* [PATCH 1/3] wifi: mac80211: remove RX_DROP_UNUSABLE
@ 2023-09-25 15:25 Johannes Berg
2023-09-25 15:25 ` [PATCH 2/3] wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value Johannes Berg
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Johannes Berg @ 2023-09-25 15:25 UTC (permalink / raw)
To: linux-wireless; +Cc: Johannes Berg
From: Johannes Berg <johannes.berg@intel.com>
Convert all instances of RX_DROP_UNUSABLE to indicate a
better reason, and then remove RX_DROP_UNUSABLE.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
net/mac80211/drop.h | 33 +++++++++++++++++++++++++++-
net/mac80211/rx.c | 52 ++++++++++++++++++++++-----------------------
net/mac80211/wep.c | 9 ++++----
net/mac80211/wpa.c | 42 ++++++++++++++++++------------------
4 files changed, 84 insertions(+), 52 deletions(-)
diff --git a/net/mac80211/drop.h b/net/mac80211/drop.h
index 1570fac8411f..725a07a5b614 100644
--- a/net/mac80211/drop.h
+++ b/net/mac80211/drop.h
@@ -21,6 +21,38 @@ typedef unsigned int __bitwise ieee80211_rx_result;
R(RX_DROP_U_MIC_FAIL) \
R(RX_DROP_U_REPLAY) \
R(RX_DROP_U_BAD_MMIE) \
+ R(RX_DROP_U_DUP) \
+ R(RX_DROP_U_SPURIOUS) \
+ R(RX_DROP_U_DECRYPT_FAIL) \
+ R(RX_DROP_U_NO_KEY_ID) \
+ R(RX_DROP_U_BAD_CIPHER) \
+ R(RX_DROP_U_OOM) \
+ R(RX_DROP_U_NONSEQ_PN) \
+ R(RX_DROP_U_BAD_KEY_COLOR) \
+ R(RX_DROP_U_BAD_4ADDR) \
+ R(RX_DROP_U_BAD_AMSDU) \
+ R(RX_DROP_U_BAD_AMSDU_CIPHER) \
+ R(RX_DROP_U_INVALID_8023) \
+ R(RX_DROP_U_RUNT_ACTION) \
+ R(RX_DROP_U_UNPROT_ACTION) \
+ R(RX_DROP_U_ACTION_UNKNOWN_SRC) \
+ R(RX_DROP_U_REJECTED_ACTION_RESPONSE) \
+ R(RX_DROP_U_EXPECT_DEFRAG_PROT) \
+ R(RX_DROP_U_WEP_DEC_FAIL) \
+ R(RX_DROP_U_NO_IV) \
+ R(RX_DROP_U_NO_ICV) \
+ R(RX_DROP_U_AP_RX_GROUPCAST) \
+ R(RX_DROP_U_SHORT_MMIC) \
+ R(RX_DROP_U_MMIC_FAIL) \
+ R(RX_DROP_U_SHORT_TKIP) \
+ R(RX_DROP_U_TKIP_FAIL) \
+ R(RX_DROP_U_SHORT_CCMP) \
+ R(RX_DROP_U_SHORT_CCMP_MIC) \
+ R(RX_DROP_U_SHORT_GCMP) \
+ R(RX_DROP_U_SHORT_GCMP_MIC) \
+ R(RX_DROP_U_SHORT_CMAC) \
+ R(RX_DROP_U_SHORT_CMAC256) \
+ R(RX_DROP_U_SHORT_GMAC) \
/* this line for the trailing \ - add before this */
/* having two enums allows for checking ieee80211_rx_result use with sparse */
@@ -46,7 +78,6 @@ enum mac80211_drop_reason {
RX_CONTINUE = (__force ieee80211_rx_result)___RX_CONTINUE,
RX_QUEUED = (__force ieee80211_rx_result)___RX_QUEUED,
RX_DROP_MONITOR = (__force ieee80211_rx_result)___RX_DROP_MONITOR,
- RX_DROP_UNUSABLE = (__force ieee80211_rx_result)___RX_DROP_UNUSABLE,
#define DEF(x) x = (__force ieee80211_rx_result)___ ## x,
MAC80211_DROP_REASONS_MONITOR(DEF)
MAC80211_DROP_REASONS_UNUSABLE(DEF)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 944adc9a51f1..1851b86fc5fd 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1436,7 +1436,7 @@ ieee80211_rx_h_check_dup(struct ieee80211_rx_data *rx)
rx->sta->last_seq_ctrl[rx->seqno_idx] == hdr->seq_ctrl)) {
I802_DEBUG_INC(rx->local->dot11FrameDuplicateCount);
rx->link_sta->rx_stats.num_duplicates++;
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_DUP;
} else if (!(status->flag & RX_FLAG_AMSDU_MORE)) {
rx->sta->last_seq_ctrl[rx->seqno_idx] = hdr->seq_ctrl;
}
@@ -1490,7 +1490,7 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
cfg80211_rx_spurious_frame(rx->sdata->dev,
hdr->addr2,
GFP_ATOMIC))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_SPURIOUS;
return RX_DROP_MONITOR;
}
@@ -1883,7 +1883,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
int keyidx;
- ieee80211_rx_result result = RX_DROP_UNUSABLE;
+ ieee80211_rx_result result = RX_DROP_U_DECRYPT_FAIL;
struct ieee80211_key *sta_ptk = NULL;
struct ieee80211_key *ptk_idx = NULL;
int mmie_keyidx = -1;
@@ -1933,7 +1933,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
keyid = ieee80211_get_keyid(rx->skb);
if (unlikely(keyid < 0))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_NO_KEY_ID;
ptk_idx = rcu_dereference(rx->sta->ptk[keyid]);
}
@@ -2038,7 +2038,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
keyidx = ieee80211_get_keyid(rx->skb);
if (unlikely(keyidx < 0))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_NO_KEY_ID;
/* check per-station GTK first, if multicast packet */
if (is_multicast_ether_addr(hdr->addr1) && rx->link_sta)
@@ -2104,7 +2104,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
result = ieee80211_crypto_gcmp_decrypt(rx);
break;
default:
- result = RX_DROP_UNUSABLE;
+ result = RX_DROP_U_BAD_CIPHER;
}
/* the hdr variable is invalid after the decrypt handlers */
@@ -2249,7 +2249,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
I802_DEBUG_INC(rx->local->rx_handlers_fragments);
if (skb_linearize(rx->skb))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_OOM;
/*
* skb_linearize() might change the skb->data and
@@ -2312,11 +2312,11 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
u8 pn[IEEE80211_CCMP_PN_LEN], *rpn;
if (!requires_sequential_pn(rx, fc))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_NONSEQ_PN;
/* Prevent mixed key and fragment cache attacks */
if (entry->key_color != rx->key->color)
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_BAD_KEY_COLOR;
memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN);
for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) {
@@ -2327,7 +2327,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
rpn = rx->ccm_gcm.pn;
if (memcmp(pn, rpn, IEEE80211_CCMP_PN_LEN))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_REPLAY;
memcpy(entry->last_pn, pn, IEEE80211_CCMP_PN_LEN);
} else if (entry->is_protected &&
(!rx->key ||
@@ -2338,11 +2338,11 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
* if for TKIP Michael MIC should protect us, and WEP is a
* lost cause anyway.
*/
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_EXPECT_DEFRAG_PROT;
} else if (entry->is_protected && rx->key &&
entry->key_color != rx->key->color &&
(status->flag & RX_FLAG_DECRYPTED)) {
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_BAD_KEY_COLOR;
}
skb_pull(rx->skb, ieee80211_hdrlen(fc));
@@ -2361,7 +2361,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
GFP_ATOMIC))) {
I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
__skb_queue_purge(&entry->skb_list);
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_OOM;
}
}
while ((skb = __skb_dequeue(&entry->skb_list))) {
@@ -2904,10 +2904,10 @@ ieee80211_rx_mesh_data(struct ieee80211_sub_if_data *sdata, struct sta_info *sta
skb = NULL;
if (skb_cow_head(fwd_skb, hdrlen - sizeof(struct ethhdr)))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_OOM;
if (skb_linearize(fwd_skb))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_OOM;
}
fwd_hdr = skb_push(fwd_skb, hdrlen - sizeof(struct ethhdr));
@@ -3003,7 +3003,7 @@ __ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx, u8 data_offset)
rx->sdata->vif.addr,
rx->sdata->vif.type,
data_offset, true))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_BAD_AMSDU;
if (rx->sta->amsdu_mesh_control < 0) {
s8 valid = -1;
@@ -3078,21 +3078,21 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
switch (rx->sdata->vif.type) {
case NL80211_IFTYPE_AP_VLAN:
if (!rx->sdata->u.vlan.sta)
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_BAD_4ADDR;
break;
case NL80211_IFTYPE_STATION:
if (!rx->sdata->u.mgd.use_4addr)
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_BAD_4ADDR;
break;
case NL80211_IFTYPE_MESH_POINT:
break;
default:
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_BAD_4ADDR;
}
}
if (is_multicast_ether_addr(hdr->addr1) || !rx->sta)
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_BAD_AMSDU;
if (rx->key) {
/*
@@ -3105,7 +3105,7 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
case WLAN_CIPHER_SUITE_WEP40:
case WLAN_CIPHER_SUITE_WEP104:
case WLAN_CIPHER_SUITE_TKIP:
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_BAD_AMSDU_CIPHER;
default:
break;
}
@@ -3147,7 +3147,7 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
err = __ieee80211_data_to_8023(rx, &port_control);
if (unlikely(err))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_INVALID_8023;
res = ieee80211_rx_mesh_data(rx->sdata, rx->sta, rx->skb);
if (res != RX_CONTINUE)
@@ -3379,7 +3379,7 @@ ieee80211_rx_h_mgmt_check(struct ieee80211_rx_data *rx)
/* drop too small action frames */
if (ieee80211_is_action(mgmt->frame_control) &&
rx->skb->len < IEEE80211_MIN_ACTION_SIZE)
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_RUNT_ACTION;
if (rx->sdata->vif.type == NL80211_IFTYPE_AP &&
ieee80211_is_beacon(mgmt->frame_control) &&
@@ -3401,7 +3401,7 @@ ieee80211_rx_h_mgmt_check(struct ieee80211_rx_data *rx)
}
if (ieee80211_drop_unencrypted_mgmt(rx))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_UNPROT_ACTION;
return RX_CONTINUE;
}
@@ -3473,7 +3473,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
if (!rx->sta && mgmt->u.action.category != WLAN_CATEGORY_PUBLIC &&
mgmt->u.action.category != WLAN_CATEGORY_SELF_PROTECTED &&
mgmt->u.action.category != WLAN_CATEGORY_SPECTRUM_MGMT)
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_ACTION_UNKNOWN_SRC;
switch (mgmt->u.action.category) {
case WLAN_CATEGORY_HT:
@@ -3878,7 +3878,7 @@ ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx)
/* do not return rejected action frames */
if (mgmt->u.action.category & 0x80)
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_REJECTED_ACTION_RESPONSE;
nskb = skb_copy_expand(rx->skb, local->hw.extra_tx_headroom, 0,
GFP_ATOMIC);
diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c
index 9a6e11d7b4db..5c01e121481a 100644
--- a/net/mac80211/wep.c
+++ b/net/mac80211/wep.c
@@ -3,6 +3,7 @@
* Software WEP encryption implementation
* Copyright 2002, Jouni Malinen <jkmaline@cc.hut.fi>
* Copyright 2003, Instant802 Networks, Inc.
