Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
From:   Veerendranath Jakkam <quic_vjakkam@quicinc.com>
To:     <johannes@sipsolutions.net>
CC:     <linux-wireless@vger.kernel.org>
Subject: [PATCH] cfg80211: Add support for sending more than two AKMs in crypto settings
Date:   Mon, 18 Apr 2022 17:53:32 +0530
Message-ID: <1650284612-14801-1-git-send-email-quic_vjakkam@quicinc.com>
MIME-Version: 1.0
Content-Type: text/plain
Precedence: bulk

Add support to indicate maximum number of AKMs allowed in
NL80211_CMD_CONNECT, NL80211_CMD_ASSOCIATE and NL80211_CMD_START_AP.
If the driver doesn't indicate the capability, maximum limit is set to
the legacy value i.e. NL80211_MAX_NR_AKM_SUITE.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
---
 drivers/net/wireless/ath/wil6210/cfg80211.c       |  3 +--
 drivers/net/wireless/quantenna/qtnfmac/commands.c |  6 ++++--
 include/net/cfg80211.h                            |  6 +++++-
 include/uapi/linux/nl80211.h                      | 15 +++++++++++++++
 net/wireless/core.c                               | 11 +++++++++++
 net/wireless/nl80211.c                            | 15 +++++++++++++--
 net/wireless/sme.c                                | 20 +++++++++++++++++++-
 net/wireless/wext-compat.c                        |  8 ++++++++
 8 files changed, 76 insertions(+), 8 deletions(-)

diff --git a/drivers/net/wireless/ath/wil6210/cfg80211.c b/drivers/net/wireless/ath/wil6210/cfg80211.c
index 764d1d1..ac40fe2 100644
--- a/drivers/net/wireless/ath/wil6210/cfg80211.c
+++ b/drivers/net/wireless/ath/wil6210/cfg80211.c
@@ -1073,8 +1073,7 @@ static void wil_print_crypto(struct wil6210_priv *wil,
 			     c->ciphers_pairwise[i]);
 	wil_dbg_misc(wil, "}\n");
 	wil_dbg_misc(wil, "AKM suites [%d] {\n", c->n_akm_suites);
-	n = min_t(int, c->n_akm_suites, ARRAY_SIZE(c->akm_suites));
-	for (i = 0; i < n; i++)
+	for (i = 0; i < c->n_akm_suites; i++)
 		wil_dbg_misc(wil, "  [%d] = 0x%08x\n", i,
 			     c->akm_suites[i]);
 	wil_dbg_misc(wil, "}\n");
diff --git a/drivers/net/wireless/quantenna/qtnfmac/commands.c b/drivers/net/wireless/quantenna/qtnfmac/commands.c
index c68563c..866355ae 100644
--- a/drivers/net/wireless/quantenna/qtnfmac/commands.c
+++ b/drivers/net/wireless/quantenna/qtnfmac/commands.c
@@ -281,7 +281,8 @@ int qtnf_cmd_send_start_ap(struct qtnf_vif *vif,
 		aen->ciphers_pairwise[i] =
 				cpu_to_le32(s->crypto.ciphers_pairwise[i]);
 	aen->n_akm_suites = cpu_to_le32(s->crypto.n_akm_suites);
-	for (i = 0; i < QLINK_MAX_NR_AKM_SUITES; i++)
+	for (i = 0; i < min(QLINK_MAX_NR_AKM_SUITES, s->crypto.n_akm_suites);
+	     i++)
 		aen->akm_suites[i] = cpu_to_le32(s->crypto.akm_suites[i]);
 	aen->control_port = s->crypto.control_port;
 	aen->control_port_no_encrypt = s->crypto.control_port_no_encrypt;
@@ -2134,7 +2135,8 @@ int qtnf_cmd_send_connect(struct qtnf_vif *vif,
 
 	aen->n_akm_suites = cpu_to_le32(sme->crypto.n_akm_suites);
 
