Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp114955iob; Tue, 17 May 2022 20:43:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyBrL1Z9QPW98DVGiDY3ffy4Mwsdw4JKApbBzJftKUbHtp4sl54D8lP/xacGaMipx2keQfX X-Received: by 2002:a17:902:e5c3:b0:161:c96e:93d0 with SMTP id u3-20020a170902e5c300b00161c96e93d0mr181906plf.101.1652845381695; Tue, 17 May 2022 20:43:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652845381; cv=none; d=google.com; s=arc-20160816; b=FCM66ZJZwK8HIAFU9T9HrqIcCevOjm6KccBZbf3oENfARUaEvGjI5KNd6quEhGVogl RwJhUYrBajlajfDzcU3k70o5VwmwMV7sRZliQthuUczP4DZmqz3fTEX9m9EcGyo8YZFj 0ERZCiWJoUemdulWB1r5DZqt1bgNHCgpPctkUXteDuG3ZljDahT15K1k6JBwgPHwggzM ACN61L29MB4JslkUqjZBxNocqoR0ynHJIf3521cufb6LP2qEqXpJC6lKR9iZuT8KnaVc IqV2N9xBSzZFlDOEoEOgZ7dCcXmN9Rp9gjFyyLNgE4EuoJwmSYrPt1EAvqWReSmi6cZ6 Yrog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=v4hYl5QdWPKCAaa2Uhyig6ki2KJ0yYl9Y72gO2qUj7U=; b=hms3Y5+UG7FWG/xjkKzpFzc86n7fJkafEBhIWS93uUFrUv0/h1jhn4aXc/K/71plRH 6zMkKU8AQ7BQEmIvpkdF/VpTS5HijkZauLbAdj3tb/km91PGu7wSgEAXvhG87Db5GuFD b9p9aGuebvIo+bLXkf95pQZ00V0Os4Vtx+UaEqdvHPS6PvqiDCSs4IjaiXKtqRtO4YVM MZXwkvhCA5RM2CEi9nuX7X1skClNz2LJLcXKdA2ALY8LQjfHPbXhWZ48FYAaEKYWx/DO 7D5KNJ9JGd7aAvQExxAwux81pQGtTlvkjPwloKY+Wmx3bweUFPy2x36Q9ie6UbsbLau6 Tb2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=LYJJDGLL; spf=softfail (google.com: domain of transitioning linux-wireless-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id v3-20020a634803000000b003ab106d8db2si1195974pga.200.2022.05.17.20.43.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 May 2022 20:43:01 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-wireless-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=LYJJDGLL; spf=softfail (google.com: domain of transitioning linux-wireless-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id B5B707CB03; Tue, 17 May 2022 20:30:12 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244341AbiEQJIH (ORCPT + 70 others); Tue, 17 May 2022 05:08:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34360 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244345AbiEQJHn (ORCPT ); Tue, 17 May 2022 05:07:43 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C699520BD7 for ; Tue, 17 May 2022 02:06:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1652778405; x=1684314405; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=DGSOyS/l9Mp9ua7U5b2t4HvZ60aLMXEX8U7XTxT8758=; b=LYJJDGLLrBb37WdX5em7pgcE6+JHSiPI8Q8CFXH7wzm3MxNqzs1/c/5z qLvoakJIYc51d7U+Lwq6jyVYHn+kwbHEcVXsDl6XtWI0k94XkNP2bYVoo YrxxmuavbS2GDTYbJmbp2j+tYbhKNcCrHihVqPyi1L0FBYAycva0BWwpG UJXa3UT7GSo7I4iuROyrRseBs19GQ1U8SwVSQtPHA6ukNc7DgwXkxsF0+ 9ih99FNCFeUXag5ty8qz0Xq1lRH82mc7xjvSPxCw6yZ1EjO8S1QFFvurk HM3SOAcMI7YsPO80K3T9knByXeAPXrSYjHbflRSZyJILHkLpohLBq8Blz g==; X-IronPort-AV: E=McAfee;i="6400,9594,10349"; a="271064812" X-IronPort-AV: E=Sophos;i="5.91,232,1647327600"; d="scan'208";a="271064812" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 May 2022 02:06:30 -0700 X-IronPort-AV: E=Sophos;i="5.91,232,1647327600"; d="scan'208";a="741679751" Received: from sgens-mobl3.ger.corp.intel.com (HELO ggreenma-mobl2.lan) ([10.214.212.48]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 May 2022 02:06:29 -0700 From: gregory.greenman@intel.com To: kvalo@kernel.org Cc: johannes@sipsolutions.net, gregory.greenman@intel.com, linux-wireless@vger.kernel.org, Emmanuel Grumbach Subject: [PATCH 07/10] iwlwifi: mvm: always tell the firmware to accept MCAST frames in BSS Date: Tue, 17 May 2022 12:05:11 +0300 Message-Id: <20220517120045.479956a46317.I21fac7ede9eca85a662671d694872898df884f0b@changeid> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220517090514.211796-1-gregory.greenman@intel.com> References: <20220517090514.211796-1-gregory.greenman@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Emmanuel