+ * Copyright (C) 2023 Intel Corporation
*/
#include <linux/netdevice.h>
@@ -250,18 +251,18 @@ ieee80211_crypto_wep_decrypt(struct ieee80211_rx_data *rx)
if (!(status->flag & RX_FLAG_DECRYPTED)) {
if (skb_linearize(rx->skb))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_OOM;
if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_WEP_DEC_FAIL;
} else if (!(status->flag & RX_FLAG_IV_STRIPPED)) {
if (!pskb_may_pull(rx->skb, ieee80211_hdrlen(fc) +
IEEE80211_WEP_IV_LEN))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_NO_IV;
ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
/* remove ICV */
if (!(status->flag & RX_FLAG_ICV_STRIPPED) &&
pskb_trim(rx->skb, rx->skb->len - IEEE80211_WEP_ICV_LEN))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_NO_ICV;
}
return RX_CONTINUE;
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index 2d8e38b3bcb5..94dae7cb6dbd 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -3,7 +3,7 @@
* Copyright 2002-2004, Instant802 Networks, Inc.
* Copyright 2008, Jouni Malinen <j@w1.fi>
* Copyright (C) 2016-2017 Intel Deutschland GmbH
- * Copyright (C) 2020-2022 Intel Corporation
+ * Copyright (C) 2020-2023 Intel Corporation
*/
#include <linux/netdevice.h>
@@ -142,7 +142,7 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
* group keys and only the AP is sending real multicast
* frames in the BSS.
*/
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_AP_RX_GROUPCAST;
}
if (status->flag & RX_FLAG_MMIC_ERROR)
@@ -150,10 +150,10 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
hdrlen = ieee80211_hdrlen(hdr->frame_control);
if (skb->len < hdrlen + MICHAEL_MIC_LEN)
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_SHORT_MMIC;
if (skb_linearize(rx->skb))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_OOM;
hdr = (void *)skb->data;
data = skb->data + hdrlen;
@@ -188,7 +188,7 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
NL80211_KEYTYPE_PAIRWISE,
rx->key ? rx->key->conf.keyidx : -1,
NULL, GFP_ATOMIC);
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_MMIC_FAIL;
}
static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
@@ -276,11 +276,11 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
return RX_CONTINUE;
if (!rx->sta || skb->len - hdrlen < 12)
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_SHORT_TKIP;
/* it may be possible to optimize this a bit more */
if (skb_linearize(rx->skb))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_OOM;
hdr = (void *)skb->data;
/*
@@ -298,7 +298,7 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
&rx->tkip.iv32,
&rx->tkip.iv16);
if (res != TKIP_DECRYPT_OK)
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_TKIP_FAIL;
/* Trim ICV */
if (!(status->flag & RX_FLAG_ICV_STRIPPED))
@@ -523,12 +523,12 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx,
if (status->flag & RX_FLAG_DECRYPTED) {
if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_CCMP_HDR_LEN))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_SHORT_CCMP;
if (status->flag & RX_FLAG_MIC_STRIPPED)
mic_len = 0;
} else {
if (skb_linearize(rx->skb))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_OOM;
}
/* reload hdr - skb might have been reallocated */
@@ -536,7 +536,7 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx,
data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN - mic_len;
if (!rx->sta || data_len < 0)
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_SHORT_CCMP;
if (!(status->flag & RX_FLAG_PN_VALIDATED)) {
int res;
@@ -574,7 +574,7 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx,
/* Remove CCMP header and MIC */
if (pskb_trim(skb, skb->len - mic_len))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_SHORT_CCMP_MIC;
memmove(skb->data + IEEE80211_CCMP_HDR_LEN, skb->data, hdrlen);
skb_pull(skb, IEEE80211_CCMP_HDR_LEN);
@@ -719,12 +719,12 @@ ieee80211_crypto_gcmp_decrypt(struct ieee80211_rx_data *rx)
if (status->flag & RX_FLAG_DECRYPTED) {
if (!pskb_may_pull(rx->skb, hdrlen + IEEE80211_GCMP_HDR_LEN))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_SHORT_GCMP;
if (status->flag & RX_FLAG_MIC_STRIPPED)
mic_len = 0;
} else {
if (skb_linearize(rx->skb))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_OOM;
}
/* reload hdr - skb might have been reallocated */
@@ -732,7 +732,7 @@ ieee80211_crypto_gcmp_decrypt(struct ieee80211_rx_data *rx)
data_len = skb->len - hdrlen - IEEE80211_GCMP_HDR_LEN - mic_len;
if (!rx->sta || data_len < 0)
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_SHORT_GCMP;
if (!(status->flag & RX_FLAG_PN_VALIDATED)) {
int res;
@@ -771,7 +771,7 @@ ieee80211_crypto_gcmp_decrypt(struct ieee80211_rx_data *rx)
/* Remove GCMP header and MIC */
if (pskb_trim(skb, skb->len - mic_len))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_SHORT_GCMP_MIC;
memmove(skb->data + IEEE80211_GCMP_HDR_LEN, skb->data, hdrlen);
skb_pull(skb, IEEE80211_GCMP_HDR_LEN);
@@ -924,7 +924,7 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
/* management frames are already linear */
if (skb->len < 24 + sizeof(*mmie))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_SHORT_CMAC;
mmie = (struct ieee80211_mmie *)
(skb->data + skb->len - sizeof(*mmie));
@@ -974,13 +974,13 @@ ieee80211_crypto_aes_cmac_256_decrypt(struct ieee80211_rx_data *rx)
/* management frames are already linear */
if (skb->len < 24 + sizeof(*mmie))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_SHORT_CMAC256;
mmie = (struct ieee80211_mmie_16 *)
(skb->data + skb->len - sizeof(*mmie));
if (mmie->element_id != WLAN_EID_MMIE ||
mmie->length != sizeof(*mmie) - 2)
- return RX_DROP_UNUSABLE; /* Invalid MMIE */
+ return RX_DROP_U_BAD_MMIE; /* Invalid MMIE */
bip_ipn_swap(ipn, mmie->sequence_number);
@@ -1073,7 +1073,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct ieee80211_rx_data *rx)
/* management frames are already linear */
if (skb->len < 24 + sizeof(*mmie))
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_SHORT_GMAC;
mmie = (struct ieee80211_mmie_16 *)
(skb->data + skb->len - sizeof(*mmie));
@@ -1097,7 +1097,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct ieee80211_rx_data *rx)
mic = kmalloc(GMAC_MIC_LEN, GFP_ATOMIC);
if (!mic)
- return RX_DROP_UNUSABLE;
+ return RX_DROP_U_OOM;
if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce,
skb->data + 24, skb->len - 24,
mic) < 0 ||
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/3] wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value
2023-09-25 15:25 [PATCH 1/3] wifi: mac80211: remove RX_DROP_UNUSABLE Johannes Berg
@ 2023-09-25 15:25 ` Johannes Berg
2023-09-25 15:25 ` [PATCH 3/3] wifi: mac80211: expand __ieee80211_data_to_8023() status Johannes Berg
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Johannes Berg @ 2023-09-25 15:25 UTC (permalink / raw)
To: linux-wireless; +Cc: Johannes Berg
From: Johannes Berg <johannes.berg@intel.com>
This has many different reasons, split the return value into
the individual reasons for better traceability. Also, since
symbolic tracing doesn't work for these, add a few comments
for the numbering.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
net/mac80211/drop.h | 9 +++++++++
net/mac80211/rx.c | 21 +++++++++------------
2 files changed, 18 insertions(+), 12 deletions(-)
diff --git a/net/mac80211/drop.h b/net/mac80211/drop.h
index 725a07a5b614..3acc21ae9c69 100644
--- a/net/mac80211/drop.h
+++ b/net/mac80211/drop.h
@@ -18,6 +18,7 @@ typedef unsigned int __bitwise ieee80211_rx_result;
/* this line for the trailing \ - add before this */
#define MAC80211_DROP_REASONS_UNUSABLE(R) \
+ /* 0x00 == ___RX_DROP_UNUSABLE */ \
R(RX_DROP_U_MIC_FAIL) \
R(RX_DROP_U_REPLAY) \
R(RX_DROP_U_BAD_MMIE) \
@@ -33,8 +34,15 @@ typedef unsigned int __bitwise ieee80211_rx_result;
R(RX_DROP_U_BAD_AMSDU) \
R(RX_DROP_U_BAD_AMSDU_CIPHER) \
R(RX_DROP_U_INVALID_8023) \
+ /* 0x10 */ \
R(RX_DROP_U_RUNT_ACTION) \
R(RX_DROP_U_UNPROT_ACTION) \
+ R(RX_DROP_U_UNPROT_DUAL) \
+ R(RX_DROP_U_UNPROT_UCAST_MGMT) \
+ R(RX_DROP_U_UNPROT_MCAST_MGMT) \
+ R(RX_DROP_U_UNPROT_BEACON) \
+ R(RX_DROP_U_UNPROT_UNICAST_PUB_ACTION) \
+ R(RX_DROP_U_UNPROT_ROBUST_ACTION) \
R(RX_DROP_U_ACTION_UNKNOWN_SRC) \
R(RX_DROP_U_REJECTED_ACTION_RESPONSE) \
R(RX_DROP_U_EXPECT_DEFRAG_PROT) \
@@ -43,6 +51,7 @@ typedef unsigned int __bitwise ieee80211_rx_result;
R(RX_DROP_U_NO_ICV) \
R(RX_DROP_U_AP_RX_GROUPCAST) \
R(RX_DROP_U_SHORT_MMIC) \
+ /* 0x20 */ \
R(RX_DROP_U_MMIC_FAIL) \
R(RX_DROP_U_SHORT_TKIP) \
R(RX_DROP_U_TKIP_FAIL) \
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 1851b86fc5fd..ff98681c70e3 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2416,12 +2416,12 @@ static int ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)
* decrypted them already.
