[PATCH 5.15 129/846] ath11k: reset RSN/WPA present state for open BSS

From: Greg Kroah-Hartman
Date: Mon Jan 24 2022 - 16:57:48 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.15 126/846] Bluetooth: stop proccessing malicious adv data"
Previous message: Greg Kroah-Hartman: "[PATCH 5.15 125/846] memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails"
In reply to: Greg Kroah-Hartman: "[PATCH 5.15 125/846] memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.15 126/846] Bluetooth: stop proccessing malicious adv data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Karthikeyan Kathirvel <kathirve@xxxxxxxxxxxxxx>

[ Upstream commit 64bc3aa02ae78b1fcb1b850e0eb1f0622002bfaa ]

The ath11k driver is caching the information about RSN/WPA IE in the
configured beacon template. The cached information is used during
associations to figure out whether 4-way PKT/2-way GTK peer flags need to
be set or not.

But the code never cleared the state when no such IE was found. This can
for example happen when moving from an WPA/RSN to an open setup. The
(seemingly connected) peer was then not able to communicate over the
link because the firmware assumed a different (encryption enabled) state
for the peer.

Tested-on: IPQ6018 hw1.0 AHB WLAN.HK.2.5.0.1-01100-QCAHKSWPL_SILICONZ-1

Fixes: 01e34233c645 ("ath11k: fix wmi peer flags in peer assoc command")
Cc: Venkateswara Naralasetty <vnaralas@xxxxxxxxxxxxxx>
Reported-by: Sven Eckelmann <sven@xxxxxxxxxxxxx>
Signed-off-by: Karthikeyan Kathirvel <kathirve@xxxxxxxxxxxxxx>
[sven@xxxxxxxxxxxxx: split into separate patches, clean up commit message]
Signed-off-by: Sven Eckelmann <sven@xxxxxxxxxxxxx>

Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20211115100441.33771-2-sven@xxxxxxxxxxxxx
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/net/wireless/ath/ath11k/mac.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index aac10740f5752..2df60c74809d3 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -767,11 +767,15 @@ static int ath11k_mac_setup_bcn_tmpl(struct ath11k_vif *arvif)

if (cfg80211_find_ie(WLAN_EID_RSN, ies, (skb_tail_pointer(bcn) - ies)))
arvif->rsnie_present = true;
+ else
+ arvif->rsnie_present = false;

if (cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
WLAN_OUI_TYPE_MICROSOFT_WPA,
ies, (skb_tail_pointer(bcn) - ies)))
arvif->wpaie_present = true;
+ else
+ arvif->wpaie_present = false;

ret = ath11k_wmi_bcn_tmpl(ar, arvif->vdev_id, &offs, bcn);

--
2.34.1

Next message: Greg Kroah-Hartman: "[PATCH 5.15 126/846] Bluetooth: stop proccessing malicious adv data"
Previous message: Greg Kroah-Hartman: "[PATCH 5.15 125/846] memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails"
In reply to: Greg Kroah-Hartman: "[PATCH 5.15 125/846] memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.15 126/846] Bluetooth: stop proccessing malicious adv data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]