[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEg-Je_=R_SXXsu6PGT=fBpAO33Usw4YDLEW4EyyyFtsFzdszQ@mail.gmail.com>
Date: Wed, 7 Aug 2024 04:09:41 -0400
From: Neal Gompa <neal@...pa.dev>
To: Janne Grunau <j@...nau.net>
Cc: Arend van Spriel <arend.vanspriel@...adcom.com>, Kalle Valo <kvalo@...nel.org>,
Hector Martin <marcan@...can.st>, Linus Walleij <linus.walleij@...aro.org>,
linux-wireless@...r.kernel.org, brcm80211@...ts.linux.dev,
brcm80211-dev-list.pdl@...adcom.com, linux-kernel@...r.kernel.org,
asahi@...ts.linux.dev, stable@...r.kernel.org
Subject: Re: [PATCH] wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion
On Sat, Aug 3, 2024 at 3:53 PM Janne Grunau via B4 Relay
<devnull+j.jannau.net@...nel.org> wrote:
>
> From: Janne Grunau <j@...nau.net>
>
> wpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the
> driver for SAE/OWE offload cases") SSID based PMKSA del commands.
> brcmfmac is not prepared and tries to dereference the NULL bssid and
> pmkid pointers in cfg80211_pmksa. PMKID_V3 operations support SSID based
> updates so copy the SSID.
>
> Fixes: a96202acaea4 ("wifi: brcmfmac: cfg80211: Add support for PMKID_V3 operations")
> Cc: stable@...r.kernel.org
> Signed-off-by: Janne Grunau <j@...nau.net>
> ---
> drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> index 5fe0e671ecb3..826b768196e2 100644
> --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> @@ -4320,9 +4320,16 @@ brcmf_pmksa_v3_op(struct brcmf_if *ifp, struct cfg80211_pmksa *pmksa,
> /* Single PMK operation */
> pmk_op->count = cpu_to_le16(1);
> length += sizeof(struct brcmf_pmksa_v3);
> - memcpy(pmk_op->pmk[0].bssid, pmksa->bssid, ETH_ALEN);
> - memcpy(pmk_op->pmk[0].pmkid, pmksa->pmkid, WLAN_PMKID_LEN);
> - pmk_op->pmk[0].pmkid_len = WLAN_PMKID_LEN;
> + if (pmksa->bssid)
> + memcpy(pmk_op->pmk[0].bssid, pmksa->bssid, ETH_ALEN);
> + if (pmksa->pmkid) {
> + memcpy(pmk_op->pmk[0].pmkid, pmksa->pmkid, WLAN_PMKID_LEN);
> + pmk_op->pmk[0].pmkid_len = WLAN_PMKID_LEN;
> + }
> + if (pmksa->ssid && pmksa->ssid_len) {
> + memcpy(pmk_op->pmk[0].ssid.SSID, pmksa->ssid, pmksa->ssid_len);
> + pmk_op->pmk[0].ssid.SSID_len = pmksa->ssid_len;
> + }
> pmk_op->pmk[0].time_left = cpu_to_le32(alive ? BRCMF_PMKSA_NO_EXPIRY : 0);
> }
>
>
> ---
> base-commit: 0c3836482481200ead7b416ca80c68a29cfdaabd
> change-id: 20240803-brcmfmac_pmksa_del_ssid-3c35efe35330
>
This looks reasonable to me and works on my Macs.
Reviewed-by: Neal Gompa <neal@...pa.dev>
--
真実はいつも一つ!/ Always, there's only one truth!
Powered by blists - more mailing lists