-	for (i = 0; i < QLINK_MAX_NR_AKM_SUITES; i++)
+	for (i = 0; i < min(QLINK_MAX_NR_AKM_SUITES, s->crypto.n_akm_suites);
+	     i++)
 		aen->akm_suites[i] = cpu_to_le32(sme->crypto.akm_suites[i]);
 
 	aen->control_port = sme->crypto.control_port;
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 6871338..48c7ab1 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -1112,7 +1112,7 @@ struct cfg80211_crypto_settings {
 	int n_ciphers_pairwise;
 	u32 ciphers_pairwise[NL80211_MAX_NR_CIPHER_SUITES];
 	int n_akm_suites;
-	u32 akm_suites[NL80211_MAX_NR_AKM_SUITES];
+	u32 *akm_suites;
 	bool control_port;
 	__be16 control_port_ethertype;
 	bool control_port_no_encrypt;
@@ -5129,6 +5129,9 @@ struct wiphy_iftype_akm_suites {
  * @ema_max_profile_periodicity: maximum profile periodicity supported by
  *	the driver. Setting this field to a non-zero value indicates that the
  *	driver supports enhanced multi-BSSID advertisements (EMA AP).
+ * @max_num_akm_suites: maximum supported number of AKM suites for
+ *	configuration through %NL80211_CMD_CONNECT, %NL80211_CMD_ASSOCIATE and
+ *	%NL80211_CMD_START_AP.
  */
 struct wiphy {
 	struct mutex mtx;
@@ -5275,6 +5278,7 @@ struct wiphy {
 
 	u8 mbssid_max_interfaces;
 	u8 ema_max_profile_periodicity;
+	u16 max_num_akm_suites;
 
 	char priv[] __aligned(NETDEV_ALIGN);
 };
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index 0568a79..00fa5ea 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -2663,6 +2663,13 @@ enum nl80211_commands {
  *	association request when used with NL80211_CMD_NEW_STATION). Can be set
  *	only if %NL80211_STA_FLAG_WME is set.
  *
+ * @NL80211_ATTR_MAX_NUM_AKM_SUITES: U16 attribute. Indicates maximum number of
+ *	AKM suites allowed for %NL80211_CMD_CONNECT, %NL80211_CMD_ASSOCIATE and
+ *	%NL80211_CMD_START_AP. If this attribute is not present userspace shall
+ *	consider maximum number of AKM suites supported as
+ *	%NL80211_MAX_NR_AKM_SUITES which is the legacy maximum number prior to
+ *	the introduction of this attribute.
+ *
  * @NUM_NL80211_ATTR: total number of nl80211_attrs available
  * @NL80211_ATTR_MAX: highest attribute number currently defined
  * @__NL80211_ATTR_AFTER_LAST: internal use
@@ -3175,6 +3182,8 @@ enum nl80211_attrs {
 
 	NL80211_ATTR_EHT_CAPABILITY,
 
+	NL80211_ATTR_MAX_NUM_AKM_SUITES,
+
 	/* add attributes here, update the policy in nl80211.c */
 
 	__NL80211_ATTR_AFTER_LAST,
@@ -3229,6 +3238,12 @@ enum nl80211_attrs {
 #define NL80211_HE_MIN_CAPABILITY_LEN           16
 #define NL80211_HE_MAX_CAPABILITY_LEN           54
 #define NL80211_MAX_NR_CIPHER_SUITES		5
+
+/*
+ * NL80211_MAX_NR_AKM_SUITES is obsolete and not used for indicating maximum
+ * number of supported AKM suites. Instead, maximum number of supported AKM
+ * suites is indicated using %NL80211_ATTR_MAX_NUM_AKM_SUITES attribute.
+ */
 #define NL80211_MAX_NR_AKM_SUITES		2
 #define NL80211_EHT_MIN_CAPABILITY_LEN          13
 #define NL80211_EHT_MAX_CAPABILITY_LEN          51
diff --git a/net/wireless/core.c b/net/wireless/core.c
index f08d4b3..282cabc 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -913,6 +913,15 @@ int wiphy_register(struct wiphy *wiphy)
 		return -EINVAL;
 #endif
 
+	/*
+	 * Maximum number of AKM suites allowed for NL80211_CMD_CONECT,
+	 * NL80211_CMD_ASSOCIATE and NL80211_CMD_START_AP, must be at least
+	 * NL80211_MAX_NR_AKM_SUITES to avoid issues with legacy userspace.
+	 */
+	if (WARN_ON(wiphy->max_num_akm_suites &&
+		    wiphy->max_num_akm_suites < NL80211_MAX_NR_AKM_SUITES))
+		return -EINVAL;
+
 	/* check and set up bitrates */
 	ieee80211_set_bitrate_flags(wiphy);
 
@@ -1154,6 +1163,8 @@ static void _cfg80211_unregister_wdev(struct wireless_dev *wdev,
 #ifdef CONFIG_CFG80211_WEXT
 	kfree_sensitive(wdev->wext.keys);
 	wdev->wext.keys = NULL;
+	kfree(wdev->wext.connect.crypto.akm_suites);
+	wdev->wext.connect.crypto.akm_suites = NULL;
 #endif
 	/* only initialized if we have a netdev */
 	if (wdev->netdev)
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 711061c..4b7cbd5 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -790,6 +790,7 @@ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
 		NLA_POLICY_RANGE(NLA_BINARY,
 				 NL80211_EHT_MIN_CAPABILITY_LEN,
 				 NL80211_EHT_MAX_CAPABILITY_LEN),
+	[NL80211_ATTR_MAX_NUM_AKM_SUITES] = { .type = NLA_U16 },
 };
 