*/
if (status->flag & RX_FLAG_DECRYPTED)
- return 0;
+ return RX_CONTINUE;
/* drop unicast protected dual (that wasn't protected) */
if (ieee80211_is_action(fc) &&
mgmt->u.action.category == WLAN_CATEGORY_PROTECTED_DUAL_OF_ACTION)
- return -EACCES;
+ return RX_DROP_U_UNPROT_DUAL;
if (rx->sta && test_sta_flag(rx->sta, WLAN_STA_MFP)) {
if (unlikely(!ieee80211_has_protected(fc) &&
@@ -2433,13 +2433,13 @@ static int ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)
* during 4-way-HS (key is installed after HS).
*/
if (!rx->key)
- return 0;
+ return RX_CONTINUE;
cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
rx->skb->data,
rx->skb->len);
}
- return -EACCES;
+ return RX_DROP_U_UNPROT_UCAST_MGMT;
}
/* BIP does not use Protected field, so need to check MMIE */
if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) &&
@@ -2449,14 +2449,14 @@ static int ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)
cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
rx->skb->data,
rx->skb->len);
- return -EACCES;
+ return RX_DROP_U_UNPROT_MCAST_MGMT;
}
if (unlikely(ieee80211_is_beacon(fc) && rx->key &&
ieee80211_get_mmie_keyidx(rx->skb) < 0)) {
cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
rx->skb->data,
rx->skb->len);
- return -EACCES;
+ return RX_DROP_U_UNPROT_BEACON;
}
/*
* When using MFP, Action frames are not allowed prior to
@@ -2464,13 +2464,13 @@ static int ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)
*/
if (unlikely(ieee80211_is_action(fc) && !rx->key &&
ieee80211_is_robust_mgmt_frame(rx->skb)))
- return -EACCES;
+ return RX_DROP_U_UNPROT_ACTION;
/* drop unicast public action frames when using MPF */
if (is_unicast_ether_addr(mgmt->da) &&
ieee80211_is_public_action((void *)rx->skb->data,
rx->skb->len))
- return -EACCES;
+ return RX_DROP_U_UNPROT_UNICAST_PUB_ACTION;
}
return 0;
@@ -3400,10 +3400,7 @@ ieee80211_rx_h_mgmt_check(struct ieee80211_rx_data *rx)
rx->flags |= IEEE80211_RX_BEACON_REPORTED;
}
- if (ieee80211_drop_unencrypted_mgmt(rx))
- return RX_DROP_U_UNPROT_ACTION;
-
- return RX_CONTINUE;
+ return ieee80211_drop_unencrypted_mgmt(rx);
}
static bool
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 3/3] wifi: mac80211: expand __ieee80211_data_to_8023() status
2023-09-25 15:25 [PATCH 1/3] wifi: mac80211: remove RX_DROP_UNUSABLE Johannes Berg
2023-09-25 15:25 ` [PATCH 2/3] wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value Johannes Berg
@ 2023-09-25 15:25 ` Johannes Berg
2023-09-26 17:32 ` [PATCH 1/3] wifi: mac80211: remove RX_DROP_UNUSABLE kernel test robot
2023-09-30 14:26 ` kernel test robot
3 siblings, 0 replies; 5+ messages in thread
From: Johannes Berg @ 2023-09-25 15:25 UTC (permalink / raw)
To: linux-wireless; +Cc: Johannes Berg
From: Johannes Berg <johannes.berg@intel.com>
Make __ieee80211_data_to_8023() return more individual drop
reasons instead of just doing RX_DROP_U_INVALID_8023.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
net/mac80211/drop.h | 4 ++++
net/mac80211/rx.c | 22 ++++++++++------------
2 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/net/mac80211/drop.h b/net/mac80211/drop.h
index 3acc21ae9c69..12a6f0e9eca6 100644
--- a/net/mac80211/drop.h
+++ b/net/mac80211/drop.h
@@ -62,6 +62,10 @@ typedef unsigned int __bitwise ieee80211_rx_result;
R(RX_DROP_U_SHORT_CMAC) \
R(RX_DROP_U_SHORT_CMAC256) \
R(RX_DROP_U_SHORT_GMAC) \
+ R(RX_DROP_U_UNEXPECTED_VLAN_4ADDR) \
+ R(RX_DROP_U_UNEXPECTED_STA_4ADDR) \
+ R(RX_DROP_U_UNEXPECTED_VLAN_MCAST) \
+ R(RX_DROP_U_NOT_PORT_CONTROL) \
/* this line for the trailing \ - add before this */
/* having two enums allows for checking ieee80211_rx_result use with sparse */
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index ff98681c70e3..fb2d4a7436be 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2476,7 +2476,7 @@ static int ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)
return 0;
}
-static int
+static ieee80211_rx_result
__ieee80211_data_to_8023(struct ieee80211_rx_data *rx, bool *port_control)
{
struct ieee80211_sub_if_data *sdata = rx->sdata;
@@ -2488,32 +2488,31 @@ __ieee80211_data_to_8023(struct ieee80211_rx_data *rx, bool *port_control)
*port_control = false;
if (ieee80211_has_a4(hdr->frame_control) &&
sdata->vif.type == NL80211_IFTYPE_AP_VLAN && !sdata->u.vlan.sta)
- return -1;
+ return RX_DROP_U_UNEXPECTED_VLAN_4ADDR;
if (sdata->vif.type == NL80211_IFTYPE_STATION &&
!!sdata->u.mgd.use_4addr != !!ieee80211_has_a4(hdr->frame_control)) {
-
if (!sdata->u.mgd.use_4addr)
- return -1;
+ return RX_DROP_U_UNEXPECTED_STA_4ADDR;
else if (!ether_addr_equal(hdr->addr1, sdata->vif.addr))
check_port_control = true;
}
if (is_multicast_ether_addr(hdr->addr1) &&
sdata->vif.type == NL80211_IFTYPE_AP_VLAN && sdata->u.vlan.sta)
- return -1;
+ return RX_DROP_U_UNEXPECTED_VLAN_MCAST;
ret = ieee80211_data_to_8023(rx->skb, sdata->vif.addr, sdata->vif.type);
if (ret < 0)
- return ret;
+ return RX_DROP_U_INVALID_8023;
ehdr = (struct ethhdr *) rx->skb->data;
if (ehdr->h_proto == rx->sdata->control_port_protocol)
*port_control = true;
else if (check_port_control)
- return -1;
+ return RX_DROP_U_NOT_PORT_CONTROL;
- return 0;
+ return RX_CONTINUE;
}
bool ieee80211_is_our_addr(struct ieee80211_sub_if_data *sdata,
@@ -3124,7 +3123,6 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
__le16 fc = hdr->frame_control;
ieee80211_rx_result res;
bool port_control;
- int err;
if (unlikely(!ieee80211_is_data(hdr->frame_control)))
return RX_CONTINUE;
@@ -3145,9 +3143,9 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
return RX_DROP_MONITOR;
}
- err = __ieee80211_data_to_8023(rx, &port_control);
- if (unlikely(err))
- return RX_DROP_U_INVALID_8023;
+ res = __ieee80211_data_to_8023(rx, &port_control);
+ if (unlikely(res != RX_CONTINUE))
+ return res;
res = ieee80211_rx_mesh_data(rx->sdata, rx->sta, rx->skb);
if (res != RX_CONTINUE)
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/3] wifi: mac80211: remove RX_DROP_UNUSABLE
2023-09-25 15:25 [PATCH 1/3] wifi: mac80211: remove RX_DROP_UNUSABLE Johannes Berg
2023-09-25 15:25 ` [PATCH 2/3] wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value Johannes Berg
2023-09-25 15:25 ` [PATCH 3/3] wifi: mac80211: expand __ieee80211_data_to_8023() status Johannes Berg
@ 2023-09-26 17:32 ` kernel test robot
2023-09-30 14:26 ` kernel test robot
3 siblings, 0 replies; 5+ messages in thread
From: kernel test robot @ 2023-09-26 17:32 UTC (permalink / raw)
To: Johannes Berg; +Cc: llvm, oe-kbuild-all
Hi Johannes,
kernel test robot noticed the following build errors:
[auto build test ERROR on wireless-next/main]
[also build test ERROR on wireless/main linus/master v6.6-rc3 next-20230926]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Johannes-Berg/wifi-mac80211-split-ieee80211_drop_unencrypted_mgmt-return-value/20230925-232650
base: https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git main
patch link: https://lore.kernel.org/r/20230925172508.bc62dfb8a129.I9d64271b6d375aa87c8cac82145823374800b246%40changeid
patch subject: [PATCH 1/3] wifi: mac80211: remove RX_DROP_UNUSABLE
config: x86_64-rhel-8.3-rust (https://download.01.org/0day-ci/archive/20230927/202309270112.pVe4Qml2-lkp@intel.com/config)
compiler: clang version 15.0.7 (https://github.com/llvm/llvm-project.git 8dfdcc7b7bf66834a761bd8de445840ef68e4d1a)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20230927/202309270112.pVe4Qml2-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202309270112.pVe4Qml2-lkp@intel.com/
All errors (new ones prefixed by >>):
>> net/mac80211/rx.c:2115:52: error: use of undeclared identifier 'RX_DROP_UNUSABLE'; did you mean '___RX_DROP_UNUSABLE'?
if (unlikely(ieee80211_is_beacon(fc) && (result & RX_DROP_UNUSABLE) &&
^~~~~~~~~~~~~~~~
___RX_DROP_UNUSABLE
include/linux/compiler.h:77:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
net/mac80211/drop.h:71:2: note: '___RX_DROP_UNUSABLE' declared here
___RX_DROP_UNUSABLE = SKB_DROP_REASON_SUBSYS_MAC80211_UNUSABLE <<
^
1 error generated.
