diff mbox series

wifi: brcmfmac: cfg80211: Use WSEC to set SAE password

Message ID 20231107-brcmfmac-wpa3-v1-1-4c7db8636680@marcan.st
State New
Headers show
Series wifi: brcmfmac: cfg80211: Use WSEC to set SAE password | expand

Commit Message

Hector Martin Nov. 7, 2023, 6:05 a.m. UTC
Using the WSEC command instead of sae_password seems to be the supported
mechanism on newer firmware, and also how the brcmdhd driver does it.

According to user reports [1], the sae_password codepath doesn't actually
work on machines with Cypress chips anyway, so no harm in removing it.

This makes WPA3 work with iwd, or with wpa_supplicant pending a support
patchset [2].

[1] https://rachelbythebay.com/w/2023/11/06/wpa3/
[2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html

Signed-off-by: Hector Martin <marcan@marcan.st>
---
 .../broadcom/brcm80211/brcmfmac/cfg80211.c         | 46 +++++++++-------------
 .../broadcom/brcm80211/brcmfmac/fwil_types.h       |  2 +-
 2 files changed, 20 insertions(+), 28 deletions(-)


---
base-commit: ffc253263a1375a65fa6c9f62a893e9767fbebfa
change-id: 20231107-brcmfmac-wpa3-9e5f66e8be34

Best regards,

Comments

Neal Gompa Nov. 8, 2023, 11:12 a.m. UTC | #1
On Tue, Nov 7, 2023 at 1:06 AM Hector Martin <marcan@marcan.st> wrote:
>
> Using the WSEC command instead of sae_password seems to be the supported
> mechanism on newer firmware, and also how the brcmdhd driver does it.
>
> According to user reports [1], the sae_password codepath doesn't actually
> work on machines with Cypress chips anyway, so no harm in removing it.
>
> This makes WPA3 work with iwd, or with wpa_supplicant pending a support
> patchset [2].
>
> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/
> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
>
> Signed-off-by: Hector Martin <marcan@marcan.st>
> ---
>  .../broadcom/brcm80211/brcmfmac/cfg80211.c         | 46 +++++++++-------------
>  .../broadcom/brcm80211/brcmfmac/fwil_types.h       |  2 +-
>  2 files changed, 20 insertions(+), 28 deletions(-)
>
> diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> index 2a90bb24ba77..138af70a33b8 100644
> --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> @@ -1687,52 +1687,44 @@ static u16 brcmf_map_fw_linkdown_reason(const struct brcmf_event_msg *e)
>         return reason;
>  }
>
> -static int brcmf_set_pmk(struct brcmf_if *ifp, const u8 *pmk_data, u16 pmk_len)
> +static int brcmf_set_wsec(struct brcmf_if *ifp, const u8 *key, u16 key_len, u16 flags)
>  {
>         struct brcmf_pub *drvr = ifp->drvr;
>         struct brcmf_wsec_pmk_le pmk;
>         int err;
>
> +       if (key_len > sizeof(pmk.key)) {
> +               bphy_err(drvr, "key must be less than %zu bytes\n",
> +                        sizeof(pmk.key));
> +               return -EINVAL;
> +       }
> +
>         memset(&pmk, 0, sizeof(pmk));
>
> -       /* pass pmk directly */
> -       pmk.key_len = cpu_to_le16(pmk_len);
> -       pmk.flags = cpu_to_le16(0);
> -       memcpy(pmk.key, pmk_data, pmk_len);
> +       /* pass key material directly */
> +       pmk.key_len = cpu_to_le16(key_len);
> +       pmk.flags = cpu_to_le16(flags);
> +       memcpy(pmk.key, key, key_len);
>
> -       /* store psk in firmware */
> +       /* store key material in firmware */
>         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_WSEC_PMK,
>                                      &pmk, sizeof(pmk));
>         if (err < 0)
>                 bphy_err(drvr, "failed to change PSK in firmware (len=%u)\n",
> -                        pmk_len);
> +                        key_len);
>
>         return err;
>  }
>
> +static int brcmf_set_pmk(struct brcmf_if *ifp, const u8 *pmk_data, u16 pmk_len)
> +{
> +       return brcmf_set_wsec(ifp, pmk_data, pmk_len, 0);
> +}
> +
>  static int brcmf_set_sae_password(struct brcmf_if *ifp, const u8 *pwd_data,
>                                   u16 pwd_len)
>  {
> -       struct brcmf_pub *drvr = ifp->drvr;
> -       struct brcmf_wsec_sae_pwd_le sae_pwd;
> -       int err;
> -
> -       if (pwd_len > BRCMF_WSEC_MAX_SAE_PASSWORD_LEN) {
> -               bphy_err(drvr, "sae_password must be less than %d\n",
> -                        BRCMF_WSEC_MAX_SAE_PASSWORD_LEN);
> -               return -EINVAL;
> -       }
> -
> -       sae_pwd.key_len = cpu_to_le16(pwd_len);
> -       memcpy(sae_pwd.key, pwd_data, pwd_len);
> -
> -       err = brcmf_fil_iovar_data_set(ifp, "sae_password", &sae_pwd,
> -                                      sizeof(sae_pwd));
> -       if (err < 0)
> -               bphy_err(drvr, "failed to set SAE password in firmware (len=%u)\n",
> -                        pwd_len);
> -
> -       return err;
> +       return brcmf_set_wsec(ifp, pwd_data, pwd_len, BRCMF_WSEC_PASSPHRASE);
>  }
>
>  static void brcmf_link_down(struct brcmf_cfg80211_vif *vif, u16 reason,
> diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
> index 611d1a6aabb9..b68c46caabe8 100644
> --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
> +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
> @@ -584,7 +584,7 @@ struct brcmf_wsec_key_le {
>  struct brcmf_wsec_pmk_le {
>         __le16  key_len;
>         __le16  flags;
> -       u8 key[2 * BRCMF_WSEC_MAX_PSK_LEN + 1];
> +       u8 key[BRCMF_WSEC_MAX_SAE_PASSWORD_LEN];
>  };
>
>  /**
>
> ---
> base-commit: ffc253263a1375a65fa6c9f62a893e9767fbebfa
> change-id: 20231107-brcmfmac-wpa3-9e5f66e8be34
>
> Best regards,
> --
> Hector Martin <marcan@marcan.st>
>
>

