80211_set_key(struct i
 	mutex_lock(&common->mutex);
 	switch (cmd) {
 	case SET_KEY:
-		secinfo->security_enable = true;
 		status = rsi_hal_key_config(hw, vif, key, sta);
 		if (status) {
 			mutex_unlock(&common->mutex);
@@ -1047,8 +1046,6 @@ static int rsi_mac80211_set_key(struct i
 		break;
 
 	case DISABLE_KEY:
-		if (vif->type == NL80211_IFTYPE_STATION)
-			secinfo->security_enable = false;
 		rsi_dbg(ERR_ZONE, "%s: RSI del key\n", __func__);
 		memset(key, 0, sizeof(struct ieee80211_key_conf));
 		status = rsi_hal_key_config(hw, vif, key, sta);
--- a/drivers/net/wireless/rsi/rsi_91x_mgmt.c
+++ b/drivers/net/wireless/rsi/rsi_91x_mgmt.c
@@ -1803,8 +1803,7 @@ int rsi_send_wowlan_request(struct rsi_c
 			RSI_WIFI_MGMT_Q);
 	cmd_frame->desc.desc_dword0.frame_type = WOWLAN_CONFIG_PARAMS;
 	cmd_frame->host_sleep_status = sleep_status;
-	if (common->secinfo.security_enable &&
-	    common->secinfo.gtk_cipher)
+	if (common->secinfo.gtk_cipher)
 		flags |= RSI_WOW_GTK_REKEY;
 	if (sleep_status)
 		cmd_frame->wow_flags = flags;
--- a/drivers/net/wireless/rsi/rsi_main.h
+++ b/drivers/net/wireless/rsi/rsi_main.h
@@ -151,7 +151,6 @@ enum edca_queue {
 };
 
 struct security_info {
-	bool security_enable;
 	u32 ptk_cipher;
 	u32 gtk_cipher;
 };