2007-07-27 07:43:23 -06:00
|
|
|
/*
|
|
|
|
* Copyright 2002-2005, Instant802 Networks, Inc.
|
|
|
|
* Copyright 2005-2006, Devicescape Software, Inc.
|
|
|
|
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
|
2007-08-28 15:01:55 -06:00
|
|
|
* Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
|
2007-07-27 07:43:23 -06:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*/
|
|
|
|
|
2007-08-28 15:01:55 -06:00
|
|
|
#include <linux/if_ether.h>
|
|
|
|
#include <linux/etherdevice.h>
|
|
|
|
#include <linux/list.h>
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
#include <linux/rcupdate.h>
|
2008-02-25 08:27:45 -07:00
|
|
|
#include <linux/rtnetlink.h>
|
2007-07-27 07:43:23 -06:00
|
|
|
#include <net/mac80211.h>
|
|
|
|
#include "ieee80211_i.h"
|
|
|
|
#include "debugfs_key.h"
|
|
|
|
#include "aes_ccm.h"
|
|
|
|
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2008-02-26 06:34:06 -07:00
|
|
|
/**
|
|
|
|
* DOC: Key handling basics
|
2007-08-28 15:01:55 -06:00
|
|
|
*
|
|
|
|
* Key handling in mac80211 is done based on per-interface (sub_if_data)
|
|
|
|
* keys and per-station keys. Since each station belongs to an interface,
|
|
|
|
* each station key also belongs to that interface.
|
|
|
|
*
|
|
|
|
* Hardware acceleration is done on a best-effort basis, for each key
|
|
|
|
* that is eligible the hardware is asked to enable that key but if
|
|
|
|
* it cannot do that they key is simply kept for software encryption.
|
|
|
|
* There is currently no way of knowing this except by looking into
|
|
|
|
* debugfs.
|
|
|
|
*
|
|
|
|
* All operations here are called under RTNL so no extra locking is
|
|
|
|
* required.
|
2008-02-25 08:27:45 -07:00
|
|
|
*
|
|
|
|
* NOTE: This code requires that sta info *destruction* is done under
|
|
|
|
* RTNL, otherwise it can try to access already freed STA structs
|
|
|
|
* when a STA key is being freed.
|
2007-08-28 15:01:55 -06:00
|
|
|
*/
|
|
|
|
|
|
|
|
static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
|
|
|
|
static const u8 zero_addr[ETH_ALEN];
|
|
|
|
|
|
|
|
static const u8 *get_mac_for_key(struct ieee80211_key *key)
|
|
|
|
{
|
|
|
|
const u8 *addr = bcast_addr;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we're an AP we won't ever receive frames with a non-WEP
|
|
|
|
* group key so we tell the driver that by using the zero MAC
|
|
|
|
* address to indicate a transmit-only key.
|
|
|
|
*/
|
|
|
|
if (key->conf.alg != ALG_WEP &&
|
2007-12-18 17:31:27 -07:00
|
|
|
(key->sdata->vif.type == IEEE80211_IF_TYPE_AP ||
|
|
|
|
key->sdata->vif.type == IEEE80211_IF_TYPE_VLAN))
|
2007-08-28 15:01:55 -06:00
|
|
|
addr = zero_addr;
|
|
|
|
|
|
|
|
if (key->sta)
|
|
|
|
addr = key->sta->addr;
|
|
|
|
|
|
|
|
return addr;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
|
|
|
|
{
|
|
|
|
const u8 *addr;
|
|
|
|
int ret;
|
2007-10-03 18:59:30 -06:00
|
|
|
DECLARE_MAC_BUF(mac);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
|
|
|
if (!key->local->ops->set_key)
|
|
|
|
return;
|
|
|
|
|
2008-03-31 11:23:03 -06:00
|
|
|
/*
|
|
|
|
* This makes sure that all pending flushes have
|
|
|
|
* actually completed prior to uploading new key
|
|
|
|
* material to the hardware. That is necessary to
|
|
|
|
* avoid races between flushing STAs and adding
|
|
|
|
* new keys for them.