Grumbach Make the firmware's life easier and always accept MCAST frames. If needed, drop them in the driver. We need to filter out MCAST frames in order not to have false positives in the decryption check. If we accept MCAST frames before we have the GKT installed, we'll end up complaining that we can't decrypt the frame. Implement the same filtering, but in the driver. Signed-off-by: Emmanuel Grumbach Signed-off-by: Gregory Greenman --- .../net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 13 +++--- drivers/net/wireless/intel/iwlwifi/mvm/rx.c | 44 ++++++++++++++----- 2 files changed, 38 insertions(+), 19 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c index e7f18f549ca9..56fa20596f16 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c @@ -552,6 +552,12 @@ static int iwl_mvm_mac_ctxt_cmd_sta(struct iwl_mvm *mvm, /* Fill the common data for all mac context types */ iwl_mvm_mac_ctxt_cmd_common(mvm, vif, &cmd, bssid_override, action); + /* + * We always want to hear MCAST frames, if we're not authorized yet, + * we'll drop them. + */ + cmd.filter_flags |= cpu_to_le32(MAC_FILTER_ACCEPT_GRP); + if (vif->p2p) { struct ieee80211_p2p_noa_attr *noa = &vif->bss_conf.p2p_noa_attr; @@ -608,13 +614,6 @@ static int iwl_mvm_mac_ctxt_cmd_sta(struct iwl_mvm *mvm, IWL_UCODE_TLV_CAPA_COEX_HIGH_PRIO)) ctxt_sta->data_policy |= cpu_to_le32(COEX_HIGH_PRIORITY_ENABLE); - - /* - * allow multicast data frames only as long as the station is - * authorized, i.e., GTK keys are already installed (if needed) - */ - if (mvmvif->authorized) - cmd.filter_flags |= cpu_to_le32(MAC_FILTER_ACCEPT_GRP); } else { ctxt_sta->is_assoc = cpu_to_le32(0); diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rx.c b/drivers/net/wireless/intel/iwlwifi/mvm/rx.c index 78198da7e55b..49ca1e168fc5 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/rx.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/rx.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause /* - * Copyright (C) 2012-2014, 2018-2021 Intel Corporation + * Copyright (C) 2012-2014, 2018-2022 Intel Corporation * Copyright (C) 2013-2015 Intel Mobile Communications GmbH * Copyright (C) 2016-2017 Intel Deutschland GmbH */ @@ -326,17 +326,6 @@ void iwl_mvm_rx_rx_mpdu(struct iwl_mvm *mvm, struct napi_struct *napi, rx_status = IEEE80211_SKB_RXCB(skb); - /* - * drop the packet if it has failed being decrypted by HW - */ - if (iwl_mvm_set_mac80211_rx_flag(mvm, hdr, rx_status, rx_pkt_status, - &crypt_len)) { - IWL_DEBUG_DROP(mvm, "Bad decryption results 0x%08x\n", - rx_pkt_status); - kfree_skb(skb); - return; - } - /* * Keep packets with CRC errors (and with overrun) for monitor mode * (otherwise the firmware discards them) but mark them as bad. @@ -386,6 +375,37 @@ void iwl_mvm_rx_rx_mpdu(struct iwl_mvm *mvm, struct napi_struct *napi, sta = ieee80211_find_sta_by_ifaddr(mvm->hw, hdr->addr2, NULL); } + if (sta) { + struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); + struct ieee80211_vif *vif = mvmsta->vif; + struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); + + /* + * Don't even try to decrypt a MCAST frame that was received + * before the managed vif is authorized, we'd fail anyway. + */ + if (vif->type == NL80211_IFTYPE_STATION && + !mvmvif->authorized && + is_multicast_ether_addr(hdr->addr1)) { + IWL_DEBUG_DROP(mvm, "MCAST before the vif is authorized\n"); + kfree_skb(skb); + rcu_read_unlock(); + return; + } + } + + /* + * drop the packet if it has failed being decrypted by HW + */ + if (iwl_mvm_set_mac80211_rx_flag(mvm, hdr, rx_status, rx_pkt_status, + &crypt_len)) { + IWL_DEBUG_DROP(mvm, "Bad decryption results 0x%08x\n", + rx_pkt_status); + kfree_skb(skb); + rcu_read_unlock(); + return; + } + if (sta) { struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); struct ieee80211_vif *tx_blocked_vif = -- 2.35.1