lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20231128083115.613235-4-yu-hao.lin@nxp.com>
Date:   Tue, 28 Nov 2023 16:31:06 +0800
From:   David Lin <yu-hao.lin@....com>
To:     linux-wireless@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, briannorris@...omium.org,
        kvalo@...nel.org, francesco@...cini.it, tsung-hsien.hsieh@....com,
        David Lin <yu-hao.lin@....com>
Subject: [PATCH v7 03/12] wifi: mwifiex: fixed reassocation issue for WPA3.

This issue is related to resatart/reconfigure AP.

When AP is restarted or reconfigured, wpa_supplilcant will use cached
PMKSA to do association to AP.
Because association failure does not report to cfg80211/wpa_supplicant,
wpa_supplicant will always use cached PMKSA to do assocaiton.
Connection can't be established under this way.

Signed-off-by: David Lin <yu-hao.lin@....com>
---
 .../net/wireless/marvell/mwifiex/cfg80211.c   | 25 ++++++++-----------
 drivers/net/wireless/marvell/mwifiex/cmdevt.c | 18 +++++++++++++
 drivers/net/wireless/marvell/mwifiex/init.c   |  1 +
 drivers/net/wireless/marvell/mwifiex/main.c   |  6 +++++
 drivers/net/wireless/marvell/mwifiex/main.h   |  3 +++
 5 files changed, 39 insertions(+), 14 deletions(-)

diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
index 3d59e6a441b9..a21310f3807c 100644
--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
@@ -4395,9 +4395,6 @@ mwifiex_cfg80211_associate(struct wiphy *wiphy, struct net_device *dev,
 	int ret;
 	struct cfg80211_ssid req_ssid;
 	const u8 *ssid_ie;
-	struct cfg80211_rx_assoc_resp assoc_resp = {
-		.uapsd_queues = -1,
-	};
 
 	if (GET_BSS_ROLE(priv) != MWIFIEX_BSS_ROLE_STA) {
 		mwifiex_dbg(adapter, ERROR,
@@ -4433,13 +4430,13 @@ mwifiex_cfg80211_associate(struct wiphy *wiphy, struct net_device *dev,
 
 	req_ssid.ssid_len = ssid_ie[1];
 	if (req_ssid.ssid_len > IEEE80211_MAX_SSID_LEN) {
-		mwifiex_dbg(priv->adapter, ERROR, "invalid SSID - aborting\n");
+		mwifiex_dbg(adapter, ERROR, "invalid SSID - aborting\n");
 		goto ssid_err;
 	}
 
 	memcpy(req_ssid.ssid, ssid_ie + 2, req_ssid.ssid_len);
 	if (!req_ssid.ssid_len || req_ssid.ssid[0] < 0x20) {
-		mwifiex_dbg(priv->adapter, ERROR, "invalid SSID - aborting\n");
+		mwifiex_dbg(adapter, ERROR, "invalid SSID - aborting\n");
 		goto ssid_err;
 	}
 	rcu_read_unlock();
@@ -4466,25 +4463,25 @@ mwifiex_cfg80211_associate(struct wiphy *wiphy, struct net_device *dev,
 
 	memcpy(priv->cfg_bssid, req->bss->bssid, ETH_ALEN);
 
-	mwifiex_dbg(priv->adapter, MSG,
+	mwifiex_dbg(adapter, MSG,
 		    "assoc: send association to %pM\n", req->bss->bssid);
 
-	cfg80211_ref_bss(priv->adapter->wiphy, req->bss);
+	cfg80211_ref_bss(adapter->wiphy, req->bss);
 
 	ret = mwifiex_bss_start(priv, req->bss, &req_ssid);
 
-	if (!ret) {
-		assoc_resp.links[0].bss = priv->attempted_bss_desc->bss;
-		assoc_resp.buf = priv->assoc_rsp_buf;
-		assoc_resp.len = priv->assoc_rsp_size;
-		cfg80211_rx_assoc_resp(priv->netdev,
-				       &assoc_resp);
-	} else {
+	if (ret) {
 		priv->auth_flag = 0;
 		priv->auth_alg = 0xFFFF;
 		eth_zero_addr(priv->cfg_bssid);
 	}
 
+	if (priv->assoc_rsp_size) {
+		priv->req_bss = req->bss;
+		adapter->assoc_resp_received = true;
+		queue_work(adapter->workqueue, &adapter->main_work);
+	}
+
 	cfg80211_put_bss(priv->adapter->wiphy, req->bss);
 
 	return 0;
diff --git a/drivers/net/wireless/marvell/mwifiex/cmdevt.c b/drivers/net/wireless/marvell/mwifiex/cmdevt.c
index 311af5f40c3e..16777af50097 100644
--- a/drivers/net/wireless/marvell/mwifiex/cmdevt.c
+++ b/drivers/net/wireless/marvell/mwifiex/cmdevt.c
@@ -924,6 +924,24 @@ int mwifiex_process_cmdresp(struct mwifiex_adapter *adapter)
 	return ret;
 }
 
