Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1228212pxf; Fri, 26 Mar 2021 03:58:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyVXrM3fa/ziBslj7/1tL6x/5V6tNtghWipF4KabRQX4Zbaa4WV1EBKjOfdYaPg+9rz4A6e X-Received: by 2002:a05:6402:40d5:: with SMTP id z21mr14670168edb.20.1616756333196; Fri, 26 Mar 2021 03:58:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616756333; cv=none; d=google.com; s=arc-20160816; b=yH8JTD5nICWYK8dmrx3QJP6VPAvMiaPoxzf5o/gFRCxtJ1M5dtYLoE9TN5xRKqfx8P hQnV+Bvs2G5eBCGflnFrce/mdRvtY7muGxmnKlQhgmRu3mr/E2Nwt0xSSMLBdopj8yb3 ON9x8Q+GB1yznazpg3fX/6hnuJmlOI+e33eaIXkNmCs04R/5R8d0OJiLNnsV7ujsMz4f yce3zUGCBlFJrd578ArgxvBfUIpIJl6U+yWGmLa8IV6z338+k07yG6ca6hb+ZMGFOCQ9 kFPxZqxepIpe3SGoutpHrSlRHKVzba8acqXZ+CwHc5KxUyQaBuXRcfXmG7IX9vSFicRi 91PA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:cc:to:from; bh=42ZPCgKbUJVT4yB+yPKQfEE6tcMJGCpeFX/kyseKqzQ=; b=A/43vinw2QohtN6Y4Vs4/gZSkfXH6WczR6QYarZCbr13QpchK/wxN9RMrwogRTnaYa O7fQQzi3mzadn6U5pago9pMNRjXHPrbDLYBmLjbF6wUc6m1ziKPWEaQlY8lSD+LQHx4y h+nX2WLsVYPBZqaZDwybPkDck1ou8DSiNgLdOdTXur+eKsI01Mu9fwMKIcbiWj5sth2C wgyxEvYqVz51GKgy8tXqDKHEg2foU2x990QYMFLibhn8vJ3lW/9u6gw97eyNBUZrv1sV gL+OKGoSxUMMtkz1qfM8p+PDL25pYZfWG0HcSG/J1GL8+3weCk+JcZVLNq7hPnDeb6RJ wZGA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i26si8813038edb.84.2021.03.26.03.58.29; Fri, 26 Mar 2021 03:58:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230105AbhCZK55 (ORCPT + 99 others); Fri, 26 Mar 2021 06:57:57 -0400 Received: from paleale.coelho.fi ([176.9.41.70]:43408 "EHLO farmhouse.coelho.fi" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S230070AbhCZK5c (ORCPT ); Fri, 26 Mar 2021 06:57:32 -0400 Received: from 91-156-6-193.elisa-laajakaista.fi ([91.156.6.193] helo=kveik.ger.corp.intel.com) by farmhouse.coelho.fi with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94) (envelope-from ) id 1lPk9h-0003Gc-9t; Fri, 26 Mar 2021 12:57:30 +0200 From: Luca Coelho To: kvalo@codeaurora.org Cc: linux-wireless@vger.kernel.org Date: Fri, 26 Mar 2021 12:57:23 +0200 Message-Id: X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210326105723.211843-1-luca@coelho.fi> References: <20210326105723.211843-1-luca@coelho.fi> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Checker-Version: SpamAssassin 3.4.5-pre1 (2020-06-20) on farmhouse.coelho.fi X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, TVD_RCVD_IP autolearn=ham autolearn_force=no version=3.4.5-pre1 Subject: [PATCH v2 for v5.12 7/7] iwlwifi: mvm: fix beacon protection checks Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Johannes Berg Unfortunately, since beacon protection isn't fully available yet, we didn't notice that there are problems with it and that the replay detection isn't working correctly. We were relying only on mac80211, since iwl_mvm_rx_crypto() exits when !ieee80211_has_protected(), which is of course true for protected (but not encrypted) management frames. Fix this to properly detect protected (but not encrypted) management frames and handle them - we continue to only care about beacons since for others everything can and will be checked in mac80211. Signed-off-by: Johannes Berg Fixes: b1fdc2505abc ("iwlwifi: mvm: advertise BIGTK client support if available") Signed-off-by: Luca Coelho --- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c index c21736f80c29..af5a6dd81c41 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c @@ -272,10 +272,10 @@ static void iwl_mvm_get_signal_strength(struct iwl_mvm *mvm, rx_status->chain_signal[2] = S8_MIN; } -static int iwl_mvm_rx_mgmt_crypto(struct ieee80211_sta *sta, - struct ieee80211_hdr *hdr, - struct iwl_rx_mpdu_desc *desc, - u32 status) +static int iwl_mvm_rx_mgmt_prot(struct ieee80211_sta *sta, + struct ieee80211_hdr *hdr, + struct iwl_rx_mpdu_desc *desc, + u32 status) { struct iwl_mvm_sta *mvmsta; struct iwl_mvm_vif *mvmvif; @@ -285,6 +285,9 @@ static int iwl_mvm_rx_mgmt_crypto(struct ieee80211_sta *sta, u32 len = le16_to_cpu(desc->mpdu_len); const u8 *frame = (void *)hdr; + if ((status & IWL_RX_MPDU_STATUS_SEC_MASK) == IWL_RX_MPDU_STATUS_SEC_NONE) + return 0; + /* * For non-beacon, we don't really care. But beacons may * be filtered out, and we thus need the firmware's replay @@ -356,6 +359,10 @@ static int iwl_mvm_rx_crypto(struct iwl_mvm *mvm, struct ieee80211_sta *sta, IWL_RX_MPDU_STATUS_SEC_UNKNOWN && !mvm->monitor_on) return -1; + if (unlikely(ieee80211_is_mgmt(hdr->frame_control) && + !ieee80211_has_protected(hdr->frame_control))) + return iwl_mvm_rx_mgmt_prot(sta, hdr, desc, status); + if (!ieee80211_has_protected(hdr->frame_control) || (status & IWL_RX_MPDU_STATUS_SEC_MASK) == IWL_RX_MPDU_STATUS_SEC_NONE) @@ -411,7 +418,7 @@ static int iwl_mvm_rx_crypto(struct iwl_mvm *mvm, struct ieee80211_sta *sta, stats->flag |= RX_FLAG_DECRYPTED; return 0; case RX_MPDU_RES_STATUS_SEC_CMAC_GMAC_ENC: - return iwl_mvm_rx_mgmt_crypto(sta, hdr, desc, status); + break; default: /* * Sometimes we can get frames that were not decrypted -- 2.31.0