Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp1729582ybi; Thu, 20 Jun 2019 02:47:25 -0700 (PDT) X-Google-Smtp-Source: APXvYqxgA35FhaMPsTsN9+PRWfi7TZp09WYd7eGvhtmTejAa4QIQxE/DULgv4sqZv2ZDQ0Y+2+f2 X-Received: by 2002:a17:90a:2488:: with SMTP id i8mr2110860pje.123.1561024044940; Thu, 20 Jun 2019 02:47:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561024044; cv=none; d=google.com; s=arc-20160816; b=J17qBBV6yiAo8WnOIL0l1kVVfhUvuRfdZYYLeZYrkq0fX1fw/pIZYy/eZR+wUnEw2C ZhuudPx9hEO5DJl6gEv6v+SfjQy0ZupmiAQQojqdIOy7cW7t2OQcU8ckz6bYNrNZTLmI p5Pjb1Bw2s1c3s7Icz5iNiVrnx+dBg7uIykMjoComiq6lffjcoeLfz9v4zyKoC6sbcKd YrvLzEJsMk/+LOVjnWBlPvzrYiZoXqOHS84QyFwJXNDFtA6aoX8GbhEE87F/B2BFWEQ+ Fsh9+wz+QT2EkdGGmGHPA+nD++2Q8ksWwWN1HnVoCR9febOu8Lch9ziAe+z2rRGyPw4y mpoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=19FoqvmTc23W19OOeOvYQaetASE8BKJReIRVK5ouWZE=; b=zEWhfpNUr2Iu03g8EthqrAyGHiifa9uQfUClkvZKktM5IgWQMwDhpoA9jg9JuhJiaX PHv+VTlJVI2ujBZqcNSCjjbUTVGoc2EaFkxdARoGmu/Tex35L8JQPA9WTowwN3BwI0mZ lMdGKCDsphVbIn67BmQk9JahWj+rj/SwEhJXMJH/x2lQ3dGbHSl++PkEYNrXBBwtus05 J4V8mmjqzOZ6RXai4EaDB1ZwYdOvfm/CL02COuaV8/OCMf9C7jqA/tTegLmVoC1UD6IC FvJdbLzBUTxIyWvKIn+8i4364kRREuS2ejOJ/YKiXFN/9/ef7O9J/e9W7GFUeiqksn/G QhfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=RGHvRF7J; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g11si4926000pgs.201.2019.06.20.02.46.59; Thu, 20 Jun 2019 02:47:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=RGHvRF7J; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730428AbfFTJpA (ORCPT + 99 others); Thu, 20 Jun 2019 05:45:00 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:53831 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726279AbfFTJpA (ORCPT ); Thu, 20 Jun 2019 05:45:00 -0400 Received: by mail-wm1-f68.google.com with SMTP id x15so2365711wmj.3 for ; Thu, 20 Jun 2019 02:44:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=19FoqvmTc23W19OOeOvYQaetASE8BKJReIRVK5ouWZE=; b=RGHvRF7J6QYU4opaG+zJ0xz591qW2KQiG9VVGcUScPVzAkEvyAEdEARojH4ptL6KJJ 8N9US/UOeUEIBvpj0B+Clq3iktypkfoqrBUJve5EKu6zMjcfrxgzPtf5S027SW9oRa8N UzLgaFIpAhcKtxZdXZBqzendQWhiO+RcNF2Y0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=19FoqvmTc23W19OOeOvYQaetASE8BKJReIRVK5ouWZE=; b=W/ez6W90fu4VX5og/Yut1n3BtBGzZtl52H5+mRqxnV/Is5FkPSmEMcCHXrVicfH4aI qV8GYYc3cnViHquZ5EASM1sP9gveBFG/hqyJQbuuhtXLliWTxt3C7dWVOircYtibJFvN VkaTDTi184MO5TM32dLHXUHclIXEmI84fcf8DzQhcUlD52hravfl3WzFMHWcLPNnysog 8DMS9jMw5o5xz2Swfdsvt6NWgyKM1PxpvTNkujaSo8di1VQElT5mVnT67MW4Z7QX9uKf ZslCdSlIEkrtjOIBKvDNtp2YfBGndWT8WZKG1ngY0w2wODDsrzIgSlepZkxORB3Fli60 sBkQ== X-Gm-Message-State: APjAAAWFJji+Nklj/DDfQtCZCOCdAfarDlRh86iMiZBDrLiYvIRKXvmu gmglUmdnLS0pgXY84XaPTygcQg== X-Received: by 2002:a7b:cb08:: with SMTP id u8mr2055167wmj.167.1561023898143; Thu, 20 Jun 2019 02:44:58 -0700 (PDT) Received: from [10.230.33.15] ([192.19.248.250]) by smtp.gmail.com with ESMTPSA id p26sm20481048wrp.58.2019.06.20.02.44.