Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp497983ybe; Fri, 13 Sep 2019 01:05:23 -0700 (PDT) X-Google-Smtp-Source: APXvYqxwMIP+PoFmx0jpTzpA8VIHJg8auA+mnyzLr9N4SqcR87jq2rgR3/mf4dpvzQauRluWVDq7 X-Received: by 2002:a17:906:3553:: with SMTP id s19mr37426185eja.163.1568361923335; Fri, 13 Sep 2019 01:05:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568361923; cv=none; d=google.com; s=arc-20160816; b=0keEtAi869fIGfCrhtkKiOxKl1Q6DXlh4KjrV8NF7s4TsFz/b7mb9NI2JFjZWDXxcR goTcjkSM19djbXlngKwNGQIloopXAfK9IS+bWaA7f1HT2nkb+t6ZKSGgqa0zypqsDpsK V3r3cTD2x+M4WncZkB3s6xHaPGskWh/4zUVct/FTBGWEEVNJjHtWxc2M9w9QWHlbC+/a GSSuc18zj2g4dkVu5sNTQTznKtkNCmOAQ7raOXbUmb1x4O8RMPdYAj4SVq93XBN+7KQ9 0e23tbIGc/ufSVQjpUjrCk+G1Pmu4YeKV6+EBV4TEeLrPFHSaoFafUujBY//1+4v5FZt oWqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=CVLOJNb7El0igHmrh3tBdAo10j+jnxTZfqyunXS365s=; b=XonRe4lcSSAv6UxdfM1a+3UFCI4KHIZ9u4nWGe+qxM9DqNjsmeCmPkeiXQjUx10Qiv WitX8hrbv2jre5Ouw80jnAEH4pA2C5woHA31H2aPNOUYNUJ8O0FOrYypCpsZmq2508W8 TMq24WbevrjTR+ABU6TjfIsA+Ls18DN4QeZ32rvyGQrfHxFpJaJQcO03+VCZNgpVwxrA 37t5tYv+aZZym7/s6f48FYNNgMYwOk7eShOqEFie1JrY77/zynjWj6/K5yoNhUBQa00B dU1FAsiJYdhq6uVWEJoVrOjlgP1gXVGbU0XQz8zV6Ehr3S3cJrszGfmi9/df+JvkKV52 srNw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=MaL19SMd; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f3si1314173ejw.108.2019.09.13.01.04.54; Fri, 13 Sep 2019 01:05:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=MaL19SMd; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729164AbfIMIEU (ORCPT + 99 others); Fri, 13 Sep 2019 04:04:20 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:39192 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727997AbfIMIEU (ORCPT ); Fri, 13 Sep 2019 04:04:20 -0400 Received: by mail-wr1-f67.google.com with SMTP id r3so963568wrj.6 for ; Fri, 13 Sep 2019 01:04:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=CVLOJNb7El0igHmrh3tBdAo10j+jnxTZfqyunXS365s=; b=MaL19SMd1atFg4F1J424287A6o+UK8W8stnoT2WDnt1HPjEVmpidhmOcM8/wTSQvio HXj79ZYjRGi/sq6+y01AKj4X0mx1x+edg11R7TZX+xJ5d9YQv4GQ8C67Xqrgd7bhSQ9O GWd99cR84UmS2GUsQlaA60ExoYycZvv1twKWA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=CVLOJNb7El0igHmrh3tBdAo10j+jnxTZfqyunXS365s=; b=czQcbYejMmH/Ne+sWikS8wDF5pPQpwx34FQICQKwj9DQ3YwBTc2xMFDFYZ0y9wo8VV Q23ZLVK5oXDmvr8Crm5uMgfl1ohZUAsjC29066fPhGFmeXoBMf1RGeAwMBjdbwbVBqCu htEKTT56ziLdB3iUSRZYEEPjIfCgOjqAk1zDFbrw1hrytD4MfDIGzNlljfNvTpQwTNP5 BhXiNFameRNbr0rOaZEsjgNBL8oe0TkMyNdtM4eQa03042AGVsMa9Zar9Oiwy0MfgYYW VcwOzMnGiZv+cFT5UTkIc8XKV+hsRoKrUCrBnYtZkdWuYeFtq9EuvEG6LoH8Cu/Apq4J AL5A== X-Gm-Message-State: APjAAAX5O+MlevYBOyUDtkIKxmL9XBHM1Z1/AIbkxDMB0Jqx/NIVVJ4j uOTkJ/QXaAPcfebh76lXkzy3IQ== X-Received: by 2002:a5d:500f:: with SMTP id e15mr23035404wrt.300.1568361857001; Fri, 13 Sep 2019 01:04:17 -0700 (PDT) Received: from [10.230.40.234] ([192.19.215.250]) by smtp.gmail.com with ESMTPSA id g185sm4125786wme.10.2019.09.13.01.04.