|
|
|
|
*/
|
|
|
|
__ieee80211_run_pending_flush(key->local);
|
|
|
|
|
2007-08-28 15:01:55 -06:00
|
|
|
addr = get_mac_for_key(key);
|
|
|
|
|
|
|
|
ret = key->local->ops->set_key(local_to_hw(key->local), SET_KEY,
|
|
|
|
key->sdata->dev->dev_addr, addr,
|
|
|
|
&key->conf);
|
|
|
|
|
|
|
|
if (!ret)
|
|
|
|
key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
|
|
|
|
|
|
|
|
if (ret && ret != -ENOSPC && ret != -EOPNOTSUPP)
|
|
|
|
printk(KERN_ERR "mac80211-%s: failed to set key "
|
2007-10-03 18:59:30 -06:00
|
|
|
"(%d, %s) to hardware (%d)\n",
|
2007-08-28 15:01:55 -06:00
|
|
|
wiphy_name(key->local->hw.wiphy),
|
2007-10-03 18:59:30 -06:00
|
|
|
key->conf.keyidx, print_mac(mac, addr), ret);
|
2007-08-28 15:01:55 -06:00
|
|
|
}
|
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
static void ieee80211_key_mark_hw_accel_off(struct ieee80211_key *key)
|
|
|
|
{
|
|
|
|
if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
|
|
|
|
key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
|
|
|
|
key->flags |= KEY_FLAG_REMOVE_FROM_HARDWARE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-08-28 15:01:55 -06:00
|
|
|
static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
|
|
|
|
{
|
|
|
|
const u8 *addr;
|
|
|
|
int ret;
|
2007-10-03 18:59:30 -06:00
|
|
|
DECLARE_MAC_BUF(mac);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
if (!key || !key->local->ops->set_key)
|
2007-08-28 15:01:55 -06:00
|
|
|
return;
|
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) &&
|
|
|
|
!(key->flags & KEY_FLAG_REMOVE_FROM_HARDWARE))
|
2007-08-28 15:01:55 -06:00
|
|
|
return;
|
|
|
|
|
|
|
|
addr = get_mac_for_key(key);
|
|
|
|
|
|
|
|
ret = key->local->ops->set_key(local_to_hw(key->local), DISABLE_KEY,
|
|
|
|
key->sdata->dev->dev_addr, addr,
|
|
|
|
&key->conf);
|
|
|
|
|
|
|
|
if (ret)
|
|
|
|
printk(KERN_ERR "mac80211-%s: failed to remove key "
|
2007-10-03 18:59:30 -06:00
|
|
|
"(%d, %s) from hardware (%d)\n",
|
2007-08-28 15:01:55 -06:00
|
|
|
wiphy_name(key->local->hw.wiphy),
|
2007-10-03 18:59:30 -06:00
|
|
|
key->conf.keyidx, print_mac(mac, addr), ret);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
key->flags &= ~(KEY_FLAG_UPLOADED_TO_HARDWARE |
|
|
|
|
KEY_FLAG_REMOVE_FROM_HARDWARE);
|
2007-08-28 15:01:55 -06:00
|
|
|
}
|
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg,
|
2007-08-28 15:01:55 -06:00
|
|
|
int idx,
|
|
|
|
size_t key_len,
|
|
|
|
const u8 *key_data)
|
2007-07-27 07:43:23 -06:00
|
|
|
{
|
|
|
|
struct ieee80211_key *key;
|
|
|
|
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
|
|
|
key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
|
2007-07-27 07:43:23 -06:00
|
|
|
if (!key)
|
|
|
|
return NULL;
|
2007-08-28 15:01:55 -06:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Default to software encryption; we'll later upload the
|
|
|
|
* key to the hardware if possible.
|
|
|
|
*/
|
|
|
|
key->conf.flags = 0;
|
|
|
|
key->flags = 0;
|
|
|
|
|
|
|
|
key->conf.alg = alg;
|
|
|
|
key->conf.keyidx = idx;
|
|
|
|
key->conf.keylen = key_len;
|
|
|
|
memcpy(key->conf.key, key_data, key_len);
|
2008-02-27 05:39:00 -07:00
|
|
|
INIT_LIST_HEAD(&key->list);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
|
|
|
if (alg == ALG_CCMP) {
|
|
|
|
/*
|
|
|
|
* Initialize AES key state here as an optimization so that
|
|
|
|
* it does not need to be initialized for every packet.