 /* policy for the key attributes */
@@ -2889,6 +2890,12 @@ static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
 		if (nl80211_put_mbssid_support(&rdev->wiphy, msg))
 			goto nla_put_failure;
 
+		if (nla_put_u16(msg, NL80211_ATTR_MAX_NUM_AKM_SUITES,
+				rdev->wiphy.max_num_akm_suites ?
+				rdev->wiphy.max_num_akm_suites :
+				NL80211_MAX_NR_AKM_SUITES))
+			goto nla_put_failure;
+
 		/* done */
 		state->split_start = 0;
 		break;
@@ -10253,6 +10260,7 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
 		void *data;
 		int len;
+		int max_num_akm_suites = NL80211_MAX_NR_AKM_SUITES;
 
 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
@@ -10261,10 +10269,13 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
 		if (len % sizeof(u32))
 			return -EINVAL;
 
-		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
+		if (rdev->wiphy.max_num_akm_suites)
+			max_num_akm_suites = rdev->wiphy.max_num_akm_suites;
+
+		if (settings->n_akm_suites > max_num_akm_suites)
 			return -EINVAL;
 
-		memcpy(settings->akm_suites, data, len);
+		settings->akm_suites = data;
 	}
 
 	if (info->attrs[NL80211_ATTR_PMK]) {
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index ff4d48fc..1ff9513 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -57,6 +57,7 @@ static void cfg80211_sme_free(struct wireless_dev *wdev)
 		return;
 
 	kfree(wdev->conn->ie);
+	kfree(wdev->conn->params.crypto.akm_suites);
 	kfree(wdev->conn);
 	wdev->conn = NULL;
 }
@@ -537,7 +538,8 @@ static int cfg80211_sme_connect(struct wireless_dev *wdev,
 		return -ENOMEM;
 
 	/*
-	 * Copy all parameters, and treat explicitly IEs, BSSID, SSID.
+	 * Copy all parameters, and treat explicitly IEs, BSSID, SSID,
+	 * AKM SUITES.
 	 */
 	memcpy(&wdev->conn->params, connect, sizeof(*connect));
 	if (connect->bssid) {
@@ -563,6 +565,22 @@ static int cfg80211_sme_connect(struct wireless_dev *wdev,
 		wdev->conn->auto_auth = false;
 	}
 
+	if (connect->crypto.n_akm_suites) {
+		wdev->conn->params.crypto.akm_suites =
+			kcalloc(connect->crypto.n_akm_suites, sizeof(u32),
+				GFP_KERNEL);
+		if (!wdev->conn->params.crypto.akm_suites) {
+			cfg80211_sme_free(wdev);
+			return -ENOMEM;
+		}
+
+		wdev->conn->params.crypto.n_akm_suites =
+			connect->crypto.n_akm_suites;
+		memcpy(wdev->conn->params.crypto.akm_suites,
+		       connect->crypto.akm_suites,
+		       sizeof(u32) * connect->crypto.n_akm_suites);
+	}
+
 	wdev->conn->params.ssid = wdev->ssid;
 	wdev->conn->params.ssid_len = wdev->ssid_len;
 
diff --git a/net/wireless/wext-compat.c b/net/wireless/wext-compat.c
index a32065d..0d262e9 100644
--- a/net/wireless/wext-compat.c
+++ b/net/wireless/wext-compat.c
@@ -1102,6 +1102,14 @@ static int cfg80211_set_key_mgt(struct wireless_dev *wdev, u32 key_mgt)
 			IW_AUTH_KEY_MGMT_PSK))
 		return -EINVAL;
 
+	if (!wdev->wext.connect.crypto.akm_suites) {
+		wdev->wext.connect.crypto.akm_suites =
+			kcalloc(NL80211_MAX_NR_AKM_SUITES, sizeof(u32),
+				GFP_KERNEL);
+		if (!wdev->wext.connect.crypto.akm_suites)
+			return -ENOMEM;
+	}
+
 	if (key_mgt & IW_AUTH_KEY_MGMT_802_1X) {
 		wdev->wext.connect.crypto.akm_suites[nr_akm_suites] =
 			WLAN_AKM_SUITE_8021X;
-- 
2.7.4