Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3489964ybi; Tue, 18 Jun 2019 01:28:10 -0700 (PDT) X-Google-Smtp-Source: APXvYqx0MWNSRBRvzwQFsv93dxd6fNzkFlTQn1pa/3hjwaO45cQicKy1HWQwYrQEfWYqVFGvc9Ea X-Received: by 2002:a65:648e:: with SMTP id e14mr1590730pgv.317.1560846490156; Tue, 18 Jun 2019 01:28:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560846490; cv=none; d=google.com; s=arc-20160816; b=Rr0Kh93BK1FtEoKJAZ4LYcftCpQ4lrKrMJsGIhPJKh9Z570WwzgSedkSVBi6aRYkpI Jvgr23fbXNZ63VCQhO7A7s2o8gQ7/T1lhR2ddLIRXkDXmtjFNfIWlEvkCPlj7qNjgQht PT25HCUrhBh3LgAf88mbhAOkPYXyWdoj0oDJIoPrlD1XA8nFglzlEOJOTeCbwuGxY/R0 NkUGLFjnxkzG5VfBoqwF9E7HVDGkFm/zSD7Ik7H1p5EL0+jxFP9F5CF/UECDcIoi65HL 1thzAB2aOlCDHWj00MTPQ+QVeD8KYoC9pKrOOcD/1BiVkpcAc3U4VHxb6YmkhQ9ZBz1O dy0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=0pByTnhI9EtjD8279pBGlW0CoWOpybCQlzKqH9Rz3Qw=; b=XuwlhZ4kWXSncijKMuVmNhfx0ztQmgXDRZ4zaKq885svdZuAYfnbxg5X3ZN8WBr/tS Jxy0UH51lsyxd4IO7aeS5f6o89cSSDYMwaviGG6MEh2LB998WoZTBR94pO9KhHduZ/W3 yYoNOtELJty8ZzxOwYwccttVRfnrEliY+u8eCBpxnfo4fPfeBB/evR1/itmdUA/QnFeP kopDneiYnW0CfdloWowZbyHlQSWgndSEoFhDVKf9OD5Rm1VVJHhE7Xsj33tVgao99FCq uinEBwg3710F0FlThsgK1qZSMCUU6Wa0f/j1XR2HVABRQJCSqR2N/GbwXb2hqLrOLozd 5S9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=iL6uwFTD; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n19si409221pgv.274.2019.06.18.01.27.41; Tue, 18 Jun 2019 01:28:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=iL6uwFTD; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728454AbfFRI1b (ORCPT + 99 others); Tue, 18 Jun 2019 04:27:31 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:46193 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726091AbfFRI1a (ORCPT ); Tue, 18 Jun 2019 04:27:30 -0400 Received: by mail-wr1-f65.google.com with SMTP id n4so12868437wrw.13 for ; Tue, 18 Jun 2019 01:27:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=0pByTnhI9EtjD8279pBGlW0CoWOpybCQlzKqH9Rz3Qw=; b=iL6uwFTD34zhx7OU8sbMEZuz7EAQRaMIqt4XQB7/eVHx6yO/qKRZ7hajGRPM/nCgOI aPV6y/WQuHpvroxgIbItlIZEtTxgoIn+amMvXbVZ0nf+OGi7MjzyECbbKk6HKXzpPcKS 1Wmrl8qupb/CTQK9S2zzUA98KjVBHTJfjfvlg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=0pByTnhI9EtjD8279pBGlW0CoWOpybCQlzKqH9Rz3Qw=; b=frLDSzbyzHtRftyyN1vKMRfszKwLdJx0UdB6umnuquEmUF7Igc4PgpK4q8C3Oe3dG3 z2CCLVXYQ2jf/wKyqEJHCZXGgoDEE63fvRC0OUoTu3LqlIcQXuv6B8LqdO+yG2ClmbpL dVmiuhuClrBp5fDFU/+zotELDVbG9wVaU656fRCATwJzTPTXPn9Bes2zRqkH9gTY1WUp gPPtBR2gN++FxfaHgoIXT+vBb7DXZCBZv7gePg790mvLM9njPk5JEn0+UbnhSpq+fiDu zGgQlN1zYv5qeXG7iIEFB2CwI+sw0b6cEf8yCsa7CPUzIwp1KmDuKSSpOt8d0SBcpGu7 RI4A== X-Gm-Message-State: APjAAAUouKHAJbl5X1+BTLGROEb7MpfWSEXQN7C/J+nVtBW23vzepnKh qDwBtx48RvbdVgTi5xyUzC88Pg== X-Received: by 2002:adf:dcc2:: with SMTP id x2mr40004898wrm.55.1560846448649; Tue, 18 Jun 2019 01:27:28 -0700 (PDT) Received: from [10.176.68.244] ([192.19.248.250]) by smtp.gmail.com with ESMTPSA id k125sm2894514wmf.41.2019.06.18.01.27.