vim +2115 net/mac80211/rx.c
af2d14b01c32d7 Jouni Malinen 2020-02-22 1878
86c228a7627f3f Johan Almbladh 2013-08-14 1879 static ieee80211_rx_result debug_noinline
86c228a7627f3f Johan Almbladh 2013-08-14 1880 ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
86c228a7627f3f Johan Almbladh 2013-08-14 1881 {
86c228a7627f3f Johan Almbladh 2013-08-14 1882 struct sk_buff *skb = rx->skb;
86c228a7627f3f Johan Almbladh 2013-08-14 1883 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
86c228a7627f3f Johan Almbladh 2013-08-14 1884 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
86c228a7627f3f Johan Almbladh 2013-08-14 1885 int keyidx;
b39c205d1ce048 Johannes Berg 2023-09-25 1886 ieee80211_rx_result result = RX_DROP_U_DECRYPT_FAIL;
86c228a7627f3f Johan Almbladh 2013-08-14 1887 struct ieee80211_key *sta_ptk = NULL;
96fc6efb9ad9d0 Alexander Wetzel 2019-03-19 1888 struct ieee80211_key *ptk_idx = NULL;
86c228a7627f3f Johan Almbladh 2013-08-14 1889 int mmie_keyidx = -1;
86c228a7627f3f Johan Almbladh 2013-08-14 1890 __le16 fc;
86c228a7627f3f Johan Almbladh 2013-08-14 1891
09a740ce352e1a Thomas Pedersen 2020-09-21 1892 if (ieee80211_is_ext(hdr->frame_control))
09a740ce352e1a Thomas Pedersen 2020-09-21 1893 return RX_CONTINUE;
09a740ce352e1a Thomas Pedersen 2020-09-21 1894
86c228a7627f3f Johan Almbladh 2013-08-14 1895 /*
86c228a7627f3f Johan Almbladh 2013-08-14 1896 * Key selection 101
86c228a7627f3f Johan Almbladh 2013-08-14 1897 *
af2d14b01c32d7 Jouni Malinen 2020-02-22 1898 * There are five types of keys:
86c228a7627f3f Johan Almbladh 2013-08-14 1899 * - GTK (group keys)
86c228a7627f3f Johan Almbladh 2013-08-14 1900 * - IGTK (group keys for management frames)
af2d14b01c32d7 Jouni Malinen 2020-02-22 1901 * - BIGTK (group keys for Beacon frames)
86c228a7627f3f Johan Almbladh 2013-08-14 1902 * - PTK (pairwise keys)
86c228a7627f3f Johan Almbladh 2013-08-14 1903 * - STK (station-to-station pairwise keys)
86c228a7627f3f Johan Almbladh 2013-08-14 1904 *
86c228a7627f3f Johan Almbladh 2013-08-14 1905 * When selecting a key, we have to distinguish between multicast
86c228a7627f3f Johan Almbladh 2013-08-14 1906 * (including broadcast) and unicast frames, the latter can only
af2d14b01c32d7 Jouni Malinen 2020-02-22 1907 * use PTKs and STKs while the former always use GTKs, IGTKs, and
af2d14b01c32d7 Jouni Malinen 2020-02-22 1908 * BIGTKs. Unless, of course, actual WEP keys ("pre-RSNA") are used,
af2d14b01c32d7 Jouni Malinen 2020-02-22 1909 * then unicast frames can also use key indices like GTKs. Hence, if we
86c228a7627f3f Johan Almbladh 2013-08-14 1910 * don't have a PTK/STK we check the key index for a WEP key.
86c228a7627f3f Johan Almbladh 2013-08-14 1911 *
86c228a7627f3f Johan Almbladh 2013-08-14 1912 * Note that in a regular BSS, multicast frames are sent by the
86c228a7627f3f Johan Almbladh 2013-08-14 1913 * AP only, associated stations unicast the frame to the AP first
86c228a7627f3f Johan Almbladh 2013-08-14 1914 * which then multicasts it on their behalf.
86c228a7627f3f Johan Almbladh 2013-08-14 1915 *
86c228a7627f3f Johan Almbladh 2013-08-14 1916 * There is also a slight problem in IBSS mode: GTKs are negotiated
86c228a7627f3f Johan Almbladh 2013-08-14 1917 * with each station, that is something we don't currently handle.
86c228a7627f3f Johan Almbladh 2013-08-14 1918 * The spec seems to expect that one negotiates the same key with
86c228a7627f3f Johan Almbladh 2013-08-14 1919 * every station but there's no such requirement; VLANs could be
86c228a7627f3f Johan Almbladh 2013-08-14 1920 * possible.
86c228a7627f3f Johan Almbladh 2013-08-14 1921 */
86c228a7627f3f Johan Almbladh 2013-08-14 1922
86c228a7627f3f Johan Almbladh 2013-08-14 1923 /* start without a key */
86c228a7627f3f Johan Almbladh 2013-08-14 1924 rx->key = NULL;
2475b1cc0d5283 Max Stepanov 2013-03-24 1925 fc = hdr->frame_control;
86c228a7627f3f Johan Almbladh 2013-08-14 1926
2475b1cc0d5283 Max Stepanov 2013-03-24 1927 if (rx->sta) {
2475b1cc0d5283 Max Stepanov 2013-03-24 1928 int keyid = rx->sta->ptk_idx;
96fc6efb9ad9d0 Alexander Wetzel 2019-03-19 1929 sta_ptk = rcu_dereference(rx->sta->ptk[keyid]);
86c228a7627f3f Johan Almbladh 2013-08-14 1930
77dfc2bc0bb4b8 Xing Song 2021-11-01 1931 if (ieee80211_has_protected(fc) &&
77dfc2bc0bb4b8 Xing Song 2021-11-01 1932 !(status->flag & RX_FLAG_IV_STRIPPED)) {
23a5f0af6ff431 Johannes Berg 2022-02-09 1933 keyid = ieee80211_get_keyid(rx->skb);
96fc6efb9ad9d0 Alexander Wetzel 2019-03-19 1934
2475b1cc0d5283 Max Stepanov 2013-03-24 1935 if (unlikely(keyid < 0))
b39c205d1ce048 Johannes Berg 2023-09-25 1936 return RX_DROP_U_NO_KEY_ID;
96fc6efb9ad9d0 Alexander Wetzel 2019-03-19 1937
96fc6efb9ad9d0 Alexander Wetzel 2019-03-19 1938 ptk_idx = rcu_dereference(rx->sta->ptk[keyid]);
2475b1cc0d5283 Max Stepanov 2013-03-24 1939 }
2475b1cc0d5283 Max Stepanov 2013-03-24 1940 }
86c228a7627f3f Johan Almbladh 2013-08-14 1941
86c228a7627f3f Johan Almbladh 2013-08-14 1942 if (!ieee80211_has_protected(fc))
86c228a7627f3f Johan Almbladh 2013-08-14 1943 mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb);
86c228a7627f3f Johan Almbladh 2013-08-14 1944
86c228a7627f3f Johan Almbladh 2013-08-14 1945 if (!is_multicast_ether_addr(hdr->addr1) && sta_ptk) {
96fc6efb9ad9d0 Alexander Wetzel 2019-03-19 1946 rx->key = ptk_idx ? ptk_idx : sta_ptk;
86c228a7627f3f Johan Almbladh 2013-08-14 1947 if ((status->flag & RX_FLAG_DECRYPTED) &&
86c228a7627f3f Johan Almbladh 2013-08-14 1948 (status->flag & RX_FLAG_IV_STRIPPED))
86c228a7627f3f Johan Almbladh 2013-08-14 1949 return RX_CONTINUE;
86c228a7627f3f Johan Almbladh 2013-08-14 1950 /* Skip decryption if the frame is not protected. */
86c228a7627f3f Johan Almbladh 2013-08-14 1951 if (!ieee80211_has_protected(fc))
86c228a7627f3f Johan Almbladh 2013-08-14 1952 return RX_CONTINUE;
af2d14b01c32d7 Jouni Malinen 2020-02-22 1953 } else if (mmie_keyidx >= 0 && ieee80211_is_beacon(fc)) {
af2d14b01c32d7 Jouni Malinen 2020-02-22 1954 /* Broadcast/multicast robust management frame / BIP */
af2d14b01c32d7 Jouni Malinen 2020-02-22 1955 if ((status->flag & RX_FLAG_DECRYPTED) &&
af2d14b01c32d7 Jouni Malinen 2020-02-22 1956 (status->flag & RX_FLAG_IV_STRIPPED))
af2d14b01c32d7 Jouni Malinen 2020-02-22 1957 return RX_CONTINUE;
af2d14b01c32d7 Jouni Malinen 2020-02-22 1958
af2d14b01c32d7 Jouni Malinen 2020-02-22 1959 if (mmie_keyidx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS ||
af2d14b01c32d7 Jouni Malinen 2020-02-22 1960 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
9eaf183af741e3 Jouni Malinen 2020-04-01 1961 NUM_DEFAULT_BEACON_KEYS) {
b2d03cabe2b2e1 Johannes Berg 2022-10-05 1962 if (rx->sdata->dev)
9eaf183af741e3 Jouni Malinen 2020-04-01 1963 cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
9eaf183af741e3 Jouni Malinen 2020-04-01 1964 skb->data,
9eaf183af741e3 Jouni Malinen 2020-04-01 1965 skb->len);
baa951a1c17718 Johannes Berg 2023-04-19 1966 return RX_DROP_M_BAD_BCN_KEYIDX;
9eaf183af741e3 Jouni Malinen 2020-04-01 1967 }
af2d14b01c32d7 Jouni Malinen 2020-02-22 1968
af2d14b01c32d7 Jouni Malinen 2020-02-22 1969 rx->key = ieee80211_rx_get_bigtk(rx, mmie_keyidx);
af2d14b01c32d7 Jouni Malinen 2020-02-22 1970 if (!rx->key)
af2d14b01c32d7 Jouni Malinen 2020-02-22 1971 return RX_CONTINUE; /* Beacon protection not in use */
86c228a7627f3f Johan Almbladh 2013-08-14 1972 } else if (mmie_keyidx >= 0) {
86c228a7627f3f Johan Almbladh 2013-08-14 1973 /* Broadcast/multicast robust management frame / BIP */
86c228a7627f3f Johan Almbladh 2013-08-14 1974 if ((status->flag & RX_FLAG_DECRYPTED) &&
86c228a7627f3f Johan Almbladh 2013-08-14 1975 (status->flag & RX_FLAG_IV_STRIPPED))
86c228a7627f3f Johan Almbladh 2013-08-14 1976 return RX_CONTINUE;
86c228a7627f3f Johan Almbladh 2013-08-14 1977
86c228a7627f3f Johan Almbladh 2013-08-14 1978 if (mmie_keyidx < NUM_DEFAULT_KEYS ||
86c228a7627f3f Johan Almbladh 2013-08-14 1979 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
baa951a1c17718 Johannes Berg 2023-04-19 1980 return RX_DROP_M_BAD_MGMT_KEYIDX; /* unexpected BIP keyidx */
ccdde7c74ffd7e Johannes Berg 2022-08-17 1981 if (rx->link_sta) {
46f6b06050b736 Masashi Honma 2016-06-22 1982 if (ieee80211_is_group_privacy_action(skb) &&
46f6b06050b736 Masashi Honma 2016-06-22 1983 test_sta_flag(rx->sta, WLAN_STA_MFP))
46f6b06050b736 Masashi Honma 2016-06-22 1984 return RX_DROP_MONITOR;
46f6b06050b736 Masashi Honma 2016-06-22 1985
ccdde7c74ffd7e Johannes Berg 2022-08-17 1986 rx->key = rcu_dereference(rx->link_sta->gtk[mmie_keyidx]);
46f6b06050b736 Masashi Honma 2016-06-22 1987 }
86c228a7627f3f Johan Almbladh 2013-08-14 1988 if (!rx->key)
ccdde7c74ffd7e Johannes Berg 2022-08-17 1989 rx->key = rcu_dereference(rx->link->gtk[mmie_keyidx]);
86c228a7627f3f Johan Almbladh 2013-08-14 1990 } else if (!ieee80211_has_protected(fc)) {
86c228a7627f3f Johan Almbladh 2013-08-14 1991 /*
86c228a7627f3f Johan Almbladh 2013-08-14 1992 * The frame was not protected, so skip decryption. However, we
86c228a7627f3f Johan Almbladh 2013-08-14 1993 * need to set rx->key if there is a key that could have been
86c228a7627f3f Johan Almbladh 2013-08-14 1994 * used so that the frame may be dropped if encryption would
86c228a7627f3f Johan Almbladh 2013-08-14 1995 * have been expected.
