lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 23 Sep 2022 16:19:11 +0200
From:   Marek Vasut <marex@...x.de>
To:     "Fuzzey, Martin" <martin.fuzzey@...wbird.group>
Cc:     linux-wireless@...r.kernel.org,
        Amitkumar Karwar <amit.karwar@...pinesignals.com>,
        Angus Ainslie <angus@...ea.ca>,
        Jakub Kicinski <kuba@...nel.org>,
        Kalle Valo <kvalo@...nel.org>,
        Martin Kepplinger <martink@...teo.de>,
        Prameela Rani Garnepudi <prameela.j04cs@...il.com>,
        Sebastian Krzyszkowiak <sebastian.krzyszkowiak@...i.sm>,
        Siva Rebbagondla <siva8118@...il.com>, netdev@...r.kernel.org
Subject: Re: [PATCH] wifi: rsi: Fix handling of 802.3 EAPOL frames sent via
 control port

On 9/23/22 09:11, Fuzzey, Martin wrote:
> Hi Marek,

Hi,

> On Thu, 22 Sept 2022 at 22:33, Marek Vasut <marex@...x.de> wrote:
>>
>> When using wpa_supplicant v2.10, this driver is no longer able to
>> associate with any AP and fails in the EAPOL 4-way handshake while
>> sending the 2/4 message to the AP. The problem is not present in
>> wpa_supplicant v2.9 or older. The problem stems from HostAP commit
>> 144314eaa ("wpa_supplicant: Send EAPOL frames over nl80211 where available")
>> which changes the way EAPOL frames are sent, from them being send
>> at L2 frames to them being sent via nl80211 control port.
> ...
>> Therefore, to fix this problem, inspect the ETH_P_802_3 frames in
>> the rsi_91x driver, check the ethertype of the encapsulated frame,
>> and in case it is ETH_P_PAE, transmit the frame via high-priority
>> queue just like other ETH_P_PAE frames.
>>
> 
>> diff --git a/drivers/net/wireless/rsi/rsi_91x_core.c b/drivers/net/wireless/rsi/rsi_91x_core.c
>> index 0f3a80f66b61c..d76c9dc99cafa 100644
>> --- a/drivers/net/wireless/rsi/rsi_91x_core.c
>> +++ b/drivers/net/wireless/rsi/rsi_91x_core.c
>> +
>>                  if (skb->protocol == cpu_to_be16(ETH_P_PAE)) {
>> +                       tx_eapol = true;
>> +               } else if (skb->protocol == cpu_to_be16(ETH_P_802_3)) {
>> +                       hdr_len = ieee80211_get_hdrlen_from_skb(skb) +
>> +                                 sizeof(rfc1042_header) - ETH_HLEN + 2;
>> +                       eth_hdr = (struct ethhdr *)(skb->data + hdr_len);
>> +                       if (eth_hdr->h_proto == cpu_to_be16(ETH_P_PAE))
>> +                               tx_eapol = true;
>> +               }
>> +
>> diff --git a/drivers/net/wireless/rsi/rsi_91x_hal.c b/drivers/net/wireless/rsi/rsi_91x_hal.c
>> index c61f83a7333b6..d43754fff287d 100644
>> @@ -168,6 +171,16 @@ int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb)
>> +       if (skb->protocol == cpu_to_be16(ETH_P_PAE)) {
>> +               tx_eapol = true;
>> +       } else if (skb->protocol == cpu_to_be16(ETH_P_802_3)) {
>> +               hdr_len = ieee80211_get_hdrlen_from_skb(skb) +
>> +                         sizeof(rfc1042_header) - ETH_HLEN + 2;
>> +               eth_hdr = (struct ethhdr *)(skb->data + hdr_len);
>> +               if (eth_hdr->h_proto == cpu_to_be16(ETH_P_PAE))
>> +                       tx_eapol = true;
>> +       }
>> +
> 
> It looks like the same logic is being duplicated twice. Maybe create a
> helper function for it, something like bool rsi_is_eapol(struct
> sk_buff *skb) ?

Sure, I'll do that in V2.

Currently I am looking for input whether this reaching into an 8023 
packet to see if it is EAPOL one is even the right approach:
"
NOTE: I am really unsure about the method of finding out the exact
       place of ethernet header in the encapsulated packet and then
       extracting the ethertype from it. Is there maybe some sort of
       helper function for that purpose ?
"

> Also I think it would be good to tag this for stable.

There is a Fixes tag:
"
Fixes: 0eb42586cf876 ("rsi: data packet descriptor enhancements")
"

Powered by blists - more mailing lists