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 18 Jun 2019 01:27:27 -0700 (PDT) Subject: Re: wpa_supplicant 2.8 fails in brcmf_cfg80211_set_pmk To: Chi-Hsien Lin , Marcel Holtmann Cc: Stefan Wahren , Stanley Hsu , Franky Lin , Hante Meuleman , Wright Feng , "linux-wireless@vger.kernel.org" , "brcm80211-dev-list.pdl@broadcom.com" , brcm80211-dev-list , Jouni Malinen References: <06f7bda7-eeaf-536b-a583-7c9bc5f681f5@gmx.net> <9da02861-9151-9700-2c09-b312d74155fa@gmx.net> <605ea0a8-3303-b810-6223-18ccc7eb7af4@cypress.com> <2AF2E0A7-23F0-4FFE-A658-4906FF546199@holtmann.org> From: Arend Van Spriel Message-ID: Date: Tue, 18 Jun 2019 10:27:26 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org + Jouni On 6/18/2019 7:33 AM, Chi-Hsien Lin wrote: > > > On 06/17/2019 10:33, Marcel Holtmann wrote: >> Hi Chi-hsien, >> >>>>> i was able to reproduce an (maybe older issue) with 4-way handshake >>>>> offloading for 802.1X in the brcmfmac driver. My setup consists of >>>>> Raspberry Pi 3 B (current linux-next, arm64/defconfig) on STA side and a >>>>> Raspberry Pi 3 A+ (Linux 4.19) on AP side. >>>> >>>> Looks like Raspberry Pi isn't the only affected platform [3], [4]. >>>> >>>> [3] - https://bugzilla.redhat.com/show_bug.cgi?id=1665608 >>>> [4] - https://bugzilla.kernel.org/show_bug.cgi?id=202521 >>> >>> Stefan, >>> >>> Could you please try the attached patch for your wpa_supplicant? We'll >>> upstream if it works for you. >> >> I hope that someone is also providing a kernel patch to fix the issue. Hacking around a kernel issue in userspace is not enough. Fix the root cause in the kernel. > > Marcel, > > This is a kernel warning for invalid application PMK set actions, so the > fix is to only set PMK to wifi driver when 4-way is offloaded. I think > Arend added the WARN_ON() intentionally to catch application misuse of > PMK setting. > > You may also remove the warnings with the attached patch, but let's see > what Arend says first. > > > Arend, > > Any comment? Hi Chi-Hsien, Marcel From the kernel side I do not see an issue. In order to use 802.1X offload the NL80211_ATTR_WANT_1X_4WAY_HS flag must be set in NL80211_CMD_CONNECT. Otherwise, NL80211_CMD_SET_PMK is not accepted. The only improvement would be to document this more clearly in the "WPA/WPA2 EAPOL handshake offload" DOC section in nl80211.h. As for the wpa_supplicant behavior it seemed a good idea to reuse the req_key_mgmt_offload parameter at the time, but it seems to bite each other. Maybe it is better to have a separate flag like 'req_handshake_offload'. Jouni, any thoughts on this? Regards, Arend