86c228a7627f3f Johan Almbladh 2013-08-14 1996 */
86c228a7627f3f Johan Almbladh 2013-08-14 1997 struct ieee80211_key *key = NULL;
86c228a7627f3f Johan Almbladh 2013-08-14 1998 int i;
86c228a7627f3f Johan Almbladh 2013-08-14 1999
af2d14b01c32d7 Jouni Malinen 2020-02-22 2000 if (ieee80211_is_beacon(fc)) {
af2d14b01c32d7 Jouni Malinen 2020-02-22 2001 key = ieee80211_rx_get_bigtk(rx, -1);
af2d14b01c32d7 Jouni Malinen 2020-02-22 2002 } else if (ieee80211_is_mgmt(fc) &&
af2d14b01c32d7 Jouni Malinen 2020-02-22 2003 is_multicast_ether_addr(hdr->addr1)) {
ccdde7c74ffd7e Johannes Berg 2022-08-17 2004 key = rcu_dereference(rx->link->default_mgmt_key);
af2d14b01c32d7 Jouni Malinen 2020-02-22 2005 } else {
ccdde7c74ffd7e Johannes Berg 2022-08-17 2006 if (rx->link_sta) {
86c228a7627f3f Johan Almbladh 2013-08-14 2007 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
ccdde7c74ffd7e Johannes Berg 2022-08-17 2008 key = rcu_dereference(rx->link_sta->gtk[i]);
86c228a7627f3f Johan Almbladh 2013-08-14 2009 if (key)
86c228a7627f3f Johan Almbladh 2013-08-14 2010 break;
86c228a7627f3f Johan Almbladh 2013-08-14 2011 }
86c228a7627f3f Johan Almbladh 2013-08-14 2012 }
86c228a7627f3f Johan Almbladh 2013-08-14 2013 if (!key) {
86c228a7627f3f Johan Almbladh 2013-08-14 2014 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
ccdde7c74ffd7e Johannes Berg 2022-08-17 2015 key = rcu_dereference(rx->link->gtk[i]);
86c228a7627f3f Johan Almbladh 2013-08-14 2016 if (key)
86c228a7627f3f Johan Almbladh 2013-08-14 2017 break;
86c228a7627f3f Johan Almbladh 2013-08-14 2018 }
86c228a7627f3f Johan Almbladh 2013-08-14 2019 }
af2d14b01c32d7 Jouni Malinen 2020-02-22 2020 }
86c228a7627f3f Johan Almbladh 2013-08-14 2021 if (key)
86c228a7627f3f Johan Almbladh 2013-08-14 2022 rx->key = key;
86c228a7627f3f Johan Almbladh 2013-08-14 2023 return RX_CONTINUE;
86c228a7627f3f Johan Almbladh 2013-08-14 2024 } else {
86c228a7627f3f Johan Almbladh 2013-08-14 2025 /*
86c228a7627f3f Johan Almbladh 2013-08-14 2026 * The device doesn't give us the IV so we won't be
86c228a7627f3f Johan Almbladh 2013-08-14 2027 * able to look up the key. That's ok though, we
86c228a7627f3f Johan Almbladh 2013-08-14 2028 * don't need to decrypt the frame, we just won't
86c228a7627f3f Johan Almbladh 2013-08-14 2029 * be able to keep statistics accurate.
86c228a7627f3f Johan Almbladh 2013-08-14 2030 * Except for key threshold notifications, should
86c228a7627f3f Johan Almbladh 2013-08-14 2031 * we somehow allow the driver to tell us which key
86c228a7627f3f Johan Almbladh 2013-08-14 2032 * the hardware used if this flag is set?
86c228a7627f3f Johan Almbladh 2013-08-14 2033 */
86c228a7627f3f Johan Almbladh 2013-08-14 2034 if ((status->flag & RX_FLAG_DECRYPTED) &&
86c228a7627f3f Johan Almbladh 2013-08-14 2035 (status->flag & RX_FLAG_IV_STRIPPED))
86c228a7627f3f Johan Almbladh 2013-08-14 2036 return RX_CONTINUE;
86c228a7627f3f Johan Almbladh 2013-08-14 2037
23a5f0af6ff431 Johannes Berg 2022-02-09 2038 keyidx = ieee80211_get_keyid(rx->skb);
2475b1cc0d5283 Max Stepanov 2013-03-24 2039
2475b1cc0d5283 Max Stepanov 2013-03-24 2040 if (unlikely(keyidx < 0))
b39c205d1ce048 Johannes Berg 2023-09-25 2041 return RX_DROP_U_NO_KEY_ID;
86c228a7627f3f Johan Almbladh 2013-08-14 2042
86c228a7627f3f Johan Almbladh 2013-08-14 2043 /* check per-station GTK first, if multicast packet */
ccdde7c74ffd7e Johannes Berg 2022-08-17 2044 if (is_multicast_ether_addr(hdr->addr1) && rx->link_sta)
ccdde7c74ffd7e Johannes Berg 2022-08-17 2045 rx->key = rcu_dereference(rx->link_sta->gtk[keyidx]);
86c228a7627f3f Johan Almbladh 2013-08-14 2046
86c228a7627f3f Johan Almbladh 2013-08-14 2047 /* if not found, try default key */
86c228a7627f3f Johan Almbladh 2013-08-14 2048 if (!rx->key) {
bfd8403adddd09 Johannes Berg 2022-05-16 2049 if (is_multicast_ether_addr(hdr->addr1))
ccdde7c74ffd7e Johannes Berg 2022-08-17 2050 rx->key = rcu_dereference(rx->link->gtk[keyidx]);
bfd8403adddd09 Johannes Berg 2022-05-16 2051 if (!rx->key)
86c228a7627f3f Johan Almbladh 2013-08-14 2052 rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
86c228a7627f3f Johan Almbladh 2013-08-14 2053
86c228a7627f3f Johan Almbladh 2013-08-14 2054 /*
86c228a7627f3f Johan Almbladh 2013-08-14 2055 * RSNA-protected unicast frames should always be
86c228a7627f3f Johan Almbladh 2013-08-14 2056 * sent with pairwise or station-to-station keys,
86c228a7627f3f Johan Almbladh 2013-08-14 2057 * but for WEP we allow using a key index as well.
86c228a7627f3f Johan Almbladh 2013-08-14 2058 */
86c228a7627f3f Johan Almbladh 2013-08-14 2059 if (rx->key &&
86c228a7627f3f Johan Almbladh 2013-08-14 2060 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP40 &&
86c228a7627f3f Johan Almbladh 2013-08-14 2061 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP104 &&
86c228a7627f3f Johan Almbladh 2013-08-14 2062 !is_multicast_ether_addr(hdr->addr1))
86c228a7627f3f Johan Almbladh 2013-08-14 2063 rx->key = NULL;
86c228a7627f3f Johan Almbladh 2013-08-14 2064 }
86c228a7627f3f Johan Almbladh 2013-08-14 2065 }
86c228a7627f3f Johan Almbladh 2013-08-14 2066
86c228a7627f3f Johan Almbladh 2013-08-14 2067 if (rx->key) {
86c228a7627f3f Johan Almbladh 2013-08-14 2068 if (unlikely(rx->key->flags & KEY_FLAG_TAINTED))
86c228a7627f3f Johan Almbladh 2013-08-14 2069 return RX_DROP_MONITOR;
86c228a7627f3f Johan Almbladh 2013-08-14 2070
86c228a7627f3f Johan Almbladh 2013-08-14 2071 /* TODO: add threshold stuff again */
86c228a7627f3f Johan Almbladh 2013-08-14 2072 } else {
86c228a7627f3f Johan Almbladh 2013-08-14 2073 return RX_DROP_MONITOR;
86c228a7627f3f Johan Almbladh 2013-08-14 2074 }
86c228a7627f3f Johan Almbladh 2013-08-14 2075
86c228a7627f3f Johan Almbladh 2013-08-14 2076 switch (rx->key->conf.cipher) {
86c228a7627f3f Johan Almbladh 2013-08-14 2077 case WLAN_CIPHER_SUITE_WEP40:
86c228a7627f3f Johan Almbladh 2013-08-14 2078 case WLAN_CIPHER_SUITE_WEP104:
86c228a7627f3f Johan Almbladh 2013-08-14 2079 result = ieee80211_crypto_wep_decrypt(rx);
86c228a7627f3f Johan Almbladh 2013-08-14 2080 break;
86c228a7627f3f Johan Almbladh 2013-08-14 2081 case WLAN_CIPHER_SUITE_TKIP:
86c228a7627f3f Johan Almbladh 2013-08-14 2082 result = ieee80211_crypto_tkip_decrypt(rx);
86c228a7627f3f Johan Almbladh 2013-08-14 2083 break;
86c228a7627f3f Johan Almbladh 2013-08-14 2084 case WLAN_CIPHER_SUITE_CCMP:
2b2ba0db1c820d Jouni Malinen 2015-01-24 2085 result = ieee80211_crypto_ccmp_decrypt(
2b2ba0db1c820d Jouni Malinen 2015-01-24 2086 rx, IEEE80211_CCMP_MIC_LEN);
2b2ba0db1c820d Jouni Malinen 2015-01-24 2087 break;
2b2ba0db1c820d Jouni Malinen 2015-01-24 2088 case WLAN_CIPHER_SUITE_CCMP_256:
2b2ba0db1c820d Jouni Malinen 2015-01-24 2089 result = ieee80211_crypto_ccmp_decrypt(
2b2ba0db1c820d Jouni Malinen 2015-01-24 2090 rx, IEEE80211_CCMP_256_MIC_LEN);
86c228a7627f3f Johan Almbladh 2013-08-14 2091 break;
86c228a7627f3f Johan Almbladh 2013-08-14 2092 case WLAN_CIPHER_SUITE_AES_CMAC:
86c228a7627f3f Johan Almbladh 2013-08-14 2093 result = ieee80211_crypto_aes_cmac_decrypt(rx);
86c228a7627f3f Johan Almbladh 2013-08-14 2094 break;
56c52da2d554f0 Jouni Malinen 2015-01-24 2095 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
56c52da2d554f0 Jouni Malinen 2015-01-24 2096 result = ieee80211_crypto_aes_cmac_256_decrypt(rx);
56c52da2d554f0 Jouni Malinen 2015-01-24 2097 break;
8ade538bf39b1e Jouni Malinen 2015-01-24 2098 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
8ade538bf39b1e Jouni Malinen 2015-01-24 2099 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
