2007-07-27 07:43:23 -06:00
|
|
|
/*
|
|
|
|
* Copyright 2002-2005, Instant802 Networks, Inc.
|
|
|
|
* Copyright 2005-2006, Devicescape Software, Inc.
|
|
|
|
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
|
2008-04-08 09:56:52 -06:00
|
|
|
* Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
|
2007-07-27 07:43:23 -06:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*/
|
|
|
|
|
2007-08-28 15:01:55 -06:00
|
|
|
#include <linux/if_ether.h>
|
|
|
|
#include <linux/etherdevice.h>
|
|
|
|
#include <linux/list.h>
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
#include <linux/rcupdate.h>
|
2008-02-25 08:27:45 -07:00
|
|
|
#include <linux/rtnetlink.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 02:04:11 -06:00
|
|
|
#include <linux/slab.h>
|
2007-07-27 07:43:23 -06:00
|
|
|
#include <net/mac80211.h>
|
|
|
|
#include "ieee80211_i.h"
|
2009-04-23 10:52:52 -06:00
|
|
|
#include "driver-ops.h"
|
2007-07-27 07:43:23 -06:00
|
|
|
#include "debugfs_key.h"
|
|
|
|
#include "aes_ccm.h"
|
2009-01-08 04:32:02 -07:00
|
|
|
#include "aes_cmac.h"
|
2007-07-27 07:43:23 -06:00
|
|
|
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2008-02-26 06:34:06 -07:00
|
|
|
/**
|
|
|
|
* DOC: Key handling basics
|
2007-08-28 15:01:55 -06:00
|
|
|
*
|
|
|
|
* Key handling in mac80211 is done based on per-interface (sub_if_data)
|
|
|
|
* keys and per-station keys. Since each station belongs to an interface,
|
|
|
|
* each station key also belongs to that interface.
|
|
|
|
*
|
|
|
|
* Hardware acceleration is done on a best-effort basis, for each key
|
|
|
|
* that is eligible the hardware is asked to enable that key but if
|
|
|
|
* it cannot do that they key is simply kept for software encryption.
|
|
|
|
* There is currently no way of knowing this except by looking into
|
|
|
|
* debugfs.
|
|
|
|
*
|
2010-06-01 02:19:19 -06:00
|
|
|
* All key operations are protected internally.
|
2008-02-25 08:27:45 -07:00
|
|
|
*
|
2008-04-08 09:56:52 -06:00
|
|
|
* Within mac80211, key references are, just as STA structure references,
|
|
|
|
* protected by RCU. Note, however, that some things are unprotected,
|
|
|
|
* namely the key->sta dereferences within the hardware acceleration
|
2010-06-01 02:19:19 -06:00
|
|
|
* functions. This means that sta_info_destroy() must remove the key
|
|
|
|
* which waits for an RCU grace period.
|
2007-08-28 15:01:55 -06:00
|
|
|
*/
|
|
|
|
|
|
|
|
static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
|
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
static void assert_key_lock(struct ieee80211_local *local)
|
2008-04-08 09:56:52 -06:00
|
|
|
{
|
2010-06-01 02:19:19 -06:00
|
|
|
WARN_ON(!mutex_is_locked(&local->key_mtx));
|
2008-04-08 09:56:52 -06:00
|
|
|
}
|
|
|
|
|
2008-12-29 04:55:09 -07:00
|
|
|
static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key)
|
2007-08-28 15:01:55 -06:00
|
|
|
{
|
|
|
|
if (key->sta)
|
2008-12-29 04:55:09 -07:00
|
|
|
return &key->sta->sta;
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2008-12-29 04:55:09 -07:00
|
|
|
return NULL;
|
2007-08-28 15:01:55 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
static void ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
|
|
|
|
{
|
2008-12-29 04:55:09 -07:00
|
|
|
struct ieee80211_sub_if_data *sdata;
|
|
|
|
struct ieee80211_sta *sta;
|
2007-08-28 15:01:55 -06:00
|
|
|
int ret;
|
|
|
|
|
2008-04-08 09:56:52 -06:00
|
|
|
might_sleep();
|
|
|
|
