| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d5f38a5c-8073-6e34-54f0-a11d2347b2c1@denx.de>
Date: Fri, 23 Sep 2022 16:19:11 +0200
From: Marek Vasut <marex@...x.de>
To: "Fuzzey, Martin" <martin.fuzzey@...wbird.group>
Cc: linux-wireless@...r.kernel.org,
Amitkumar Karwar <amit.karwar@...pinesignals.com>,
Angus Ainslie <angus@...ea.ca>,
Jakub Kicinski <kuba@...nel.org>,
Kalle Valo <kvalo@...nel.org>,
Martin Kepplinger <martink@...teo.de>,
Prameela Rani Garnepudi <prameela.j04cs@...il.com>,
Sebastian Krzyszkowiak <sebastian.krzyszkowiak@...i.sm>,
Siva Rebbagondla <siva8118@...il.com>, netdev@...r.kernel.org
Subject: Re: [PATCH] wifi: rsi: Fix handling of 802.3 EAPOL frames sent via
control port
On 9/23/22 09:11, Fuzzey, Martin wrote:
> Hi Marek,
Hi,
> On Thu, 22 Sept 2022 at 22:33, Marek Vasut <marex@...x.de> wrote:
>>
>> When using wpa_supplicant v2.10, this driver is no longer able to
>> associate with any AP and fails in the EAPOL 4-way handshake while
>> sending the 2/4 message to the AP. The problem is not present in
>> wpa_supplicant v2.9 or older. The problem stems from HostAP commit
>> 144314eaa ("wpa_supplicant: Send EAPOL frames over nl80211 where available")
>> which changes the way EAPOL frames are sent, from them being send
>> at L2 frames to them being sent via nl80211 control port.
> ...
>> Therefore, to fix this problem, inspect the ETH_P_802_3 frames in
>> the rsi_91x driver, check the ethertype of the encapsulated frame,
>> and in case it is ETH_P_PAE, transmit the frame via high-priority
>> queue just like other ETH_P_PAE frames.
>>
>
>> diff --git a/drivers/net/wireless/rsi/rsi_91x_core.c b/drivers/net/wireless/rsi/rsi_91x_core.c
>> index 0f3a80f66b61c..d76c9dc99cafa 100644
>> --- a/drivers/net/wireless/rsi/rsi_91x_core.c
>> +++ b/drivers/net/wireless/rsi/rsi_91x_core.c
>> +
>> if (skb->protocol == cpu_to_be16(ETH_P_PAE)) {
>> + tx_eapol = true;
>> + } else if (skb->protocol == cpu_to_be16(ETH_P_802_3)) {
>> + hdr_len = ieee80211_get_hdrlen_from_skb(skb) +
>> + sizeof(rfc1042_header) - ETH_HLEN + 2;
>> + eth_hdr = (struct ethhdr *)(skb->data + hdr_len);
>> + if (eth_hdr->h_proto == cpu_to_be16(ETH_P_PAE))
>> + tx_eapol = true;
>> + }
>> +
>> diff --git a/drivers/net/wireless/rsi/rsi_91x_hal.c b/drivers/net/wireless/rsi/rsi_91x_hal.c
>> index c61f83a7333b6..d43754fff287d 100644
>> @@ -168,6 +171,16 @@ int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb)
>> + if (skb->protocol == cpu_to_be16(ETH_P_PAE)) {
>> + tx_eapol = true;
>> + } else if (skb->protocol == cpu_to_be16(ETH_P_802_3)) {
>> + hdr_len = ieee80211_get_hdrlen_from_skb(skb) +
>> + sizeof(rfc1042_header) - ETH_HLEN + 2;
>> + eth_hdr = (struct ethhdr *)(skb->data + hdr_len);
>> + if (eth_hdr->h_proto == cpu_to_be16(ETH_P_PAE))
>> + tx_eapol = true;
>> + }
>> +
>
> It looks like the same logic is being duplicated twice. Maybe create a
> helper function for it, something like bool rsi_is_eapol(struct
> sk_buff *skb) ?
Sure, I'll do that in V2.
Currently I am looking for input whether this reaching into an 8023
packet to see if it is EAPOL one is even the right approach:
"
NOTE: I am really unsure about the method of finding out the exact
place of ethernet header in the encapsulated packet and then
extracting the ethertype from it. Is there maybe some sort of
helper function for that purpose ?
"
> Also I think it would be good to tag this for stable.
There is a Fixes tag:
"
Fixes: 0eb42586cf876 ("rsi: data packet descriptor enhancements")
"
Powered by blists - more mailing lists