8ade538bf39b1e Jouni Malinen 2015-01-24 2100 result = ieee80211_crypto_aes_gmac_decrypt(rx);
8ade538bf39b1e Jouni Malinen 2015-01-24 2101 break;
00b9cfa3ff3840 Jouni Malinen 2015-01-24 2102 case WLAN_CIPHER_SUITE_GCMP:
00b9cfa3ff3840 Jouni Malinen 2015-01-24 2103 case WLAN_CIPHER_SUITE_GCMP_256:
00b9cfa3ff3840 Jouni Malinen 2015-01-24 2104 result = ieee80211_crypto_gcmp_decrypt(rx);
00b9cfa3ff3840 Jouni Malinen 2015-01-24 2105 break;
86c228a7627f3f Johan Almbladh 2013-08-14 2106 default:
b39c205d1ce048 Johannes Berg 2023-09-25 2107 result = RX_DROP_U_BAD_CIPHER;
86c228a7627f3f Johan Almbladh 2013-08-14 2108 }
86c228a7627f3f Johan Almbladh 2013-08-14 2109
86c228a7627f3f Johan Almbladh 2013-08-14 2110 /* the hdr variable is invalid after the decrypt handlers */
86c228a7627f3f Johan Almbladh 2013-08-14 2111
86c228a7627f3f Johan Almbladh 2013-08-14 2112 /* either the frame has been decrypted or will be dropped */
86c228a7627f3f Johan Almbladh 2013-08-14 2113 status->flag |= RX_FLAG_DECRYPTED;
86c228a7627f3f Johan Almbladh 2013-08-14 2114
7f4e09700bdc13 Benjamin Berg 2023-06-21 @2115 if (unlikely(ieee80211_is_beacon(fc) && (result & RX_DROP_UNUSABLE) &&
b2d03cabe2b2e1 Johannes Berg 2022-10-05 2116 rx->sdata->dev))
9eaf183af741e3 Jouni Malinen 2020-04-01 2117 cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
9eaf183af741e3 Jouni Malinen 2020-04-01 2118 skb->data, skb->len);
9eaf183af741e3 Jouni Malinen 2020-04-01 2119
86c228a7627f3f Johan Almbladh 2013-08-14 2120 return result;
86c228a7627f3f Johan Almbladh 2013-08-14 2121 }
86c228a7627f3f Johan Almbladh 2013-08-14 2122
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/3] wifi: mac80211: remove RX_DROP_UNUSABLE
2023-09-25 15:25 [PATCH 1/3] wifi: mac80211: remove RX_DROP_UNUSABLE Johannes Berg
` (2 preceding siblings ...)
2023-09-26 17:32 ` [PATCH 1/3] wifi: mac80211: remove RX_DROP_UNUSABLE kernel test robot
@ 2023-09-30 14:26 ` kernel test robot
3 siblings, 0 replies; 5+ messages in thread
From: kernel test robot @ 2023-09-30 14:26 UTC (permalink / raw)
To: Johannes Berg; +Cc: oe-kbuild-all
Hi Johannes,
kernel test robot noticed the following build errors:
[auto build test ERROR on wireless-next/main]
[also build test ERROR on wireless/main linus/master v6.6-rc3]
[cannot apply to next-20230929]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Johannes-Berg/wifi-mac80211-split-ieee80211_drop_unencrypted_mgmt-return-value/20230925-232650
base: https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git main
patch link: https://lore.kernel.org/r/20230925172508.bc62dfb8a129.I9d64271b6d375aa87c8cac82145823374800b246%40changeid
patch subject: [PATCH 1/3] wifi: mac80211: remove RX_DROP_UNUSABLE
config: mips-gcw0_defconfig (https://download.01.org/0day-ci/archive/20230930/202309302205.AsjsdY7T-lkp@intel.com/config)
compiler: mipsel-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20230930/202309302205.AsjsdY7T-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202309302205.AsjsdY7T-lkp@intel.com/
All errors (new ones prefixed by >>):
In file included from include/asm-generic/div64.h:27,
from arch/mips/include/asm/div64.h:89,
from include/linux/math.h:6,
from include/linux/math64.h:6,
from include/linux/jiffies.h:7,
from net/mac80211/rx.c:12:
net/mac80211/rx.c: In function 'ieee80211_rx_h_decrypt':
>> net/mac80211/rx.c:2115:59: error: 'RX_DROP_UNUSABLE' undeclared (first use in this function)
2115 | if (unlikely(ieee80211_is_beacon(fc) && (result & RX_DROP_UNUSABLE) &&
| ^~~~~~~~~~~~~~~~
include/linux/compiler.h:77:45: note: in definition of macro 'unlikely'
77 | # define unlikely(x) __builtin_expect(!!(x), 0)
| ^
net/mac80211/rx.c:2115:59: note: each undeclared identifier is reported only once for each function it appears in
2115 | if (unlikely(ieee80211_is_beacon(fc) && (result & RX_DROP_UNUSABLE) &&
| ^~~~~~~~~~~~~~~~
include/linux/compiler.h:77:45: note: in definition of macro 'unlikely'
77 | # define unlikely(x) __builtin_expect(!!(x), 0)
| ^
vim +/RX_DROP_UNUSABLE +2115 net/mac80211/rx.c
af2d14b01c32d7 Jouni Malinen 2020-02-22 1878
86c228a7627f3f Johan Almbladh 2013-08-14 1879 static ieee80211_rx_result debug_noinline
86c228a7627f3f Johan Almbladh 2013-08-14 1880 ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
86c228a7627f3f Johan Almbladh 2013-08-14 1881 {
86c228a7627f3f Johan Almbladh 2013-08-14 1882 struct sk_buff *skb = rx->skb;
86c228a7627f3f Johan Almbladh 2013-08-14 1883 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
86c228a7627f3f Johan Almbladh 2013-08-14 1884 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
86c228a7627f3f Johan Almbladh 2013-08-14 1885 int keyidx;
b39c205d1ce048 Johannes Berg 2023-09-25 1886 ieee80211_rx_result result = RX_DROP_U_DECRYPT_FAIL;
86c228a7627f3f Johan Almbladh 2013-08-14 1887 struct ieee80211_key *sta_ptk = NULL;
96fc6efb9ad9d0 Alexander Wetzel 2019-03-19 1888 struct ieee80211_key *ptk_idx = NULL;
86c228a7627f3f Johan Almbladh 2013-08-14 1889 int mmie_keyidx = -1;
86c228a7627f3f Johan Almbladh 2013-08-14 1890 __le16 fc;
86c228a7627f3f Johan Almbladh 2013-08-14 1891
09a740ce352e1a Thomas Pedersen 2020-09-21 1892 if (ieee80211_is_ext(hdr->frame_control))
09a740ce352e1a Thomas Pedersen 2020-09-21 1893 return RX_CONTINUE;
09a740ce352e1a Thomas Pedersen 2020-09-21 1894
86c228a7627f3f Johan Almbladh 2013-08-14 1895 /*
86c228a7627f3f Johan Almbladh 2013-08-14 1896 * Key selection 101
86c228a7627f3f Johan Almbladh 2013-08-14 1897 *
af2d14b01c32d7 Jouni Malinen 2020-02-22 1898 * There are five types of keys:
86c228a7627f3f Johan Almbladh 2013-08-14 1899 * - GTK (group keys)
86c228a7627f3f Johan Almbladh 2013-08-14 1900 * - IGTK (group keys for management frames)
af2d14b01c32d7 Jouni Malinen 2020-02-22 1901 * - BIGTK (group keys for Beacon frames)
86c228a7627f3f Johan Almbladh 2013-08-14 1902 * - PTK (pairwise keys)
86c228a7627f3f Johan Almbladh 2013-08-14 1903 * - STK (station-to-station pairwise keys)
86c228a7627f3f Johan Almbladh 2013-08-14 1904 *
86c228a7627f3f Johan Almbladh 2013-08-14 1905 * When selecting a key, we have to distinguish between multicast
86c228a7627f3f Johan Almbladh 2013-08-14 1906 * (including broadcast) and unicast frames, the latter can only
af2d14b01c32d7 Jouni Malinen 2020-02-22 1907 * use PTKs and STKs while the former always use GTKs, IGTKs, and
af2d14b01c32d7 Jouni Malinen 2020-02-22 1908 * BIGTKs. Unless, of course, actual WEP keys ("pre-RSNA") are used,
af2d14b01c32d7 Jouni Malinen 2020-02-22 1909 * then unicast frames can also use key indices like GTKs. Hence, if we
86c228a7627f3f Johan Almbladh 2013-08-14 1910 * don't have a PTK/STK we check the key index for a WEP key.
86c228a7627f3f Johan Almbladh 2013-08-14 1911 *
86c228a7627f3f Johan Almbladh 2013-08-14 1912 * Note that in a regular BSS, multicast frames are sent by the
86c228a7627f3f Johan Almbladh 2013-08-14 1913 * AP only, associated stations unicast the frame to the AP first
86c228a7627f3f Johan Almbladh 2013-08-14 1914 * which then multicasts it on their behalf.
86c228a7627f3f Johan Almbladh 2013-08-14 1915 *
86c228a7627f3f Johan Almbladh 2013-08-14 1916 * There is also a slight problem in IBSS mode: GTKs are negotiated
86c228a7627f3f Johan Almbladh 2013-08-14 1917 * with each station, that is something we don't currently handle.
86c228a7627f3f Johan Almbladh 2013-08-14 1918 * The spec seems to expect that one negotiates the same key with
86c228a7627f3f Johan Almbladh 2013-08-14 1919 * every station but there's no such requirement; VLANs could be
86c228a7627f3f Johan Almbladh 2013-08-14 1920 * possible.
