Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp1785071pxp; Mon, 7 Mar 2022 02:15:21 -0800 (PST) X-Google-Smtp-Source: ABdhPJzjeVgmIkXiNjKk75Wd5BLlSaTH69vTeaThwpIBiUa1zQiGR5rzbUeWimLT8UXJudLZsgoy X-Received: by 2002:aa7:da93:0:b0:416:4aca:bef7 with SMTP id q19-20020aa7da93000000b004164acabef7mr3266952eds.296.1646648121392; Mon, 07 Mar 2022 02:15:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646648121; cv=none; d=google.com; s=arc-20160816; b=1IcjjJ8Kif4f1HRFa9DS3FXe7GDacP02OipG92lOIvIgzJrN4eZ4Js+OACNMeepeQz 8RFCrD5xPQFdiTyWTdSho2hRvGqXJVlKFP2G583vAX9y+xfl7suKuuEFQWahrPiUtyFK fJhOoQo3gZRoyqw5g+av/VePRYsY5aT20WL1HaJ2Uq+jPJyGbU1YWPTkyLxRMJi4Meul no7/uSdzT8gNzGa2Ad4z5Tlkilrg4hQXbnUSYp44VkQqV9EYHT8c5Qz7aJ3unP+wfkQl TyDx560YqrK+GVx5xKUgbTSVbPYMaDX7a8FFxHq57TyOb88MUpxlIPcmlzTkqkNVklTr qz/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=EmSjWwJwLjF7eIjoy7FPvUdgbZHqVy+arugtY6c5zbI=; b=C8hnmAhqjKGjSmfgJUPfXRR1e1xSINeupNZMlhYZEtNIKJpEMyVjbokoOc7Z0mts+L AWSvHE66tcKvQRXYmK8pU/VcEcM5hO81w5ZewkpOSys7YE4kGdfhNvJHcAFtdVo6v4Rc xj62rj6hxnPLObe4zogTs5Hn+tleVOCN/YSVK8o80EOHf7eFuPLZvWoCa3pqKwUM5VMG EJtFexWrHLKwVOtGWe71tp4kXsepe7VAv25rcmPcnuOxujERz6mv6WXTdPm1DaDFfmFR HI0s9YKqfTytVNxaBICWo/CCCBYZHSNZAeZ3d1iw/eAJbN7W5guZZl69agY+kfdMjMBQ 5WLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ppTNNtkt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c20-20020aa7d614000000b00415f66d0053si6168918edr.166.2022.03.07.02.14.58; Mon, 07 Mar 2022 02:15:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ppTNNtkt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238572AbiCGJsB (ORCPT + 99 others); Mon, 7 Mar 2022 04:48:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54402 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238280AbiCGJiK (ORCPT ); Mon, 7 Mar 2022 04:38:10 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 657B56622F; Mon, 7 Mar 2022 01:32:24 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8601F6112D; Mon, 7 Mar 2022 09:32:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8F4E7C340F3; Mon, 7 Mar 2022 09:32:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1646645541; bh=gxPrhTGW0ZDgmDqLkGfBMfRQjpypB7P4AmaZkDIlRQw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ppTNNtktfoHFiIgMK5Kbget9WxWB67wA/llBkv3kbEgD3NcBs+n2k/bNubtqjjfD8 7UYj5ecII4FXyMWiUl5reV/k7ACuU12Eo0JgrqS2mlRQvkrCtSY5WxVDPO6EBsCzXO ZsC330kLvT8GxXOV36wE0VUkAiRaIRmiX74HrRBg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jouni Malinen , Johannes Berg Subject: [PATCH 5.10 062/105] mac80211: treat some SAE auth steps as final Date: Mon, 7 Mar 2022 10:19:05 +0100 Message-Id: <20220307091645.923943356@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220307091644.179885033@linuxfoundation.org> References: <20220307091644.179885033@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Johannes Berg commit 94d9864cc86f572f881db9b842a78e9d075493ae upstream. When we get anti-clogging token required (added by the commit mentioned below), or the other status codes added by the later commit 4e56cde15f7d ("mac80211: Handle special status codes in SAE commit") we currently just pretend (towards the internal state machine of authentication) that we didn't receive anything. This has the undesirable consequence of retransmitting the prior frame, which is not expected, because the timer is still armed. If we just disarm the timer at that point, it would result in the undesirable side effect of being in this state indefinitely if userspace crashes, or so. So to fix this, reset the timer and set a new auth_data->waiting in order to have no more retransmissions, but to have the data destroyed when the timer actually fires, which will only happen if userspace didn't continue (i.e. crashed or abandoned it.) Fixes: a4055e74a2ff ("mac80211: Don't destroy auth data in case of anti-clogging") Reported-by: Jouni Malinen Link: https://lore.kernel.org/r/20220224103932.75964e1d7932.Ia487f91556f29daae734bf61f8181404642e1eec@changeid Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman --- net/mac80211/ieee80211_i.h | 2 +- net/mac80211/mlme.c | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -374,7 +374,7 @@ struct ieee80211_mgd_auth_data { u8 key[WLAN_KEY_LEN_WEP104]; u8 key_len, key_idx; - bool done; + bool done, waiting; bool peer_confirmed; bool timeout_started; --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -37,6 +37,7 @@ #define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2) #define IEEE80211_AUTH_MAX_TRIES 3 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) +#define IEEE80211_AUTH_WAIT_SAE_RETRY (HZ * 2) #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) @@ -2999,8 +3000,15 @@ static void ieee80211_rx_mgmt_auth(struc (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED || (auth_transaction == 1 && (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT || - status_code == WLAN_STATUS_SAE_PK)))) + status_code == WLAN_STATUS_SAE_PK)))) { + /* waiting for userspace now */ + ifmgd->auth_data->waiting = true; + ifmgd->auth_data->timeout = + jiffies + IEEE80211_AUTH_WAIT_SAE_RETRY; + ifmgd->auth_data->timeout_started = true; + run_again(sdata, ifmgd->auth_data->timeout); return; + } sdata_info(sdata, "%pM denied authentication (status %d)\n", mgmt->sa, status_code); @@ -4526,10 +4534,10 @@ void ieee80211_sta_work(struct ieee80211 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && time_after(jiffies, ifmgd->auth_data->timeout)) { - if (ifmgd->auth_data->done) { + if (ifmgd->auth_data->done || ifmgd->auth_data->waiting) { /* - * ok ... we waited for assoc but userspace didn't, - * so let's just kill the auth data + * ok ... we waited for assoc or continuation but + * userspace didn't do it, so kill the auth data */ ieee80211_destroy_auth_data(sdata, false); } else if (ieee80211_auth(sdata)) {