Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp350051pxb; Mon, 16 Aug 2021 06:54:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJylXSQ6OgwL+D0lTTrnDrzoEm66AlBOhEowGevkGthY8hlih4NNwz0fNtBoacxpCZQhhxr4 X-Received: by 2002:a17:906:c2ca:: with SMTP id ch10mr16124155ejb.203.1629122096514; Mon, 16 Aug 2021 06:54:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629122096; cv=none; d=google.com; s=arc-20160816; b=Xoy2c0CraoK+yPEImiHjTrwKTLtUH/sq38jnxM9z+z/wpB12mFUSS4o3/0TYwjYEIC 1AHDvxyYknl5QgXJzpDgsmDbG/wgdo4DiDFyEppSQvXftOQq9xcbzaDO/GwB50MrzbOU s6bJeqgBcWWkl19xt2wMoFDIV/Srmd9G4wMQAAQ1upQULAvEP2BEGSXJCebI55qPXj8o EM/2Hv0iGPqPoB1ngczVWtvYy/DavkXJ2qh1iH+1AtVPG62CwFoMqv6ov4h2ry6q0j/t J7HPic0AQtUQEeYlQJTOJ3oQwbE/meLv38FSKQs7xo43x1KGiCHaFCNWK38buVklazxs 7Fuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-signature; bh=94uyQ/Y3UGrErl2d7WvNOsT3dUU8l/TaaASeFSuZ4wQ=; b=z399HhBgkqBoYR2ywrZo1fKkd9DO8SQdht9Mv6tJGnUkpM4RWx/v7ClrtgN9jzhE0R tEnv/8Q/oqgzM/u263cZ7Vn9M2LxoID9l4TC/LTzqQJB1PWAXJq+cFkyY5KKF849ujuF FGbx3CUVWVUbPI/oTD2EvkP/ql4zrFV20GkSjpfvtKS3fd8wEuVnTxls2+WcvO7SlWEa Ik9jf8hsbfyjKBpGW5ubjxugUiMI3BmQZgis/7rgS+2iUzJWoe5J7HLpRuW9a4sDTiRM 1yZLidrHQuVllxgqJsPtl1WngUF0XTmv43MnEuUBrRCJSPthoNWPK1KgxmuWOPfD4VYa wRwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kroah.com header.s=fm1 header.b=NEttHJfI; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=JmZYa7HU; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p5si10607450edr.370.2021.08.16.06.54.33; Mon, 16 Aug 2021 06:54:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kroah.com header.s=fm1 header.b=NEttHJfI; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=JmZYa7HU; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230180AbhHPNyw (ORCPT + 99 others); Mon, 16 Aug 2021 09:54:52 -0400 Received: from wnew4-smtp.messagingengine.com ([64.147.123.18]:50369 "EHLO wnew4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230071AbhHPNys (ORCPT ); Mon, 16 Aug 2021 09:54:48 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailnew.west.internal (Postfix) with ESMTP id 0D4BB2B01258; Mon, 16 Aug 2021 09:54:14 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Mon, 16 Aug 2021 09:54:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kroah.com; h= date:from:to:cc:subject:message-id:references:mime-version :content-type:content-transfer-encoding:in-reply-to; s=fm1; bh=9 4uyQ/Y3UGrErl2d7WvNOsT3dUU8l/TaaASeFSuZ4wQ=; b=NEttHJfIQq8CeT46E LjAMXnaiIs7D72771ZpXr7rNg6VUZjBIenPKwshF2OA2Zzed002Ljbt9IexsRFKd Y/IvLURs5A2iWlX7NjCZsMqpMR/96sxF00WQxAdvMJK9LQdCUDUAMAu16ndQscxf 3Yt/1OCkruhLDh5N7HI3kOoopDku+ebk2RgpPiSd2qLMx32QfLbGEeOK8Wu6Jk6G qdXqp2SeR4LinYi7Eb0jMaEhST+UmadU9RKM2WXEn/ptAMgmBpBObtJDlrZx+gYF V7aAl4TPtzFDYiCmsF7av2RI0y+cXmC3oEdcsR5uTPhbI643spBWfSKjh1IoK/U/ nu7bQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=94uyQ/Y3UGrErl2d7WvNOsT3dUU8l/TaaASeFSuZ4 wQ=; b=JmZYa7HUS2u05avuWAnQ9DIWW3iCEQKD2rjsd+4WrBP7UuIrnQAGGoXwF zTH8ZnGDxTYMYaXU5Hbw5wv1o5T41nlZ/lakIwQf7obkCvxgegFdW6fHotD2eX6w LO4gCRtZpvzYHHgZJ2YAjKDF9cB1PaGPrRHNdMMlHCdHrY0pAS21YU+mvjwOP3eo VmNhwfD3a9C5qRDN2KXkkhV53OqASF82f5ByneFM//ljOjDZBy08HSnJm/w95xIe 4+ImYdXT0zaqH5DMjcxPoO+mUdizA3Wjv75RbImA7zxO6DnaB3lTBAC8+gOpYzXh 73O5E6Cgtk/jzrDlUE7EWHvomj4/A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrledugdejtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkfhggtggugfgjsehtkeertddttddunecuhfhrohhmpefirhgvghcu mffjuceoghhrvghgsehkrhhorghhrdgtohhmqeenucggtffrrghtthgvrhhnpedvfffgue eiuefhheevheetgfehvdefgeekfeevueejfeeftdetudetiefhheffvdenucffohhmrghi nhepkhgvrhhnvghlrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpe hmrghilhhfrhhomhepghhrvghgsehkrhhorghhrdgtohhm X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 16 Aug 2021 09:54:13 -0400 (EDT) Date: Mon, 16 Aug 2021 15:54:03 +0200 From: Greg KH To: Pali =?iso-8859-1?Q?Roh=E1r?= Cc: stable@vger.kernel.org, Johannes Berg , Sasha Levin , Luca Coelho , linux-wireless@vger.kernel.org Subject: Re: [PATCH] mac80211: drop data frames without key on encrypted links Message-ID: References: <20200327150342.252AF20748@mail.kernel.org> <20210816134424.28191-1-pali@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20210816134424.28191-1-pali@kernel.org> Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Mon, Aug 16, 2021 at 03:44:24PM +0200, Pali Roh?r wrote: > From: Johannes Berg > > commit a0761a301746ec2d92d7fcb82af69c0a6a4339aa upstream. > > If we know that we have an encrypted link (based on having had > a key configured for TX in the past) then drop all data frames > in the key selection handler if there's no key anymore. > > This fixes an issue with mac80211 internal TXQs - there we can > buffer frames for an encrypted link, but then if the key is no > longer there when they're dequeued, the frames are sent without > encryption. This happens if a station is disconnected while the > frames are still on the TXQ. > > Detecting that a link should be encrypted based on a first key > having been configured for TX is fine as there are no use cases > for a connection going from with encryption to no encryption. > With extended key IDs, however, there is a case of having a key > configured for only decryption, so we can't just trigger this > behaviour on a key being configured. > > Cc: stable@vger.kernel.org > Reported-by: Jouni Malinen > Signed-off-by: Johannes Berg > Signed-off-by: Luca Coelho > Link: https://lore.kernel.org/r/iwlwifi.20200326150855.6865c7f28a14.I9fb1d911b064262d33e33dfba730cdeef83926ca@changeid > Signed-off-by: Johannes Berg > [pali: Backported to 4.19 and older versions] > Signed-off-by: Pali Roh?r Now queued up, thanks! Did not apply to 4.4.y, don't know if you want it there or not... thanks, greg k-h