|
|
|
|
*/
|
|
|
|
key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data);
|
|
|
|
if (!key->u.ccmp.tfm) {
|
|
|
|
ieee80211_key_free(key);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
return key;
|
|
|
|
}
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
|
|
|
|
struct sta_info *sta,
|
|
|
|
struct ieee80211_key *key,
|
|
|
|
struct ieee80211_key *new)
|
|
|
|
{
|
|
|
|
int idx, defkey;
|
|
|
|
|
2008-03-01 11:32:18 -07:00
|
|
|
if (new)
|
|
|
|
list_add(&new->list, &sdata->key_list);
|
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
if (sta) {
|
|
|
|
rcu_assign_pointer(sta->key, new);
|
|
|
|
} else {
|
|
|
|
WARN_ON(new && key && new->conf.keyidx != key->conf.keyidx);
|
|
|
|
|
|
|
|
if (key)
|
|
|
|
idx = key->conf.keyidx;
|
|
|
|
else
|
|
|
|
idx = new->conf.keyidx;
|
|
|
|
|
|
|
|
defkey = key && sdata->default_key == key;
|
|
|
|
|
|
|
|
if (defkey && !new)
|
|
|
|
ieee80211_set_default_key(sdata, -1);
|
|
|
|
|
|
|
|
rcu_assign_pointer(sdata->keys[idx], new);
|
|
|
|
if (defkey && new)
|
|
|
|
ieee80211_set_default_key(sdata, new->conf.keyidx);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (key) {
|
|
|
|
ieee80211_key_mark_hw_accel_off(key);
|
2008-02-27 05:39:00 -07:00
|
|
|
/*
|
|
|
|
* We'll use an empty list to indicate that the key
|
|
|
|
* has already been removed.
|
|
|
|
*/
|
|
|
|
list_del_init(&key->list);
|
2008-02-25 08:27:45 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void ieee80211_key_link(struct ieee80211_key *key,
|
|
|
|
struct ieee80211_sub_if_data *sdata,
|
|
|
|
struct sta_info *sta)
|
|
|
|
{
|
|
|
|
struct ieee80211_key *old_key;
|
|
|
|
int idx;
|
|
|
|
|
|
|
|
ASSERT_RTNL();
|
|
|
|
might_sleep();
|
|
|
|
|
|
|
|
BUG_ON(!sdata);
|
|
|
|
BUG_ON(!key);
|
|
|
|
|
|
|
|
idx = key->conf.keyidx;
|
|
|
|
key->local = sdata->local;
|
|
|
|
key->sdata = sdata;
|
|
|
|
key->sta = sta;
|
|
|
|
|
|
|
|
ieee80211_debugfs_key_add(key->local, key);
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
|
2007-08-28 15:01:55 -06:00
|
|
|
if (sta) {
|
|
|
|
ieee80211_debugfs_key_sta_link(key, sta);
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
|
2007-08-28 15:01:55 -06:00
|
|
|
/*
|
|
|
|
* some hardware cannot handle TKIP with QoS, so
|
|
|
|
* we indicate whether QoS could be in use.