|
2007-08-28 15:01:55 -06:00
|
|
|
if (!key->local->ops->set_key)
|
|
|
|
return;
|
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
assert_key_lock(key->local);
|
|
|
|
|
2008-12-29 04:55:09 -07:00
|
|
|
sta = get_sta_for_key(key);
|
|
|
|
|
|
|
|
sdata = key->sdata;
|
|
|
|
if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
|
|
|
|
sdata = container_of(sdata->bss,
|
|
|
|
struct ieee80211_sub_if_data,
|
|
|
|
u.ap);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2009-11-25 12:30:31 -07:00
|
|
|
ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
if (!ret)
|
2007-08-28 15:01:55 -06:00
|
|
|
key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
|
|
|
|
|
|
|
|
if (ret && ret != -ENOSPC && ret != -EOPNOTSUPP)
|
|
|
|
printk(KERN_ERR "mac80211-%s: failed to set key "
|
2008-10-27 16:56:10 -06:00
|
|
|
"(%d, %pM) to hardware (%d)\n",
|
2007-08-28 15:01:55 -06:00
|
|
|
wiphy_name(key->local->hw.wiphy),
|
2008-12-29 04:55:09 -07:00
|
|
|
key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
|
2007-08-28 15:01:55 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
|
|
|
|
{
|
2008-12-29 04:55:09 -07:00
|
|
|
struct ieee80211_sub_if_data *sdata;
|
|
|
|
struct ieee80211_sta *sta;
|
2007-08-28 15:01:55 -06:00
|
|
|
int ret;
|
|
|
|
|
2008-04-08 09:56:52 -06:00
|
|
|
might_sleep();
|
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
if (!key || !key->local->ops->set_key)
|
2007-08-28 15:01:55 -06:00
|
|
|
return;
|
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
assert_key_lock(key->local);
|
|
|
|
|
|
|
|
if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
|
2007-08-28 15:01:55 -06:00
|
|
|
return;
|
|
|
|
|
2008-12-29 04:55:09 -07:00
|
|
|
sta = get_sta_for_key(key);
|
|
|
|
sdata = key->sdata;
|
|
|
|
|
|
|
|
if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
|
|
|
|
sdata = container_of(sdata->bss,
|
|
|
|
struct ieee80211_sub_if_data,
|
|
|
|
u.ap);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2009-11-25 12:30:31 -07:00
|
|
|
ret = drv_set_key(key->local, DISABLE_KEY, sdata,
|
2009-04-23 10:52:52 -06:00
|
|
|
sta, &key->conf);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
|
|
|
if (ret)
|
|
|
|
printk(KERN_ERR "mac80211-%s: failed to remove key "
|
2008-10-27 16:56:10 -06:00
|
|
|
"(%d, %pM) from hardware (%d)\n",
|
2007-08-28 15:01:55 -06:00
|
|
|
wiphy_name(key->local->hw.wiphy),
|
2008-12-29 04:55:09 -07:00
|
|
|
key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2008-04-08 09:56:52 -06:00
|
|
|
key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
|
|
|
|
int idx)
|
|
|
|
{
|
|
|
|
struct ieee80211_key *key = NULL;
|
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
assert_key_lock(sdata->local);
|
|
|
|
|
2008-04-08 09:56:52 -06:00
|
|
|
if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
|
|
|
|
key = sdata->keys[idx];
|
|
|
|
|
|
|
|
rcu_assign_pointer(sdata->default_key, key);
|
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
if (key) {
|
|
|
|
ieee80211_debugfs_key_remove_default(key->sdata);
|
|
|
|
ieee80211_debugfs_key_add_default(key->sdata);
|
|
|
|
}
|
2008-04-08 09:56:52 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx)
|
|
|
|
{
|
2010-06-01 02:19:19 -06:00
|
|
|
mutex_lock(&sdata->local->key_mtx);
|
2008-04-08 09:56:52 -06:00
|
|
|
__ieee80211_set_default_key(sdata, idx);
|
2010-06-01 02:19:19 -06:00
|
|
|
mutex_unlock(&sdata->local->key_mtx);
|
2008-04-08 09:56:52 -06:00
|