Looks good to me.

Reviewed-by: Neal Gompa <neal@gompa.dev>



--
真実はいつも一つ!/ Always, there's only one truth!
Kalle Valo Dec. 17, 2023, 11:25 a.m. UTC | #2
Hector Martin <marcan@marcan.st> wrote:

> Using the WSEC command instead of sae_password seems to be the supported
> mechanism on newer firmware, and also how the brcmdhd driver does it.
> 
> According to user reports [1], the sae_password codepath doesn't actually
> work on machines with Cypress chips anyway, so no harm in removing it.
> 
> This makes WPA3 work with iwd, or with wpa_supplicant pending a support
> patchset [2].
> 
> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/
> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
> 
> Signed-off-by: Hector Martin <marcan@marcan.st>
> Reviewed-by: Neal Gompa <neal@gompa.dev>

Arend, what do you think?

We recently talked about people testing brcmfmac patches, has anyone else
tested this?
Arend van Spriel Dec. 19, 2023, 8:52 a.m. UTC | #3
On December 17, 2023 12:25:23 PM Kalle Valo <kvalo@kernel.org> wrote:

> Hector Martin <marcan@marcan.st> wrote:
>
>> Using the WSEC command instead of sae_password seems to be the supported
>> mechanism on newer firmware, and also how the brcmdhd driver does it.
>>
>> According to user reports [1], the sae_password codepath doesn't actually
>> work on machines with Cypress chips anyway, so no harm in removing it.
>>
>> This makes WPA3 work with iwd, or with wpa_supplicant pending a support
>> patchset [2].
>>
>> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/
>> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
>>
>> Signed-off-by: Hector Martin <marcan@marcan.st>
>> Reviewed-by: Neal Gompa <neal@gompa.dev>
>
> Arend, what do you think?
>
> We recently talked about people testing brcmfmac patches, has anyone else
> tested this?

Not sure I already replied so maybe I am repeating myself. I would prefer 
to keep the Cypress sae_password path as well although it reportedly does 
not work. The vendor support in the driver can be used to accommodate for 
that. The other option would be to have people with Cypress chipset test 
this patch. If that works for both we can consider dropping the 
sae_password path.