|
|
|
|
*/
|
|
|
|
if (sta->flags & WLAN_STA_WME)
|
|
|
|
key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA;
|
|
|
|
} else {
|
2007-12-18 17:31:27 -07:00
|
|
|
if (sdata->vif.type == IEEE80211_IF_TYPE_STA) {
|
2007-08-28 15:01:55 -06:00
|
|
|
struct sta_info *ap;
|
|
|
|
|
2008-02-25 08:27:46 -07:00
|
|
|
rcu_read_lock();
|
|
|
|
|
2007-08-28 15:01:55 -06:00
|
|
|
/* same here, the AP could be using QoS */
|
|
|
|
ap = sta_info_get(key->local, key->sdata->u.sta.bssid);
|
|
|
|
if (ap) {
|
|
|
|
if (ap->flags & WLAN_STA_WME)
|
|
|
|
key->conf.flags |=
|
|
|
|
IEEE80211_KEY_FLAG_WMM_STA;
|
|
|
|
}
|
2008-02-25 08:27:46 -07:00
|
|
|
|
|
|
|
rcu_read_unlock();
|
2007-08-28 15:01:55 -06:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
if (sta)
|
2008-02-25 08:27:45 -07:00
|
|
|
old_key = sta->key;
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
else
|
2008-02-25 08:27:45 -07:00
|
|
|
old_key = sdata->keys[idx];
|
|
|
|
|
|
|
|
__ieee80211_key_replace(sdata, sta, old_key, key);
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
|
2008-02-27 05:39:00 -07:00
|
|
|
if (old_key) {
|
|
|
|
synchronize_rcu();
|
|
|
|
ieee80211_key_free(old_key);
|
|
|
|
}
|
2008-02-25 08:27:45 -07:00
|
|
|
|
2008-02-27 05:39:00 -07:00
|
|
|
if (netif_running(sdata->dev))
|
|
|
|
ieee80211_key_enable_hw_accel(key);
|
2007-07-27 07:43:23 -06:00
|
|
|
}
|
|
|
|
|
2007-08-28 15:01:54 -06:00
|
|
|
void ieee80211_key_free(struct ieee80211_key *key)
|
2007-07-27 07:43:23 -06:00
|
|
|
{
|
2008-02-25 08:27:45 -07:00
|
|
|
ASSERT_RTNL();
|
|
|
|
might_sleep();
|
|
|
|
|
2007-08-28 15:01:54 -06:00
|
|
|
if (!key)
|
|
|
|
return;
|
2007-07-27 07:43:23 -06:00
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
if (key->sdata) {
|
|
|
|
/*
|
|
|
|
* Replace key with nothingness.
|
|
|
|
*
|
|
|
|
* Because other code may have key reference (RCU protected)
|
|
|
|
* right now, we then wait for a grace period before freeing
|
|
|
|
* it.
|
2008-02-27 05:39:00 -07:00
|
|
|
* An empty list indicates it was never added to the key list
|
|
|
|
* or has been removed already. It may, however, still be in
|
|
|
|
* hardware for acceleration.
|
2008-02-25 08:27:45 -07:00
|
|
|
*/
|
2008-02-27 05:39:00 -07:00
|
|
|
if (!list_empty(&key->list))
|
|
|
|
__ieee80211_key_replace(key->sdata, key->sta,
|
|
|
|
key, NULL);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2008-02-25 08:27:46 -07:00
|
|
|
/*
|
|
|
|
* Do NOT remove this without looking at sta_info_destroy()
|
|
|
|
*/
|
2008-02-25 08:27:45 -07:00
|
|
|
synchronize_rcu();
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
/*
|
|
|
|
* Remove from hwaccel if appropriate, this will
|
|
|
|
* only happen when the key is actually unlinked,
|
|
|
|
* it will already be done when the key was replaced.
|
|
|
|
*/
|
|
|
|
ieee80211_key_disable_hw_accel(key);
|
|
|
|
}
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
|
2007-08-28 15:01:54 -06:00
|
|
|
if (key->conf.alg == ALG_CCMP)
|
2007-07-27 07:43:23 -06:00
|
|
|
ieee80211_aes_key_free(key->u.ccmp.tfm);
|
|
|
|
ieee80211_debugfs_key_remove(key);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
2007-07-27 07:43:23 -06:00
|
|
|
kfree(key);
|
|
|
|
}
|
2007-08-28 15:01:55 -06:00
|
|
|
|
|
|
|
void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx)
|
|
|
|
{
|
|
|
|
struct ieee80211_key *key = NULL;
|
|
|
|
|
|
|
|
if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
|
|
|
|
key = sdata->keys[idx];
|
|
|
|
|
|
|
|
if (sdata->default_key != key) {
|
|
|
|
ieee80211_debugfs_key_remove_default(sdata);
|
|
|
|
|
[MAC80211]: fix race conditions with keys
During receive processing, we select the key long before using it and
because there's no locking it is possible that we kfree() the key
after having selected it but before using it for crypto operations.