|
|
}
|
|
|
|
|
2009-01-08 04:32:02 -07:00
|
|
|
static void
|
|
|
|
__ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
|
|
|
|
{
|
|
|
|
struct ieee80211_key *key = NULL;
|
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
assert_key_lock(sdata->local);
|
|
|
|
|
2009-01-08 04:32:02 -07:00
|
|
|
if (idx >= NUM_DEFAULT_KEYS &&
|
|
|
|
idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
|
|
|
|
key = sdata->keys[idx];
|
|
|
|
|
|
|
|
rcu_assign_pointer(sdata->default_mgmt_key, key);
|
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
if (key) {
|
|
|
|
ieee80211_debugfs_key_remove_mgmt_default(key->sdata);
|
|
|
|
ieee80211_debugfs_key_add_mgmt_default(key->sdata);
|
|
|
|
}
|
2009-01-08 04:32:02 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
|
|
|
|
int idx)
|
|
|
|
{
|
2010-06-01 02:19:19 -06:00
|
|
|
mutex_lock(&sdata->local->key_mtx);
|
2009-01-08 04:32:02 -07:00
|
|
|
__ieee80211_set_default_mgmt_key(sdata, idx);
|
2010-06-01 02:19:19 -06:00
|
|
|
mutex_unlock(&sdata->local->key_mtx);
|
2009-01-08 04:32:02 -07:00
|
|
|
}
|
|
|
|
|
2008-04-08 09:56:52 -06:00
|
|
|
|
|
|
|
static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
|
|
|
|
struct sta_info *sta,
|
|
|
|
struct ieee80211_key *old,
|
|
|
|
struct ieee80211_key *new)
|
|
|
|
{
|
2009-01-08 04:32:02 -07:00
|
|
|
int idx, defkey, defmgmtkey;
|
2008-04-08 09:56:52 -06:00
|
|
|
|
|
|
|
if (new)
|
|
|
|
list_add(&new->list, &sdata->key_list);
|
|
|
|
|
|
|
|
if (sta) {
|
|
|
|
rcu_assign_pointer(sta->key, new);
|
|
|
|
} else {
|
|
|
|
WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
|
|
|
|
|
|
|
|
if (old)
|
|
|
|
idx = old->conf.keyidx;
|
|
|
|
else
|
|
|
|
idx = new->conf.keyidx;
|
|
|
|
|
|
|
|
defkey = old && sdata->default_key == old;
|
2009-01-08 04:32:02 -07:00
|
|
|
defmgmtkey = old && sdata->default_mgmt_key == old;
|
2008-04-08 09:56:52 -06:00
|
|
|
|
|
|
|
if (defkey && !new)
|
|
|
|
__ieee80211_set_default_key(sdata, -1);
|
2009-01-08 04:32:02 -07:00
|
|
|
if (defmgmtkey && !new)
|
|
|
|
__ieee80211_set_default_mgmt_key(sdata, -1);
|
2008-04-08 09:56:52 -06:00
|
|
|
|
|
|
|
rcu_assign_pointer(sdata->keys[idx], new);
|
|
|
|
if (defkey && new)
|
|
|
|
__ieee80211_set_default_key(sdata, new->conf.keyidx);
|
2009-01-08 04:32:02 -07:00
|
|
|
if (defmgmtkey && new)
|
|
|
|
__ieee80211_set_default_mgmt_key(sdata,
|
|
|
|
new->conf.keyidx);
|
2008-04-08 09:56:52 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
if (old) {
|
|
|
|
/*
|
|
|
|
* We'll use an empty list to indicate that the key
|
|
|
|
* has already been removed.
|
|
|
|
*/
|
|
|
|
list_del_init(&old->list);
|
|
|
|
}
|
2007-08-28 15:01:55 -06:00
|
|
|
}
|
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg,
|
2007-08-28 15:01:55 -06:00
|
|
|
int idx,
|
|
|
|
size_t key_len,
|
2009-05-11 12:57:58 -06:00
|
|
|
const u8 *key_data,
|
|
|
|
size_t seq_len, const u8 *seq)
|
2007-07-27 07:43:23 -06:00
|
|
|
{
|
|
|
|
struct ieee80211_key *key;
|
2009-05-11 12:57:58 -06:00
|
|
|
int i, j;
|
2007-07-27 07:43:23 -06:00
|
|
|
|
2009-01-08 04:32:02 -07:00
|
|
|
BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
|
|
|
key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
|
2007-07-27 07:43:23 -06:00
|
|
|
if (!key)
|
|
|
|
return NULL;
|
2007-08-28 15:01:55 -06:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Default to software encryption; we'll later upload the
|
|
|
|
* key to the hardware if possible.