Regards,
Arend

> --
> https://patchwork.kernel.org/project/linux-wireless/patch/20231107-brcmfmac-wpa3-v1-1-4c7db8636680@marcan.st/
>
> https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Kalle Valo Dec. 19, 2023, 8:57 a.m. UTC | #4
Arend Van Spriel <arend.vanspriel@broadcom.com> writes:

> On December 17, 2023 12:25:23 PM Kalle Valo <kvalo@kernel.org> wrote:
>
>> Hector Martin <marcan@marcan.st> wrote:
>>
>>> Using the WSEC command instead of sae_password seems to be the supported
>>> mechanism on newer firmware, and also how the brcmdhd driver does it.
>>>
>>> According to user reports [1], the sae_password codepath doesn't actually
>>> work on machines with Cypress chips anyway, so no harm in removing it.
>>>
>>> This makes WPA3 work with iwd, or with wpa_supplicant pending a support
>>> patchset [2].
>>>
>>> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/
>>> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
>>>
>>> Signed-off-by: Hector Martin <marcan@marcan.st>
>>> Reviewed-by: Neal Gompa <neal@gompa.dev>
>>
>> Arend, what do you think?
>>
>> We recently talked about people testing brcmfmac patches, has anyone else
>> tested this?
>
> Not sure I already replied so maybe I am repeating myself. I would
> prefer to keep the Cypress sae_password path as well although it
> reportedly does not work. The vendor support in the driver can be used
> to accommodate for that. The other option would be to have people with
> Cypress chipset test this patch. If that works for both we can
> consider dropping the sae_password path.

Ok, thanks for checking.
Hector Martin Dec. 19, 2023, 11:01 a.m. UTC | #5
On 2023/12/19 17:52, Arend Van Spriel wrote:
> On December 17, 2023 12:25:23 PM Kalle Valo <kvalo@kernel.org> wrote:
> 
>> Hector Martin <marcan@marcan.st> wrote:
>>
>>> Using the WSEC command instead of sae_password seems to be the supported
>>> mechanism on newer firmware, and also how the brcmdhd driver does it.
>>>
>>> According to user reports [1], the sae_password codepath doesn't actually
>>> work on machines with Cypress chips anyway, so no harm in removing it.
>>>
>>> This makes WPA3 work with iwd, or with wpa_supplicant pending a support
>>> patchset [2].
>>>
>>> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/
>>> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
>>>
>>> Signed-off-by: Hector Martin <marcan@marcan.st>
>>> Reviewed-by: Neal Gompa <neal@gompa.dev>
>>
>> Arend, what do you think?
>>
>> We recently talked about people testing brcmfmac patches, has anyone else
>> tested this?
> 
> Not sure I already replied so maybe I am repeating myself. I would prefer 
> to keep the Cypress sae_password path as well although it reportedly does 
> not work. The vendor support in the driver can be used to accommodate for 
> that. The other option would be to have people with Cypress chipset test 
> this patch. If that works for both we can consider dropping the 
> sae_password path.
> 
> Regards,
> Arend

So, if nobody from Cypress chimes in ever, and nobody cares nor tests
Cypress chipsets, are we keeping any and all existing Cypress code-paths
as bitrotting code forever and adding gratuitous conditionals every time
any functionality needs to change "just in case it breaks Cypress" even
though it has been tested compatible on Broadcom chipsets/firmware?

Because that's not sustainable long term.

- Hector
Arend van Spriel Dec. 19, 2023, 1:46 p.m. UTC | #6
On 12/19/2023 12:01 PM, Hector Martin wrote:
> 
> 
> On 2023/12/19 17:52, Arend Van Spriel wrote:
>> On December 17, 2023 12:25:23 PM Kalle Valo <kvalo@kernel.org> wrote:
>>
>>> Hector Martin <marcan@marcan.st> wrote:
>>>
>>>> Using the WSEC command instead of sae_password seems to be the supported
>>>> mechanism on newer firmware, and also how the brcmdhd driver does it.
>>>>
>>>> According to user reports [1], the sae_password codepath doesn't actually
>>>> work on machines with Cypress chips anyway, so no harm in removing it.
>>>>
>>>> This makes WPA3 work with iwd, or with wpa_supplicant pending a support
>>>> patchset [2].
>>>>
>>>> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/
>>>> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
>>>>
>>>> Signed-off-by: Hector Martin <marcan@marcan.st>
>>>> Reviewed-by: Neal Gompa <neal@gompa.dev>
>>>
>>> Arend, what do you think?
>>>
>>> We recently talked about people testing brcmfmac patches, has anyone else
>>> tested this?
>>
>> Not sure I already replied so maybe I am repeating myself. I would prefer
>> to keep the Cypress sae_password path as well although it reportedly does
>> not work. The vendor support in the driver can be used to accommodate for
>> that. The other option would be to have people with Cypress chipset test
>> this patch. If that works for both we can consider dropping the
>> sae_password path.
>>
>> Regards,
>> Arend
> 
> So, if nobody from Cypress chimes in ever, and nobody cares nor tests
> Cypress chipsets, are we keeping any and all existing Cypress code-paths
> as bitrotting code forever and adding gratuitous conditionals every time
> any functionality needs to change "just in case it breaks Cypress" even
> though it has been tested compatible on Broadcom chipsets/firmware?
> 
> Because that's not sustainable long term.