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Jun 2019 02:44:57 -0700 (PDT) Subject: Re: wpa_supplicant 2.8 fails in brcmf_cfg80211_set_pmk To: Stefan Wahren , Chi-Hsien Lin , Marcel Holtmann Cc: Stanley Hsu , Franky Lin , Hante Meuleman , Wright Feng , "linux-wireless@vger.kernel.org" , "brcm80211-dev-list.pdl@broadcom.com" , brcm80211-dev-list , Jouni Malinen References: <06f7bda7-eeaf-536b-a583-7c9bc5f681f5@gmx.net> <9da02861-9151-9700-2c09-b312d74155fa@gmx.net> <605ea0a8-3303-b810-6223-18ccc7eb7af4@cypress.com> <2AF2E0A7-23F0-4FFE-A658-4906FF546199@holtmann.org> From: Arend Van Spriel Message-ID: <56b2550e-e4d3-1601-f569-38c103138c4a@broadcom.com> Date: Thu, 20 Jun 2019 11:44:55 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On 6/18/2019 7:03 PM, Stefan Wahren wrote: > Hi, > > Am 18.06.19 um 10:27 schrieb Arend Van Spriel: >> + Jouni >> >> On 6/18/2019 7:33 AM, Chi-Hsien Lin wrote: >>> >>> >>> On 06/17/2019 10:33, Marcel Holtmann wrote: >>>> Hi Chi-hsien, >>>> >>>>>>> i was able to reproduce an (maybe older issue) with 4-way handshake >>>>>>> offloading for 802.1X in the brcmfmac driver. My setup consists of >>>>>>> Raspberry Pi 3 B (current linux-next, arm64/defconfig) on STA >>>>>>> side and a >>>>>>> Raspberry Pi 3 A+ (Linux 4.19) on AP side. >>>>>> >>>>>> Looks like Raspberry Pi isn't the only affected platform [3], [4]. >>>>>> >>>>>> [3] - https://bugzilla.redhat.com/show_bug.cgi?id=1665608 >>>>>> [4] - https://bugzilla.kernel.org/show_bug.cgi?id=202521 >>>>> >>>>> Stefan, >>>>> >>>>> Could you please try the attached patch for your wpa_supplicant? We'll >>>>> upstream if it works for you. > i've forward this patch to the Arch Linux board hoping someone else has > currently more time. >>>> >>>> I hope that someone is also providing a kernel patch to fix the >>>> issue. Hacking around a kernel issue in userspace is not enough. Fix >>>> the root cause in the kernel. >>> >>> Marcel, >>> >>> This is a kernel warning for invalid application PMK set actions, so the >>> fix is to only set PMK to wifi driver when 4-way is offloaded. I think >>> Arend added the WARN_ON() intentionally to catch application misuse of >>  > PMK setting. >>> >>> You may also remove the warnings with the attached patch, but let's see >>> what Arend says first. > Instead of removing the WARN_ON i suggest to replace it with a more user > friendly dev_warn(). >>> >>> >>> Arend, >>> >>> Any comment? >> >> Hi Chi-Hsien, Marcel >> >> From the kernel side I do not see an issue. In order to use 802.1X >> offload the NL80211_ATTR_WANT_1X_4WAY_HS flag must be set in >> NL80211_CMD_CONNECT. Otherwise, NL80211_CMD_SET_PMK is not accepted. >> The only improvement would be to document this more clearly in the >> "WPA/WPA2 EAPOL handshake offload" DOC section in nl80211.h. > > I missed to add my expectation as a user. At first i assume this new > behavior in wpa_supplicant 2.8 has been tested successful with at least > one Linux wifi driver. So i'm curious if all drivers behave that way? As a matter of fact it has been tested with brcmfmac. > Another point is that in my wpa_supplicant.conf i never enforced 802.1X > offload and i assume this feature is optional. So can't we do some kind > of fallback in this case? So when the driver indicates it supports the offload, wpa_supplicant opt in. There is no possibility for the user to opt out. Regards, Arend