86c228a7627f3f Johan Almbladh 2013-08-14 1921 */
86c228a7627f3f Johan Almbladh 2013-08-14 1922
86c228a7627f3f Johan Almbladh 2013-08-14 1923 /* start without a key */
86c228a7627f3f Johan Almbladh 2013-08-14 1924 rx->key = NULL;
2475b1cc0d5283 Max Stepanov 2013-03-24 1925 fc = hdr->frame_control;
86c228a7627f3f Johan Almbladh 2013-08-14 1926
2475b1cc0d5283 Max Stepanov 2013-03-24 1927 if (rx->sta) {
2475b1cc0d5283 Max Stepanov 2013-03-24 1928 int keyid = rx->sta->ptk_idx;
96fc6efb9ad9d0 Alexander Wetzel 2019-03-19 1929 sta_ptk = rcu_dereference(rx->sta->ptk[keyid]);
86c228a7627f3f Johan Almbladh 2013-08-14 1930
77dfc2bc0bb4b8 Xing Song 2021-11-01 1931 if (ieee80211_has_protected(fc) &&
77dfc2bc0bb4b8 Xing Song 2021-11-01 1932 !(status->flag & RX_FLAG_IV_STRIPPED)) {
23a5f0af6ff431 Johannes Berg 2022-02-09 1933 keyid = ieee80211_get_keyid(rx->skb);
96fc6efb9ad9d0 Alexander Wetzel 2019-03-19 1934
2475b1cc0d5283 Max Stepanov 2013-03-24 1935 if (unlikely(keyid < 0))
b39c205d1ce048 Johannes Berg 2023-09-25 1936 return RX_DROP_U_NO_KEY_ID;
96fc6efb9ad9d0 Alexander Wetzel 2019-03-19 1937
96fc6efb9ad9d0 Alexander Wetzel 2019-03-19 1938 ptk_idx = rcu_dereference(rx->sta->ptk[keyid]);
2475b1cc0d5283 Max Stepanov 2013-03-24 1939 }
2475b1cc0d5283 Max Stepanov 2013-03-24 1940 }
86c228a7627f3f Johan Almbladh 2013-08-14 1941
86c228a7627f3f Johan Almbladh 2013-08-14 1942 if (!ieee80211_has_protected(fc))
86c228a7627f3f Johan Almbladh 2013-08-14 1943 mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb);
86c228a7627f3f Johan Almbladh 2013-08-14 1944
86c228a7627f3f Johan Almbladh 2013-08-14 1945 if (!is_multicast_ether_addr(hdr->addr1) && sta_ptk) {
96fc6efb9ad9d0 Alexander Wetzel 2019-03-19 1946 rx->key = ptk_idx ? ptk_idx : sta_ptk;
86c228a7627f3f Johan Almbladh 2013-08-14 1947 if ((status->flag & RX_FLAG_DECRYPTED) &&
86c228a7627f3f Johan Almbladh 2013-08-14 1948 (status->flag & RX_FLAG_IV_STRIPPED))
86c228a7627f3f Johan Almbladh 2013-08-14 1949 return RX_CONTINUE;
86c228a7627f3f Johan Almbladh 2013-08-14 1950 /* Skip decryption if the frame is not protected. */
86c228a7627f3f Johan Almbladh 2013-08-14 1951 if (!ieee80211_has_protected(fc))
86c228a7627f3f Johan Almbladh 2013-08-14 1952 return RX_CONTINUE;
af2d14b01c32d7 Jouni Malinen 2020-02-22 1953 } else if (mmie_keyidx >= 0 && ieee80211_is_beacon(fc)) {
af2d14b01c32d7 Jouni Malinen 2020-02-22 1954 /* Broadcast/multicast robust management frame / BIP */
af2d14b01c32d7 Jouni Malinen 2020-02-22 1955 if ((status->flag & RX_FLAG_DECRYPTED) &&
af2d14b01c32d7 Jouni Malinen 2020-02-22 1956 (status->flag & RX_FLAG_IV_STRIPPED))
af2d14b01c32d7 Jouni Malinen 2020-02-22 1957 return RX_CONTINUE;
af2d14b01c32d7 Jouni Malinen 2020-02-22 1958
af2d14b01c32d7 Jouni Malinen 2020-02-22 1959 if (mmie_keyidx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS ||
af2d14b01c32d7 Jouni Malinen 2020-02-22 1960 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
9eaf183af741e3 Jouni Malinen 2020-04-01 1961 NUM_DEFAULT_BEACON_KEYS) {
b2d03cabe2b2e1 Johannes Berg 2022-10-05 1962 if (rx->sdata->dev)
9eaf183af741e3 Jouni Malinen 2020-04-01 1963 cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
9eaf183af741e3 Jouni Malinen 2020-04-01 1964 skb->data,
9eaf183af741e3 Jouni Malinen 2020-04-01 1965 skb->len);
baa951a1c17718 Johannes Berg 2023-04-19 1966 return RX_DROP_M_BAD_BCN_KEYIDX;
9eaf183af741e3 Jouni Malinen 2020-04-01 1967 }
af2d14b01c32d7 Jouni Malinen 2020-02-22 1968
af2d14b01c32d7 Jouni Malinen 2020-02-22 1969 rx->key = ieee80211_rx_get_bigtk(rx, mmie_keyidx);
af2d14b01c32d7 Jouni Malinen 2020-02-22 1970 if (!rx->key)
af2d14b01c32d7 Jouni Malinen 2020-02-22 1971 return RX_CONTINUE; /* Beacon protection not in use */
86c228a7627f3f Johan Almbladh 2013-08-14 1972 } else if (mmie_keyidx >= 0) {
86c228a7627f3f Johan Almbladh 2013-08-14 1973 /* Broadcast/multicast robust management frame / BIP */
86c228a7627f3f Johan Almbladh 2013-08-14 1974 if ((status->flag & RX_FLAG_DECRYPTED) &&
86c228a7627f3f Johan Almbladh 2013-08-14 1975 (status->flag & RX_FLAG_IV_STRIPPED))
86c228a7627f3f Johan Almbladh 2013-08-14 1976 return RX_CONTINUE;
86c228a7627f3f Johan Almbladh 2013-08-14 1977
86c228a7627f3f Johan Almbladh 2013-08-14 1978 if (mmie_keyidx < NUM_DEFAULT_KEYS ||
86c228a7627f3f Johan Almbladh 2013-08-14 1979 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
baa951a1c17718 Johannes Berg 2023-04-19 1980 return RX_DROP_M_BAD_MGMT_KEYIDX; /* unexpected BIP keyidx */
ccdde7c74ffd7e Johannes Berg 2022-08-17 1981 if (rx->link_sta) {
46f6b06050b736 Masashi Honma 2016-06-22 1982 if (ieee80211_is_group_privacy_action(skb) &&
46f6b06050b736 Masashi Honma 2016-06-22 1983 test_sta_flag(rx->sta, WLAN_STA_MFP))
46f6b06050b736 Masashi Honma 2016-06-22 1984 return RX_DROP_MONITOR;
46f6b06050b736 Masashi Honma 2016-06-22 1985
ccdde7c74ffd7e Johannes Berg 2022-08-17 1986 rx->key = rcu_dereference(rx->link_sta->gtk[mmie_keyidx]);
46f6b06050b736 Masashi Honma 2016-06-22 1987 }
86c228a7627f3f Johan Almbladh 2013-08-14 1988 if (!rx->key)
ccdde7c74ffd7e Johannes Berg 2022-08-17 1989 rx->key = rcu_dereference(rx->link->gtk[mmie_keyidx]);
86c228a7627f3f Johan Almbladh 2013-08-14 1990 } else if (!ieee80211_has_protected(fc)) {
86c228a7627f3f Johan Almbladh 2013-08-14 1991 /*
86c228a7627f3f Johan Almbladh 2013-08-14 1992 * The frame was not protected, so skip decryption. However, we
86c228a7627f3f Johan Almbladh 2013-08-14 1993 * need to set rx->key if there is a key that could have been
86c228a7627f3f Johan Almbladh 2013-08-14 1994 * used so that the frame may be dropped if encryption would
86c228a7627f3f Johan Almbladh 2013-08-14 1995 * have been expected.
86c228a7627f3f Johan Almbladh 2013-08-14 1996 */
86c228a7627f3f Johan Almbladh 2013-08-14 1997 struct ieee80211_key *key = NULL;
86c228a7627f3f Johan Almbladh 2013-08-14 1998 int i;
86c228a7627f3f Johan Almbladh 2013-08-14 1999
af2d14b01c32d7 Jouni Malinen 2020-02-22 2000 if (ieee80211_is_beacon(fc)) {
af2d14b01c32d7 Jouni Malinen 2020-02-22 2001 key = ieee80211_rx_get_bigtk(rx, -1);
af2d14b01c32d7 Jouni Malinen 2020-02-22 2002 } else if (ieee80211_is_mgmt(fc) &&
af2d14b01c32d7 Jouni Malinen 2020-02-22 2003 is_multicast_ether_addr(hdr->addr1)) {
ccdde7c74ffd7e Johannes Berg 2022-08-17 2004 key = rcu_dereference(rx->link->default_mgmt_key);
af2d14b01c32d7 Jouni Malinen 2020-02-22 2005 } else {
ccdde7c74ffd7e Johannes Berg 2022-08-17 2006 if (rx->link_sta) {
86c228a7627f3f Johan Almbladh 2013-08-14 2007 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
ccdde7c74ffd7e Johannes Berg 2022-08-17 2008 key = rcu_dereference(rx->link_sta->gtk[i]);
86c228a7627f3f Johan Almbladh 2013-08-14 2009 if (key)
86c228a7627f3f Johan Almbladh 2013-08-14 2010 break;
86c228a7627f3f Johan Almbladh 2013-08-14 2011 }
86c228a7627f3f Johan Almbladh 2013-08-14 2012 }
86c228a7627f3f Johan Almbladh 2013-08-14 2013 if (!key) {
86c228a7627f3f Johan Almbladh 2013-08-14 2014 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
ccdde7c74ffd7e Johannes Berg 2022-08-17 2015 key = rcu_dereference(rx->link->gtk[i]);
86c228a7627f3f Johan Almbladh 2013-08-14 2016 if (key)
86c228a7627f3f Johan Almbladh 2013-08-14 2017 break;
86c228a7627f3f Johan Almbladh 2013-08-14 2018 }
86c228a7627f3f Johan Almbladh 2013-08-14 2019 }
af2d14b01c32d7 Jouni Malinen 2020-02-22 2020 }
86c228a7627f3f Johan Almbladh 2013-08-14 2021 if (key)
86c228a7627f3f Johan Almbladh 2013-08-14 2022 rx->key = key;
86c228a7627f3f Johan Almbladh 2013-08-14 2023 return RX_CONTINUE;
86c228a7627f3f Johan Almbladh 2013-08-14 2024 } else {
86c228a7627f3f Johan Almbladh 2013-08-14 2025 /*
86c228a7627f3f Johan Almbladh 2013-08-14 2026 * The device doesn't give us the IV so we won't be
86c228a7627f3f Johan Almbladh 2013-08-14 2027 * able to look up the key. That's ok though, we
86c228a7627f3f Johan Almbladh 2013-08-14 2028 * don't need to decrypt the frame, we just won't
86c228a7627f3f Johan Almbladh 2013-08-14 2029 * be able to keep statistics accurate.