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 13 Sep 2019 01:04:16 -0700 (PDT) Subject: Re: [PATCH 04/11] wil6210: fix PTK re-key race To: Alexander Wetzel , Denis Kenzior , Kalle Valo , Maya Erez Cc: Ahmad Masri , linux-wireless@vger.kernel.org, wil6210@qti.qualcomm.com References: <1567931575-27984-5-git-send-email-merez@codeaurora.org> <20190910132315.D7AC7602F2@smtp.codeaurora.org> <7b636313-fa4a-5ee4-935a-ba2ed5dde1e5@wetzel-home.de> <2c6bc637-62c2-020c-ab83-d2e1677d96b2@gmail.com> <5716f475-856e-7fd2-637b-67927f4f78bc@wetzel-home.de> From: Arend Van Spriel Message-ID: <74c0e328-320c-0999-836e-1bfb0fa224ff@broadcom.com> Date: Fri, 13 Sep 2019 10:04:14 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <5716f475-856e-7fd2-637b-67927f4f78bc@wetzel-home.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On 9/12/2019 11:04 PM, Alexander Wetzel wrote: > Hi Denis, > >>> I don't know anything about the driver here but in mac80211 the idea >>> to avoid the race is to simply flush the queues prior deleting the >>> outgoing key. >> >> Maybe a silly question, but what does flushing the queue mean in this >> context?  Is it waiting for all the packets to be sent or dropping >> them on the floor? >> > > It's stopping them to make sure nothing can be added and then sends out > all MPDUs in the queues. > >>> >>> Now wpa_supplicant is not yet bypassing qdisks, but adding the socket >>> parameter PACKET_QDISC_BYPASS is basically a one-liner in >>> wpa_supplicant and should allow a generic way for drivers to avoid >>> the race with a simple queue flush... >> >> Can you expand on this actually?  What would the sequence of events be? >> > > 1) wpa_supplicant hands over eapol #4 to the kernel. >    When bypassing the QDISC the frame is directly added to a driver >    queue or directly send out. When the send call returns the driver >    has eapol 4 either in the queuem already send it or the send command >    has failed. > > 2) wpa_supplicant deletes the old key (NL80211_CMD_DEL_KEY) > > 3) The driver stops all hw queues and sends out all MPDUs queued up to >    that time > > 4) Driver makes sure no traffic can be send with no/wrong key or PN to >    STA > > 5) the driver really removes the key from the HW/installs the new and >    resumes normal operation > > I've just posted my hostpad patch to use PACKET_QDISC_BYPASS for eapol > frames; It's probably too optimistic and need more code to retry a > transmit to compensate for the missing QDISC buffers. > >> Also, how would this be made to work with CONTROL_PORT over NL80211 ? >> > > Control port is an optional feature drivers can provide. wpa_supplicant > should just use it when available or fall back to the "traditional" path > when not. Now the driver don't has to flush all queues when using > control port, as long as it makes sure the control port frame will be > send out prior to deleting the key. > > But then the driver must know that eapol frames will really be handed > over via control port; So I guess flushing all queues is still the > simpler solution. So I guess it will change next to nothing... Well, in the steps you describe (maybe its just how you describe it) it relies on how the driver is handling it all. I mean step 4) seems more the goal of the whole approach. Basically, we now have two bypass methods dealing with the same/similar issue: 1) bypass the QDISC. 2) bypass network stack entirely with CONTROL_PORT. How does option 1) work for drivers that skip the QDISC for all traffic and rely on mac80211 to schedule the packets? Guess mac80211 can control that, right? Regards, Arend