+void mwifiex_process_assoc_resp(struct mwifiex_adapter *adapter)
+{
+	struct cfg80211_rx_assoc_resp assoc_resp = {
+		.uapsd_queues = -1,
+	};
+	struct mwifiex_private *priv =
+		mwifiex_get_priv(adapter, MWIFIEX_BSS_ROLE_STA);
+
+	if (priv->assoc_rsp_size) {
+		assoc_resp.links[0].bss = priv->req_bss;
+		assoc_resp.buf = priv->assoc_rsp_buf;
+		assoc_resp.len = priv->assoc_rsp_size;
+		cfg80211_rx_assoc_resp(priv->netdev,
+				       &assoc_resp);
+		priv->assoc_rsp_size = 0;
+	}
+}
+
 /*
  * This function handles the timeout of command sending.
  *
diff --git a/drivers/net/wireless/marvell/mwifiex/init.c b/drivers/net/wireless/marvell/mwifiex/init.c
index f86a527fd7ca..4326e03a66d3 100644
--- a/drivers/net/wireless/marvell/mwifiex/init.c
+++ b/drivers/net/wireless/marvell/mwifiex/init.c
@@ -223,6 +223,7 @@ static void mwifiex_init_adapter(struct mwifiex_adapter *adapter)
 	adapter->cmd_resp_received = false;
 	adapter->event_received = false;
 	adapter->data_received = false;
+	adapter->assoc_resp_received = false;
 
 	clear_bit(MWIFIEX_SURPRISE_REMOVED, &adapter->work_flags);
 
diff --git a/drivers/net/wireless/marvell/mwifiex/main.c b/drivers/net/wireless/marvell/mwifiex/main.c
index 3bebb6c37604..1dac77946813 100644
--- a/drivers/net/wireless/marvell/mwifiex/main.c
+++ b/drivers/net/wireless/marvell/mwifiex/main.c
@@ -365,6 +365,12 @@ int mwifiex_main_process(struct mwifiex_adapter *adapter)
 			}
 		}
 
+		/* Chekc for Assoc Resp */
+		if (adapter->assoc_resp_received) {
+			adapter->assoc_resp_received = false;
+			mwifiex_process_assoc_resp(adapter);
+		}
+
 		/* Check if we need to confirm Sleep Request
 		   received previously */
 		if (adapter->ps_state == PS_STATE_PRE_SLEEP)
diff --git a/drivers/net/wireless/marvell/mwifiex/main.h b/drivers/net/wireless/marvell/mwifiex/main.h
index 83449ad84d15..ae4b44ad6c50 100644
--- a/drivers/net/wireless/marvell/mwifiex/main.h
+++ b/drivers/net/wireless/marvell/mwifiex/main.h
@@ -615,6 +615,7 @@ struct mwifiex_private {
 #define MWIFIEX_ASSOC_RSP_BUF_SIZE  500
 	u8 assoc_rsp_buf[MWIFIEX_ASSOC_RSP_BUF_SIZE];
 	u32 assoc_rsp_size;
+	struct cfg80211_bss *req_bss;
 
 #define MWIFIEX_GENIE_BUF_SIZE      256
 	u8 gen_ie_buf[MWIFIEX_GENIE_BUF_SIZE];
@@ -915,6 +916,7 @@ struct mwifiex_adapter {
 	u8 cmd_resp_received;
 	u8 event_received;
 	u8 data_received;
+	u8 assoc_resp_received;
 	u16 seq_num;
 	struct cmd_ctrl_node *cmd_pool;
 	struct cmd_ctrl_node *curr_cmd;
@@ -1104,6 +1106,7 @@ void mwifiex_insert_cmd_to_pending_q(struct mwifiex_adapter *adapter,
 
 int mwifiex_exec_next_cmd(struct mwifiex_adapter *adapter);
 int mwifiex_process_cmdresp(struct mwifiex_adapter *adapter);
+void mwifiex_process_assoc_resp(struct mwifiex_adapter *adapter);
 int mwifiex_handle_rx_packet(struct mwifiex_adapter *adapter,
 			     struct sk_buff *skb);
 int mwifiex_process_tx(struct mwifiex_private *priv, struct sk_buff *skb,
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