|
|
|
|
*/
|
|
|
|
key->conf.flags = 0;
|
|
|
|
key->flags = 0;
|
|
|
|
|
|
|
|
key->conf.alg = alg;
|
|
|
|
key->conf.keyidx = idx;
|
|
|
|
key->conf.keylen = key_len;
|
2008-10-05 10:02:48 -06:00
|
|
|
switch (alg) {
|
|
|
|
case ALG_WEP:
|
|
|
|
key->conf.iv_len = WEP_IV_LEN;
|
|
|
|
key->conf.icv_len = WEP_ICV_LEN;
|
|
|
|
break;
|
|
|
|
case ALG_TKIP:
|
|
|
|
key->conf.iv_len = TKIP_IV_LEN;
|
|
|
|
key->conf.icv_len = TKIP_ICV_LEN;
|
2009-05-15 03:38:32 -06:00
|
|
|
if (seq) {
|
2009-05-11 12:57:58 -06:00
|
|
|
for (i = 0; i < NUM_RX_DATA_QUEUES; i++) {
|
|
|
|
key->u.tkip.rx[i].iv32 =
|
|
|
|
get_unaligned_le32(&seq[2]);
|
|
|
|
key->u.tkip.rx[i].iv16 =
|
|
|
|
get_unaligned_le16(seq);
|
|
|
|
}
|
|
|
|
}
|
2008-10-05 10:02:48 -06:00
|
|
|
break;
|
|
|
|
case ALG_CCMP:
|
|
|
|
key->conf.iv_len = CCMP_HDR_LEN;
|
|
|
|
key->conf.icv_len = CCMP_MIC_LEN;
|
2009-05-15 03:38:32 -06:00
|
|
|
if (seq) {
|
2010-06-11 11:27:33 -06:00
|
|
|
for (i = 0; i < NUM_RX_DATA_QUEUES + 1; i++)
|
2009-05-11 12:57:58 -06:00
|
|
|
for (j = 0; j < CCMP_PN_LEN; j++)
|
|
|
|
key->u.ccmp.rx_pn[i][j] =
|
|
|
|
seq[CCMP_PN_LEN - j - 1];
|
|
|
|
}
|
2008-10-05 10:02:48 -06:00
|
|
|
break;
|
2009-01-08 04:32:02 -07:00
|
|
|
case ALG_AES_CMAC:
|
|
|
|
key->conf.iv_len = 0;
|
|
|
|
key->conf.icv_len = sizeof(struct ieee80211_mmie);
|
2009-05-15 03:38:32 -06:00
|
|
|
if (seq)
|
2009-05-11 12:57:58 -06:00
|
|
|
for (j = 0; j < 6; j++)
|
|
|
|
key->u.aes_cmac.rx_pn[j] = seq[6 - j - 1];
|
2009-01-08 04:32:02 -07:00
|
|
|
break;
|
2008-10-05 10:02:48 -06:00
|
|
|
}
|
2007-08-28 15:01:55 -06:00
|
|
|
memcpy(key->conf.key, key_data, key_len);
|
2008-02-27 05:39:00 -07:00
|
|
|
INIT_LIST_HEAD(&key->list);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
|
|
|
if (alg == ALG_CCMP) {
|
|
|
|
/*
|
|
|
|
* Initialize AES key state here as an optimization so that
|
|
|
|
* it does not need to be initialized for every packet.
|
|
|
|
*/
|
|
|
|
key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data);
|
|
|
|
if (!key->u.ccmp.tfm) {
|
2008-04-08 09:56:52 -06:00
|
|
|
kfree(key);
|
2007-08-28 15:01:55 -06:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-01-08 04:32:02 -07:00
|
|
|
if (alg == ALG_AES_CMAC) {
|
|
|
|
/*
|
|
|
|
* Initialize AES key state here as an optimization so that
|
|
|
|
* it does not need to be initialized for every packet.
