From: Martin Kaistra <martin.kaistra@linutronix.de>
To: linux-wireless@vger.kernel.org, Ping-Ke Shih <pkshih@realtek.com>
Cc: Jes Sorensen <Jes.Sorensen@gmail.com>,
Kalle Valo <kvalo@kernel.org>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
Bitterblue Smith <rtl8821cerfe2@gmail.com>
Subject: Re: [PATCH] wifi: rtl8xxxu: enable MFP support
Date: Wed, 17 Apr 2024 08:43:07 +0200 [thread overview]
Message-ID: <1e600703-1208-4adb-a486-2a770cff55ed@linutronix.de> (raw)
In-Reply-To: <1cbb57c2-3d8f-4932-9132-d46a871c944b@gmail.com>
Hi Ping-Ke,
Am 15.04.24 um 21:14 schrieb Bitterblue Smith:
> On 15/04/2024 09:49, Martin Kaistra wrote:
>> Am 14.04.24 um 13:32 schrieb Bitterblue Smith:
>>> On 14/03/2024 18:48, Martin Kaistra wrote:
>>>> In order to connect to networks which require 802.11w, add the
>>>> MFP_CAPABLE flag and let mac80211 do the actual crypto in software.
>>>>
>>>> When a robust management frames is received, rx_dec->swdec is not set,
>>>> even though the HW did not decrypt it. Extend the check and don't set
>>>> RX_FLAG_DECRYPTED for these frames in order to use SW decryption.
>>>>
>>>> Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
>>>> ---
>>>> drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 9 +++++++--
>>>> 1 file changed, 7 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
>>>> index 4a49f8f9d80f2..870bd952f5902 100644
>>>> --- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
>>>> +++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
>>>> @@ -6473,7 +6473,9 @@ int rtl8xxxu_parse_rxdesc16(struct rtl8xxxu_priv *priv, struct sk_buff *skb)
>>>> rx_status->mactime = rx_desc->tsfl;
>>>> rx_status->flag |= RX_FLAG_MACTIME_START;
>>>> - if (!rx_desc->swdec)
>>>> + if (!rx_desc->swdec &&
>>>> + !(_ieee80211_is_robust_mgmt_frame(hdr) &&
>>>> + ieee80211_has_protected(hdr->frame_control)))
>>>> rx_status->flag |= RX_FLAG_DECRYPTED;
>>>> if (rx_desc->crc32)
>>>> rx_status->flag |= RX_FLAG_FAILED_FCS_CRC;
>>>> @@ -6578,7 +6580,9 @@ int rtl8xxxu_parse_rxdesc24(struct rtl8xxxu_priv *priv, struct sk_buff *skb)
>>>> rx_status->mactime = rx_desc->tsfl;
>>>> rx_status->flag |= RX_FLAG_MACTIME_START;
>>>> - if (!rx_desc->swdec)
>>>> + if (!rx_desc->swdec &&
>>>> + !(_ieee80211_is_robust_mgmt_frame(hdr) &&
>>>> + ieee80211_has_protected(hdr->frame_control)))
>>>> rx_status->flag |= RX_FLAG_DECRYPTED;
>>>> if (rx_desc->crc32)
>>>> rx_status->flag |= RX_FLAG_FAILED_FCS_CRC;
>>>> @@ -7998,6 +8002,7 @@ static int rtl8xxxu_probe(struct usb_interface *interface,
>>>> ieee80211_hw_set(hw, HAS_RATE_CONTROL);
>>>> ieee80211_hw_set(hw, SUPPORT_FAST_XMIT);
>>>> ieee80211_hw_set(hw, AMPDU_AGGREGATION);
>>>> + ieee80211_hw_set(hw, MFP_CAPABLE);
>>>> wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
>>>>
>>>
>>> I ran into this problem recently with rtl8192du:
>>> https://lore.kernel.org/linux-wireless/ed12ec17-ae6e-45fa-a72f-23e0a34654da@gmail.com/
>>>
>>> Does the same fix work for you in rtl8xxxu? Checking the "security"
>>> field of the RX descriptor is simpler than calling two functions.
>>> Sorry to bother you when the patch is already applied.
>>
>> Thanks for the hint. I tried to do something similar to what has been done in other rtlwifi drivers and missed the solution in rtw88, which is probably better:
>>
>> rtlwifi/rtl8188ee/trx.c
>> rtlwifi/rtl8192ce/trx.c
>> rtlwifi/rtl8192ee/trx.c
>> rtlwifi/rtl8192se/trx.c
>> rtlwifi/rtl8723ae/trx.c
>> rtlwifi/rtl8723be/trx.c
>> rtlwifi/rtl8821ae/trx.c
>>
>> Shouldn't it be changed in these locations as well?
>>
>> I will do a test for rtl8xxxu and if it is successful send a new patch.
>>
>>>
>>> Also, won't you send the patch to the stable tree?
>>
>> The rtl8xxxu driver previously did not have the MFP_CAPABLE flag set. As I am adding new functionality (support for WPA3), I don't think this should go to stable.
>
> Without your patch I can't connect to my phone's hotspot
> when it uses WPA3:
>
> Apr 08 12:50:57 ideapad2 wpa_supplicant[1231]: nl80211: kernel reports: key setting validation failed
> Apr 08 12:50:57 ideapad2 wpa_supplicant[1231]: wlp3s0f3u2: WPA: Failed to configure IGTK to the driver
> Apr 08 12:50:57 ideapad2 wpa_supplicant[1231]: wlp3s0f3u2: RSN: Failed to configure IGTK
>
> It doesn't say anything about WPA3 or management frame
> protection, just prints those unhelpful errors and tries
> to connect over and over again. To me that looks more like
> fixing a bug than adding new functionality. It's just sad
> that people need to install kernel 6.10+ in order to support
> WPA3, when the patch is so small.
I would like to know your opinion on this. imho this patch should not go to
stable and I would therefore propose to just send a patch to improve the checks.
If you as a maintainer however say, you would like to see this in stable, then I
will send a revert and a new patch.
Martin
next prev parent reply other threads:[~2024-04-17 6:43 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-14 16:48 [PATCH] wifi: rtl8xxxu: enable MFP support Martin Kaistra
2024-03-15 1:22 ` Ping-Ke Shih
2024-03-20 2:03 ` Ping-Ke Shih
2024-04-14 11:32 ` Bitterblue Smith
2024-04-15 0:57 ` Ping-Ke Shih
2024-04-15 6:49 ` Martin Kaistra
2024-04-15 19:14 ` Bitterblue Smith
2024-04-17 6:43 ` Martin Kaistra [this message]
2024-04-17 7:23 ` Ping-Ke Shih
2024-04-17 8:28 ` Kalle Valo
2024-04-17 8:47 ` Ping-Ke Shih
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1e600703-1208-4adb-a486-2a770cff55ed@linutronix.de \
--to=martin.kaistra@linutronix.de \
--cc=Jes.Sorensen@gmail.com \
--cc=bigeasy@linutronix.de \
--cc=kvalo@kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=pkshih@realtek.com \
--cc=rtl8821cerfe2@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).