* [PATCH] wifi: mac80211: disallow AP interface from getting BIGTK in RX path
@ 2025-07-02 10:45 Michael-CY Lee
2025-07-08 8:26 ` Johannes Berg
0 siblings, 1 reply; 2+ messages in thread
From: Michael-CY Lee @ 2025-07-02 10:45 UTC (permalink / raw)
To: linux-wireless
Cc: Johannes Berg, Felix Fietkau, Lorenzo Bianconi, Evelyn Tsai,
Money Wang, linux-mediatek, Michael-CY Lee
The problem was that when the AP interface with BIGTK set received
beacons with MMIE from other BSSes, it tried to verify the MIC using its
BIGTK, which must fail and be notified to the upper layer by
cfg80211_rx_unprot_mlme_mgmt().
The solution is to prevent the AP interface from getting BIGTK in
the RX path, as the AP should only use the BIGTK to calculate the
beacon's MIC value.
Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
Reviewed-by: Money Wang <money.wang@mediatek.com>
---
net/mac80211/rx.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 7671fd39a60e..f2d63a7cc642 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1888,6 +1888,10 @@ ieee80211_rx_get_bigtk(struct ieee80211_rx_data *rx, int idx)
* index (i.e., a key that we do not have).
*/
+ /* AP interface sould not use BIGTK to decrypt */
+ if (rx->sdata->vif.type == NL80211_IFTYPE_AP)
+ return NULL;
+
if (idx < 0) {
idx = NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS;
idx2 = idx + 1;
--
2.25.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] wifi: mac80211: disallow AP interface from getting BIGTK in RX path
2025-07-02 10:45 [PATCH] wifi: mac80211: disallow AP interface from getting BIGTK in RX path Michael-CY Lee
@ 2025-07-08 8:26 ` Johannes Berg
0 siblings, 0 replies; 2+ messages in thread
From: Johannes Berg @ 2025-07-08 8:26 UTC (permalink / raw)
To: Michael-CY Lee, linux-wireless
Cc: Felix Fietkau, Lorenzo Bianconi, Evelyn Tsai, Money Wang,
linux-mediatek
On Wed, 2025-07-02 at 18:45 +0800, Michael-CY Lee wrote:
> The problem was that when the AP interface with BIGTK set received
> beacons with MMIE from other BSSes, it tried to verify the MIC using its
> BIGTK, which must fail and be notified to the upper layer by
> cfg80211_rx_unprot_mlme_mgmt().
>
> The solution is to prevent the AP interface from getting BIGTK in
> the RX path, as the AP should only use the BIGTK to calculate the
> beacon's MIC value.
>
> Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
> Reviewed-by: Money Wang <money.wang@mediatek.com>
> ---
> net/mac80211/rx.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
> index 7671fd39a60e..f2d63a7cc642 100644
> --- a/net/mac80211/rx.c
> +++ b/net/mac80211/rx.c
> @@ -1888,6 +1888,10 @@ ieee80211_rx_get_bigtk(struct ieee80211_rx_data *rx, int idx)
> * index (i.e., a key that we do not have).
> */
>
> + /* AP interface sould not use BIGTK to decrypt */
> + if (rx->sdata->vif.type == NL80211_IFTYPE_AP)
> + return NULL;
Could this apply to other interface types (AP_VLAN? mesh?) as well?
Maybe this validation should instead be restricted to where it matters?
Or maybe it should only limit the rx->link->gtk[] lookups, not the per-
STA ones?
(Also, what about wireless/wireless-next? please add a tag)
johannes
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-07-08 8:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-02 10:45 [PATCH] wifi: mac80211: disallow AP interface from getting BIGTK in RX path Michael-CY Lee
2025-07-08 8:26 ` Johannes Berg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).