|
|
|
|
*/
|
|
|
|
key->u.aes_cmac.tfm =
|
|
|
|
ieee80211_aes_cmac_key_setup(key_data);
|
|
|
|
if (!key->u.aes_cmac.tfm) {
|
|
|
|
kfree(key);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
return key;
|
|
|
|
}
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
static void __ieee80211_key_destroy(struct ieee80211_key *key)
|
|
|
|
{
|
|
|
|
if (!key)
|
|
|
|
return;
|
|
|
|
|
|
|
|
ieee80211_key_disable_hw_accel(key);
|
|
|
|
|
|
|
|
if (key->conf.alg == ALG_CCMP)
|
|
|
|
ieee80211_aes_key_free(key->u.ccmp.tfm);
|
|
|
|
if (key->conf.alg == ALG_AES_CMAC)
|
|
|
|
ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
|
|
|
|
ieee80211_debugfs_key_remove(key);
|
|
|
|
|
|
|
|
kfree(key);
|
|
|
|
}
|
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
void ieee80211_key_link(struct ieee80211_key *key,
|
|
|
|
struct ieee80211_sub_if_data *sdata,
|
|
|
|
struct sta_info *sta)
|
|
|
|
{
|
|
|
|
struct ieee80211_key *old_key;
|
|
|
|
int idx;
|
|
|
|
|
|
|
|
BUG_ON(!sdata);
|
|
|
|
BUG_ON(!key);
|
|
|
|
|
|
|
|
idx = key->conf.keyidx;
|
|
|
|
key->local = sdata->local;
|
|
|
|
key->sdata = sdata;
|
|
|
|
key->sta = sta;
|
|
|
|
|
2007-08-28 15:01:55 -06:00
|
|
|
if (sta) {
|
|
|
|
/*
|
|
|
|
* some hardware cannot handle TKIP with QoS, so
|
|
|
|
* we indicate whether QoS could be in use.
|
|
|
|
*/
|
2008-05-02 17:02:02 -06:00
|
|
|
if (test_sta_flags(sta, WLAN_STA_WME))
|
2007-08-28 15:01:55 -06:00
|
|
|
key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA;
|
2008-04-17 13:11:18 -06:00
|
|
|
|
|
|
|
/*
|
|
|
|
* This key is for a specific sta interface,
|
|
|
|
* inform the driver that it should try to store
|
|
|
|
* this key as pairwise key.
|
|
|
|
*/
|
|
|
|
key->conf.flags |= IEEE80211_KEY_FLAG_PAIRWISE;
|
2007-08-28 15:01:55 -06:00
|
|
|
} else {
|
2008-09-10 16:01:58 -06:00
|
|
|
if (sdata->vif.type == NL80211_IFTYPE_STATION) {
|
2007-08-28 15:01:55 -06:00
|
|
|
struct sta_info *ap;
|
|
|
|
|
2008-04-08 09:56:52 -06:00
|
|
|
/*
|
|
|
|
* We're getting a sta pointer in,
|
|
|
|
* so must be under RCU read lock.
|
|
|
|
*/
|
2008-02-25 08:27:46 -07:00
|
|
|
|
2007-08-28 15:01:55 -06:00
|
|
|
/* same here, the AP could be using QoS */
|
2009-11-25 09:46:18 -07:00
|
|
|
ap = sta_info_get(key->sdata, key->sdata->u.mgd.bssid);
|
2007-08-28 15:01:55 -06:00
|
|
|
if (ap) {
|
2008-05-02 17:02:02 -06:00
|
|
|
if (test_sta_flags(ap, WLAN_STA_WME))
|
2007-08-28 15:01:55 -06:00
|
|
|
key->conf.flags |=
|
|
|
|
IEEE80211_KEY_FLAG_WMM_STA;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
mutex_lock(&sdata->local->key_mtx);
|
2008-04-08 09:56:52 -06:00
|
|
|
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
if (sta)
|
2008-02-25 08:27:45 -07:00
|
|
|
old_key = sta->key;
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
else
|
2008-02-25 08:27:45 -07:00
|
|
|
old_key = sdata->keys[idx];
|
|
|
|
|
|
|
|
__ieee80211_key_replace(sdata, sta, old_key, key);
|
2010-06-01 02:19:19 -06:00
|
|
|
__ieee80211_key_destroy(old_key);
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
ieee80211_debugfs_key_add(key);
|
2008-02-25 08:27:45 -07:00
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
ieee80211_key_enable_hw_accel(key);
|
2009-07-01 13:26:43 -06:00
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
mutex_unlock(&sdata->local->key_mtx);
|
2007-07-27 07:43:23 -06:00
|
|
|
}
|
|
|
|
|
2008-04-09 08:45:37 -06:00
|
|
|
static void __ieee80211_key_free(struct ieee80211_key *key)
|
2007-07-27 07:43:23 -06:00
|
|
|
{
|
2008-04-08 09:56:52 -06:00
|
|
|
/*
|
|
|
|
* Replace key with nothingness if it was ever used.
