Re: [PATCH] wifi: rtl8xxxu: enable MFP support

Linux-Wireless Archive mirror
 help / color / mirror / Atom feed

From: Martin Kaistra <martin.kaistra@linutronix.de>
To: linux-wireless@vger.kernel.org, Ping-Ke Shih <pkshih@realtek.com>
Cc: Jes Sorensen <Jes.Sorensen@gmail.com>,
	Kalle Valo <kvalo@kernel.org>,
	Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
	Bitterblue Smith <rtl8821cerfe2@gmail.com>
Subject: Re: [PATCH] wifi: rtl8xxxu: enable MFP support
Date: Wed, 17 Apr 2024 08:43:07 +0200	[thread overview]
Message-ID: <1e600703-1208-4adb-a486-2a770cff55ed@linutronix.de> (raw)
In-Reply-To: <1cbb57c2-3d8f-4932-9132-d46a871c944b@gmail.com>

Hi Ping-Ke,

Am 15.04.24 um 21:14 schrieb Bitterblue Smith:
> On 15/04/2024 09:49, Martin Kaistra wrote:
>> Am 14.04.24 um 13:32 schrieb Bitterblue Smith:
>>> On 14/03/2024 18:48, Martin Kaistra wrote:
>>>> In order to connect to networks which require 802.11w, add the
>>>> MFP_CAPABLE flag and let mac80211 do the actual crypto in software.
>>>>
>>>> When a robust management frames is received, rx_dec->swdec is not set,
>>>> even though the HW did not decrypt it. Extend the check and don't set
>>>> RX_FLAG_DECRYPTED for these frames in order to use SW decryption.
>>>>
>>>> Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
>>>> ---
>>>>    drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 9 +++++++--
>>>>    1 file changed, 7 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
>>>> index 4a49f8f9d80f2..870bd952f5902 100644
>>>> --- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
>>>> +++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
>>>> @@ -6473,7 +6473,9 @@ int rtl8xxxu_parse_rxdesc16(struct rtl8xxxu_priv *priv, struct sk_buff *skb)
>>>>                rx_status->mactime = rx_desc->tsfl;
>>>>                rx_status->flag |= RX_FLAG_MACTIME_START;
>>>>    -            if (!rx_desc->swdec)
>>>> +            if (!rx_desc->swdec &&
>>>> +                !(_ieee80211_is_robust_mgmt_frame(hdr) &&
>>>> +                  ieee80211_has_protected(hdr->frame_control)))
>>>>                    rx_status->flag |= RX_FLAG_DECRYPTED;
>>>>                if (rx_desc->crc32)
>>>>                    rx_status->flag |= RX_FLAG_FAILED_FCS_CRC;
>>>> @@ -6578,7 +6580,9 @@ int rtl8xxxu_parse_rxdesc24(struct rtl8xxxu_priv *priv, struct sk_buff *skb)
>>>>                rx_status->mactime = rx_desc->tsfl;
>>>>                rx_status->flag |= RX_FLAG_MACTIME_START;
>>>>    -            if (!rx_desc->swdec)
>>>> +            if (!rx_desc->swdec &&
>>>> +                !(_ieee80211_is_robust_mgmt_frame(hdr) &&
>>>> +                  ieee80211_has_protected(hdr->frame_control)))
>>>>                    rx_status->flag |= RX_FLAG_DECRYPTED;
>>>>                if (rx_desc->crc32)
>>>>                    rx_status->flag |= RX_FLAG_FAILED_FCS_CRC;
>>>> @@ -7998,6 +8002,7 @@ static int rtl8xxxu_probe(struct usb_interface *interface,
>>>>        ieee80211_hw_set(hw, HAS_RATE_CONTROL);
>>>>        ieee80211_hw_set(hw, SUPPORT_FAST_XMIT);
>>>>        ieee80211_hw_set(hw, AMPDU_AGGREGATION);
>>>> +    ieee80211_hw_set(hw, MFP_CAPABLE);
>>>>          wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
>>>>    
>>>
>>> I ran into this problem recently with rtl8192du:
>>> https://lore.kernel.org/linux-wireless/ed12ec17-ae6e-45fa-a72f-23e0a34654da@gmail.com/
>>>
>>> Does the same fix work for you in rtl8xxxu? Checking the "security"
>>> field of the RX descriptor is simpler than calling two functions.
>>> Sorry to bother you when the patch is already applied.
>>
>> Thanks for the hint. I tried to do something similar to what has been done in other rtlwifi drivers and missed the solution in rtw88, which is probably better:
>>
>> rtlwifi/rtl8188ee/trx.c
>> rtlwifi/rtl8192ce/trx.c
>> rtlwifi/rtl8192ee/trx.c
>> rtlwifi/rtl8192se/trx.c
>> rtlwifi/rtl8723ae/trx.c
>> rtlwifi/rtl8723be/trx.c
>> rtlwifi/rtl8821ae/trx.c
>>
>> Shouldn't it be changed in these locations as well?
>>
>> I will do a test for rtl8xxxu and if it is successful send a new patch.
>>
>>>
>>> Also, won't you send the patch to the stable tree?
>>
>> The rtl8xxxu driver previously did not have the MFP_CAPABLE flag set. As I am adding new functionality (support for WPA3), I don't think this should go to stable.
> 
> Without your patch I can't connect to my phone's hotspot
> when it uses WPA3:
> 
> Apr 08 12:50:57 ideapad2 wpa_supplicant[1231]: nl80211: kernel reports: key setting validation failed
> Apr 08 12:50:57 ideapad2 wpa_supplicant[1231]: wlp3s0f3u2: WPA: Failed to configure IGTK to the driver
> Apr 08 12:50:57 ideapad2 wpa_supplicant[1231]: wlp3s0f3u2: RSN: Failed to configure IGTK
> 
> It doesn't say anything about WPA3 or management frame
> protection, just prints those unhelpful errors and tries
> to connect over and over again. To me that looks more like
> fixing a bug than adding new functionality. It's just sad
> that people need to install kernel 6.10+ in order to support
> WPA3, when the patch is so small.

I would like to know your opinion on this. imho this patch should not go to 
stable and I would therefore propose to just send a patch to improve the checks.
If you as a maintainer however say, you would like to see this in stable, then I 
will send a revert and a new patch.

Martin

next prev parent reply	other threads:[~2024-04-17  6:43 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-14 16:48 [PATCH] wifi: rtl8xxxu: enable MFP support Martin Kaistra
2024-03-15  1:22 ` Ping-Ke Shih
2024-03-20  2:03 ` Ping-Ke Shih
2024-04-14 11:32 ` Bitterblue Smith
2024-04-15  0:57   ` Ping-Ke Shih
2024-04-15  6:49   ` Martin Kaistra
2024-04-15 19:14     ` Bitterblue Smith
2024-04-17  6:43       ` Martin Kaistra [this message]
2024-04-17  7:23         ` Ping-Ke Shih
2024-04-17  8:28           ` Kalle Valo
2024-04-17  8:47             ` Ping-Ke Shih

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1e600703-1208-4adb-a486-2a770cff55ed@linutronix.de \
    --to=martin.kaistra@linutronix.de \
    --cc=Jes.Sorensen@gmail.com \
    --cc=bigeasy@linutronix.de \
    --cc=kvalo@kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=pkshih@realtek.com \
    --cc=rtl8821cerfe2@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).