Obviously, this is bad.
Secondly, during transmit processing, there are two possible races: We
have a similar race between select_key() and using it for encryption,
but we also have a race here between select_key() and hardware
encryption (both when a key is removed.)
This patch solves these issues by using RCU: when a key is to be freed,
we first remove the pointer from the appropriate places (sdata->keys,
sdata->default_key, sta->key) using rcu_assign_pointer() and then
synchronize_rcu(). Then, we can safely kfree() the key and remove it
from the hardware. There's a window here where the hardware may still
be using it for decryption, but we can't work around that without having
two hardware callbacks, one to disable the key for RX and one to disable
it for TX; but the worst thing that will happen is that we receive a
packet decrypted that we don't find a key for any more and then drop it.
When we add a key, we first need to upload it to the hardware and then,
using rcu_assign_pointer() again, link it into our structures.
In the code using keys (TX/RX paths) we use rcu_dereference() to get the
key and enclose the whole tx/rx section in a rcu_read_lock() ...
rcu_read_unlock() block. Because we've uploaded the key to hardware
before linking it into internal structures, we can guarantee that it is
valid once get to into tx().
One possible race condition remains, however: when we have hardware
acceleration enabled and the driver shuts down the queues, we end up
queueing the frame. If now somebody removes the key, the key will be
removed from hwaccel and then then driver will be asked to encrypt the
frame with a key index that has been removed. Hence, drivers will need
to be aware that the hw_key_index they are passed might not be under
all circumstances. Most drivers will, however, simply ignore that
condition and encrypt the frame with the selected key anyway, this
only results in a frame being encrypted with a wrong key or dropped
(rightfully) because the key was not valid. There isn't much we can
do about it unless we want to walk the pending frame queue every time
a key is removed and remove all frames that used it.
This race condition, however, will most likely be solved once we add
multiqueue support to mac80211 because then frames will be queued
further up the stack instead of after being processed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-14 09:10:24 -06:00
|
|
|
rcu_assign_pointer(sdata->default_key, key);
|
2007-08-28 15:01:55 -06:00
|
|
|
|
|
|
|
if (sdata->default_key)
|
|
|
|
ieee80211_debugfs_key_add_default(sdata);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata)
|
|
|
|
{
|
|
|
|
struct ieee80211_key *key, *tmp;
|
2008-02-25 08:27:45 -07:00
|
|
|
LIST_HEAD(tmp_list);
|
|
|
|
|
|
|
|
ASSERT_RTNL();
|
|
|
|
might_sleep();
|
2007-08-28 15:01:55 -06:00
|
|
|
|
|
|
|
list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
|
|
|
|
ieee80211_key_free(key);
|
|
|
|
}
|
|
|
|
|
|
|
|
void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
|
|
|
|
{
|
|
|
|
struct ieee80211_key *key;
|
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
ASSERT_RTNL();
|
|
|
|
might_sleep();
|
|
|
|
|
|
|
|
if (WARN_ON(!netif_running(sdata->dev)))
|
2007-08-28 15:01:55 -06:00
|
|
|
return;
|
|
|
|
|
|
|
|
list_for_each_entry(key, &sdata->key_list, list)
|
|
|
|
ieee80211_key_enable_hw_accel(key);
|
|
|
|
}
|
|
|
|
|
|
|
|
void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata)
|
|
|
|
{
|
|
|
|
struct ieee80211_key *key;
|
|
|
|
|
2008-02-25 08:27:45 -07:00
|
|
|
ASSERT_RTNL();
|
|
|
|
might_sleep();
|
|
|
|
|
2007-08-28 15:01:55 -06:00
|
|
|
list_for_each_entry(key, &sdata->key_list, list)
|
|
|
|
ieee80211_key_disable_hw_accel(key);
|
|
|
|
}
|