|
|
|
|
*/
|
2008-04-09 08:45:37 -06:00
|
|
|
if (key->sdata)
|
2008-04-08 09:56:52 -06:00
|
|
|
__ieee80211_key_replace(key->sdata, key->sta,
|
|
|
|
key, NULL);
|
2010-06-01 02:19:19 -06:00
|
|
|
__ieee80211_key_destroy(key);
|
2008-04-08 09:56:52 -06:00
|
|
|
}
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
|
2008-04-09 08:45:37 -06:00
|
|
|
void ieee80211_key_free(struct ieee80211_key *key)
|
2008-04-08 09:56:52 -06:00
|
|
|
{
|
2010-06-01 02:19:19 -06:00
|
|
|
struct ieee80211_local *local;
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2008-04-09 08:45:37 -06:00
|
|
|
if (!key)
|
2008-04-08 09:56:52 -06:00
|
|
|
return;
|
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
local = key->sdata->local;
|
2008-06-26 03:13:46 -06:00
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
mutex_lock(&local->key_mtx);
|
2008-04-09 08:45:37 -06:00
|
|
|
__ieee80211_key_free(key);
|
2010-06-01 02:19:19 -06:00
|
|
|
mutex_unlock(&local->key_mtx);
|
2008-04-09 08:45:37 -06:00
|
|
|
}
|
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
|
2008-04-09 08:45:37 -06:00
|
|
|
{
|
|
|
|
struct ieee80211_key *key;
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2008-04-09 08:45:37 -06:00
|
|
|
ASSERT_RTNL();
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2009-12-23 05:15:31 -07:00
|
|
|
if (WARN_ON(!ieee80211_sdata_running(sdata)))
|
2008-04-09 08:45:37 -06:00
|
|
|
return;
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
mutex_lock(&sdata->local->key_mtx);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
list_for_each_entry(key, &sdata->key_list, list)
|
|
|
|
ieee80211_key_enable_hw_accel(key);
|
2008-04-08 09:56:52 -06:00
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
mutex_unlock(&sdata->local->key_mtx);
|
2007-08-28 15:01:55 -06:00
|
|
|
}
|
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata)
|
2007-08-28 15:01:55 -06:00
|
|
|
{
|
|
|
|
struct ieee80211_key *key;
|
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
ASSERT_RTNL();
|
2008-02-25 08:27:45 -07:00
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
mutex_lock(&sdata->local->key_mtx);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
list_for_each_entry(key, &sdata->key_list, list)
|
|
|
|
ieee80211_key_disable_hw_accel(key);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
mutex_unlock(&sdata->local->key_mtx);
|
2008-04-08 09:56:52 -06:00
|
|
|
}
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2008-04-08 09:56:52 -06:00
|
|
|
void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata)
|
|
|
|
{
|
|
|
|
struct ieee80211_key *key, *tmp;
|
2008-02-25 08:27:45 -07:00
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
mutex_lock(&sdata->local->key_mtx);
|
2008-04-08 09:56:52 -06:00
|
|
|
|
|
|
|
ieee80211_debugfs_key_remove_default(sdata);
|
2009-01-08 04:32:02 -07:00
|
|
|
ieee80211_debugfs_key_remove_mgmt_default(sdata);
|
2008-04-08 09:56:52 -06:00
|
|
|
|
|
|
|
list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
|
2008-04-09 08:45:37 -06:00
|
|
|
__ieee80211_key_free(key);
|
2008-04-08 09:56:52 -06:00
|
|
|
|
2010-06-01 02:19:19 -06:00
|
|
|
mutex_unlock(&sdata->local->key_mtx);
|
2007-08-28 15:01:55 -06:00
|
|
|
}
|