86c228a7627f3f Johan Almbladh 2013-08-14 2030 * Except for key threshold notifications, should
86c228a7627f3f Johan Almbladh 2013-08-14 2031 * we somehow allow the driver to tell us which key
86c228a7627f3f Johan Almbladh 2013-08-14 2032 * the hardware used if this flag is set?
86c228a7627f3f Johan Almbladh 2013-08-14 2033 */
86c228a7627f3f Johan Almbladh 2013-08-14 2034 if ((status->flag & RX_FLAG_DECRYPTED) &&
86c228a7627f3f Johan Almbladh 2013-08-14 2035 (status->flag & RX_FLAG_IV_STRIPPED))
86c228a7627f3f Johan Almbladh 2013-08-14 2036 return RX_CONTINUE;
86c228a7627f3f Johan Almbladh 2013-08-14 2037
23a5f0af6ff431 Johannes Berg 2022-02-09 2038 keyidx = ieee80211_get_keyid(rx->skb);
2475b1cc0d5283 Max Stepanov 2013-03-24 2039
2475b1cc0d5283 Max Stepanov 2013-03-24 2040 if (unlikely(keyidx < 0))
b39c205d1ce048 Johannes Berg 2023-09-25 2041 return RX_DROP_U_NO_KEY_ID;
86c228a7627f3f Johan Almbladh 2013-08-14 2042
86c228a7627f3f Johan Almbladh 2013-08-14 2043 /* check per-station GTK first, if multicast packet */
ccdde7c74ffd7e Johannes Berg 2022-08-17 2044 if (is_multicast_ether_addr(hdr->addr1) && rx->link_sta)
ccdde7c74ffd7e Johannes Berg 2022-08-17 2045 rx->key = rcu_dereference(rx->link_sta->gtk[keyidx]);
86c228a7627f3f Johan Almbladh 2013-08-14 2046
86c228a7627f3f Johan Almbladh 2013-08-14 2047 /* if not found, try default key */
86c228a7627f3f Johan Almbladh 2013-08-14 2048 if (!rx->key) {
bfd8403adddd09 Johannes Berg 2022-05-16 2049 if (is_multicast_ether_addr(hdr->addr1))
ccdde7c74ffd7e Johannes Berg 2022-08-17 2050 rx->key = rcu_dereference(rx->link->gtk[keyidx]);
bfd8403adddd09 Johannes Berg 2022-05-16 2051 if (!rx->key)
86c228a7627f3f Johan Almbladh 2013-08-14 2052 rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
86c228a7627f3f Johan Almbladh 2013-08-14 2053
86c228a7627f3f Johan Almbladh 2013-08-14 2054 /*
86c228a7627f3f Johan Almbladh 2013-08-14 2055 * RSNA-protected unicast frames should always be
86c228a7627f3f Johan Almbladh 2013-08-14 2056 * sent with pairwise or station-to-station keys,
86c228a7627f3f Johan Almbladh 2013-08-14 2057 * but for WEP we allow using a key index as well.
86c228a7627f3f Johan Almbladh 2013-08-14 2058 */
86c228a7627f3f Johan Almbladh 2013-08-14 2059 if (rx->key &&
86c228a7627f3f Johan Almbladh 2013-08-14 2060 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP40 &&
86c228a7627f3f Johan Almbladh 2013-08-14 2061 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP104 &&
86c228a7627f3f Johan Almbladh 2013-08-14 2062 !is_multicast_ether_addr(hdr->addr1))
86c228a7627f3f Johan Almbladh 2013-08-14 2063 rx->key = NULL;
86c228a7627f3f Johan Almbladh 2013-08-14 2064 }
86c228a7627f3f Johan Almbladh 2013-08-14 2065 }
86c228a7627f3f Johan Almbladh 2013-08-14 2066
86c228a7627f3f Johan Almbladh 2013-08-14 2067 if (rx->key) {
86c228a7627f3f Johan Almbladh 2013-08-14 2068 if (unlikely(rx->key->flags & KEY_FLAG_TAINTED))
86c228a7627f3f Johan Almbladh 2013-08-14 2069 return RX_DROP_MONITOR;
86c228a7627f3f Johan Almbladh 2013-08-14 2070
86c228a7627f3f Johan Almbladh 2013-08-14 2071 /* TODO: add threshold stuff again */
86c228a7627f3f Johan Almbladh 2013-08-14 2072 } else {
86c228a7627f3f Johan Almbladh 2013-08-14 2073 return RX_DROP_MONITOR;
86c228a7627f3f Johan Almbladh 2013-08-14 2074 }
86c228a7627f3f Johan Almbladh 2013-08-14 2075
86c228a7627f3f Johan Almbladh 2013-08-14 2076 switch (rx->key->conf.cipher) {
86c228a7627f3f Johan Almbladh 2013-08-14 2077 case WLAN_CIPHER_SUITE_WEP40:
86c228a7627f3f Johan Almbladh 2013-08-14 2078 case WLAN_CIPHER_SUITE_WEP104:
86c228a7627f3f Johan Almbladh 2013-08-14 2079 result = ieee80211_crypto_wep_decrypt(rx);
86c228a7627f3f Johan Almbladh 2013-08-14 2080 break;
86c228a7627f3f Johan Almbladh 2013-08-14 2081 case WLAN_CIPHER_SUITE_TKIP:
86c228a7627f3f Johan Almbladh 2013-08-14 2082 result = ieee80211_crypto_tkip_decrypt(rx);
86c228a7627f3f Johan Almbladh 2013-08-14 2083 break;
86c228a7627f3f Johan Almbladh 2013-08-14 2084 case WLAN_CIPHER_SUITE_CCMP:
2b2ba0db1c820d Jouni Malinen 2015-01-24 2085 result = ieee80211_crypto_ccmp_decrypt(
2b2ba0db1c820d Jouni Malinen 2015-01-24 2086 rx, IEEE80211_CCMP_MIC_LEN);
2b2ba0db1c820d Jouni Malinen 2015-01-24 2087 break;
2b2ba0db1c820d Jouni Malinen 2015-01-24 2088 case WLAN_CIPHER_SUITE_CCMP_256:
2b2ba0db1c820d Jouni Malinen 2015-01-24 2089 result = ieee80211_crypto_ccmp_decrypt(
2b2ba0db1c820d Jouni Malinen 2015-01-24 2090 rx, IEEE80211_CCMP_256_MIC_LEN);
86c228a7627f3f Johan Almbladh 2013-08-14 2091 break;
86c228a7627f3f Johan Almbladh 2013-08-14 2092 case WLAN_CIPHER_SUITE_AES_CMAC:
86c228a7627f3f Johan Almbladh 2013-08-14 2093 result = ieee80211_crypto_aes_cmac_decrypt(rx);
86c228a7627f3f Johan Almbladh 2013-08-14 2094 break;
56c52da2d554f0 Jouni Malinen 2015-01-24 2095 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
56c52da2d554f0 Jouni Malinen 2015-01-24 2096 result = ieee80211_crypto_aes_cmac_256_decrypt(rx);
56c52da2d554f0 Jouni Malinen 2015-01-24 2097 break;
8ade538bf39b1e Jouni Malinen 2015-01-24 2098 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
8ade538bf39b1e Jouni Malinen 2015-01-24 2099 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
8ade538bf39b1e Jouni Malinen 2015-01-24 2100 result = ieee80211_crypto_aes_gmac_decrypt(rx);
8ade538bf39b1e Jouni Malinen 2015-01-24 2101 break;
00b9cfa3ff3840 Jouni Malinen 2015-01-24 2102 case WLAN_CIPHER_SUITE_GCMP:
00b9cfa3ff3840 Jouni Malinen 2015-01-24 2103 case WLAN_CIPHER_SUITE_GCMP_256:
00b9cfa3ff3840 Jouni Malinen 2015-01-24 2104 result = ieee80211_crypto_gcmp_decrypt(rx);
00b9cfa3ff3840 Jouni Malinen 2015-01-24 2105 break;
86c228a7627f3f Johan Almbladh 2013-08-14 2106 default:
b39c205d1ce048 Johannes Berg 2023-09-25 2107 result = RX_DROP_U_BAD_CIPHER;
86c228a7627f3f Johan Almbladh 2013-08-14 2108 }
86c228a7627f3f Johan Almbladh 2013-08-14 2109
86c228a7627f3f Johan Almbladh 2013-08-14 2110 /* the hdr variable is invalid after the decrypt handlers */
86c228a7627f3f Johan Almbladh 2013-08-14 2111
86c228a7627f3f Johan Almbladh 2013-08-14 2112 /* either the frame has been decrypted or will be dropped */
86c228a7627f3f Johan Almbladh 2013-08-14 2113 status->flag |= RX_FLAG_DECRYPTED;
86c228a7627f3f Johan Almbladh 2013-08-14 2114
7f4e09700bdc13 Benjamin Berg 2023-06-21 @2115 if (unlikely(ieee80211_is_beacon(fc) && (result & RX_DROP_UNUSABLE) &&
b2d03cabe2b2e1 Johannes Berg 2022-10-05 2116 rx->sdata->dev))
9eaf183af741e3 Jouni Malinen 2020-04-01 2117 cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
9eaf183af741e3 Jouni Malinen 2020-04-01 2118 skb->data, skb->len);
9eaf183af741e3 Jouni Malinen 2020-04-01 2119
86c228a7627f3f Johan Almbladh 2013-08-14 2120 return result;
86c228a7627f3f Johan Almbladh 2013-08-14 2121 }
86c228a7627f3f Johan Almbladh 2013-08-14 2122
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-09-30 14:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-25 15:25 [PATCH 1/3] wifi: mac80211: remove RX_DROP_UNUSABLE Johannes Berg
2023-09-25 15:25 ` [PATCH 2/3] wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value Johannes Berg
2023-09-25 15:25 ` [PATCH 3/3] wifi: mac80211: expand __ieee80211_data_to_8023() status Johannes Berg
2023-09-26 17:32 ` [PATCH 1/3] wifi: mac80211: remove RX_DROP_UNUSABLE kernel test robot
2023-09-30 14:26 ` kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.