You should look into WEXT just for the fun of it. If it were up to me 
and a bunch of other people that would have been gone decades ago. Maybe 
a bad example if the sae_password is indeed not working, but the Cypress 
chipset is used in RPi3 and RPi4 so there must be a couple of users.

Regards,
Arend

Regards,
Arend
Julian Calaby Dec. 19, 2023, 2:26 p.m. UTC | #7
Hi Arend and Kalle,

On Wed, Dec 20, 2023 at 12:47 AM Arend van Spriel
<arend.vanspriel@broadcom.com> wrote:
>
> On 12/19/2023 12:01 PM, Hector Martin wrote:
> >
> >
> > On 2023/12/19 17:52, Arend Van Spriel wrote:
> >> On December 17, 2023 12:25:23 PM Kalle Valo <kvalo@kernel.org> wrote:
> >>
> >>> Hector Martin <marcan@marcan.st> wrote:
> >>>
> >>>> Using the WSEC command instead of sae_password seems to be the supported
> >>>> mechanism on newer firmware, and also how the brcmdhd driver does it.
> >>>>
> >>>> According to user reports [1], the sae_password codepath doesn't actually
> >>>> work on machines with Cypress chips anyway, so no harm in removing it.
> >>>>
> >>>> This makes WPA3 work with iwd, or with wpa_supplicant pending a support
> >>>> patchset [2].
> >>>>
> >>>> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/
> >>>> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
> >>>>
> >>>> Signed-off-by: Hector Martin <marcan@marcan.st>
> >>>> Reviewed-by: Neal Gompa <neal@gompa.dev>
> >>>
> >>> Arend, what do you think?
> >>>
> >>> We recently talked about people testing brcmfmac patches, has anyone else
> >>> tested this?
> >>
> >> Not sure I already replied so maybe I am repeating myself. I would prefer
> >> to keep the Cypress sae_password path as well although it reportedly does
> >> not work. The vendor support in the driver can be used to accommodate for
> >> that. The other option would be to have people with Cypress chipset test
> >> this patch. If that works for both we can consider dropping the
> >> sae_password path.
> >>
> >> Regards,
> >> Arend
> >
> > So, if nobody from Cypress chimes in ever, and nobody cares nor tests
> > Cypress chipsets, are we keeping any and all existing Cypress code-paths
> > as bitrotting code forever and adding gratuitous conditionals every time
> > any functionality needs to change "just in case it breaks Cypress" even
> > though it has been tested compatible on Broadcom chipsets/firmware?
> >
> > Because that's not sustainable long term.
>
> You should look into WEXT just for the fun of it. If it were up to me
> and a bunch of other people that would have been gone decades ago. Maybe
> a bad example if the sae_password is indeed not working, but the Cypress
> chipset is used in RPi3 and RPi4 so there must be a couple of users.

There are reports that WPA3 is broken on the Cypress chipsets the
Raspberry Pis are using and this patch fixes it:
https://rachelbythebay.com/w/2023/11/06/wpa3/

Based on that, it appears that all known users of WPA3 capable
hardware with this driver require this fix.

Thanks,
Kalle Valo Dec. 19, 2023, 2:42 p.m. UTC | #8
Daniel Berlin <dberlin@dberlin.org> writes:

> On Tue, Dec 19, 2023 at 7:46 AM Arend van Spriel <arend.vanspriel@broadcom.com> wrote:
>
>  On 12/19/2023 12:01 PM, Hector Martin wrote:
>  > 
>  > 
>  > On 2023/12/19 17:52, Arend Van Spriel wrote:
>  >> On December 17, 2023 12:25:23 PM Kalle Valo <kvalo@kernel.org> wrote:
>  >>
>  >>> Hector Martin <marcan@marcan.st> wrote:
>  >>>
>  >>>> Using the WSEC command instead of sae_password seems to be the supported
>  >>>> mechanism on newer firmware, and also how the brcmdhd driver does it.
>  >>>>
>  >>>> According to user reports [1], the sae_password codepath doesn't actually
>  >>>> work on machines with Cypress chips anyway, so no harm in removing it.
>  >>>>
>  >>>> This makes WPA3 work with iwd, or with wpa_supplicant pending a support
>  >>>> patchset [2].
>  >>>>
>  >>>> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/
>  >>>> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
>  >>>>
>  >>>> Signed-off-by: Hector Martin <marcan@marcan.st>
>  >>>> Reviewed-by: Neal Gompa <neal@gompa.dev>
>  >>>
>  >>> Arend, what do you think?
>  >>>
>  >>> We recently talked about people testing brcmfmac patches, has anyone else
>  >>> tested this?
>  >>
>  >> Not sure I already replied so maybe I am repeating myself. I would prefer
>  >> to keep the Cypress sae_password path as well although it reportedly does
>  >> not work. The vendor support in the driver can be used to accommodate for
>  >> that. The other option would be to have people with Cypress chipset test
>  >> this patch. If that works for both we can consider dropping the
>  >> sae_password path.
>  >>
>  >> Regards,
>  >> Arend
>  > 
>  > So, if nobody from Cypress chimes in ever, and nobody cares nor tests
>  > Cypress chipsets, are we keeping any and all existing Cypress code-paths
>  > as bitrotting code forever and adding gratuitous conditionals every time
>  > any functionality needs to change "just in case it breaks Cypress" even
>  > though it has been tested compatible on Broadcom chipsets/firmware?
>  > 
>  > Because that's not sustainable long term.
>
>  You should look into WEXT just for the fun of it. If it were up to me 
>  and a bunch of other people that would have been gone decades ago. Maybe 
>  a bad example if the sae_password is indeed not working, but the Cypress 
>  chipset is used in RPi3 and RPi4 so there must be a couple of users.
>
> None of this refutes what he said
>
> We already know it doesn't work for the rpi3/4 users because they are
> blogging about it. The fact that you (not personally but as a
> maintainer) don't know what works for who or doesn't is part of the
> issue. Who are the users who this is for, how are you getting feedback
> on what is working or not, how are you testing that it stays working?
>
> I'm with Hector - this approach has mainly resulted in a driver that
> kind of works for some people with no rhyme or reason - but nobody
> knows who and what works for them. This isn't sustainable. You need
> testing and feedback loops from some defined populations.
>
> Of course, This will all become moot as we argue about it - more and
> more is breaking for more and more people (for example, management
> frames are totally broken on newer chips because we silently assume
> version 1).
>
> The driver is about one real upgrade cycle away from not working, in
> current form, for the vast majority of its users.
>
> One would hope we don't sit and argue about how to support the future
> while waiting for that to happen, instead we should be moving the
> driver forward. If we need to worry about specific older chip users,
> we should name who they are, how many there are, and what the limits
> of support are. We should then talk about the best way to support them
> while still moving the world forward.

Why is it that every patch Hector submits seems to end up with flame
wars? Look, we have a lot to do and please understand that our time is
limited. PLEASE listen to the review feedback and try to fix the patches
for the next review round, so that we can get this patch applied and
move forward.

And also these "we know better than you do" comments from people who
clearly are not really familiar with Linux wireless project, or even
kernel development, are not helping. Especially if it's in an HTML mail
(which our lists automatically drop).
Hector Martin Dec. 20, 2023, 12:06 a.m. UTC | #9
On 2023/12/19 23:42, Kalle Valo wrote:
> Daniel Berlin <dberlin@dberlin.org> writes:
> 
>> On Tue, Dec 19, 2023 at 7:46 AM Arend van Spriel <arend.vanspriel@broadcom.com> wrote:
>>
>>  On 12/19/2023 12:01 PM, Hector Martin wrote:
>>  > 
>>  > 
>>  > On 2023/12/19 17:52, Arend Van Spriel wrote:
>>  >> On December 17, 2023 12:25:23 PM Kalle Valo <kvalo@kernel.org> wrote:
>>  >>
>>  >>> Hector Martin <marcan@marcan.st> wrote:
>>  >>>
>>  >>>> Using the WSEC command instead of sae_password seems to be the supported
>>  >>>> mechanism on newer firmware, and also how the brcmdhd driver does it.
>>  >>>>
>>  >>>> According to user reports [1], the sae_password codepath doesn't actually
>>  >>>> work on machines with Cypress chips anyway, so no harm in removing it.
>>  >>>>
>>  >>>> This makes WPA3 work with iwd, or with wpa_supplicant pending a support
>>  >>>> patchset [2].
>>  >>>>
>>  >>>> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/
>>  >>>> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
>>  >>>>
>>  >>>> Signed-off-by: Hector Martin <marcan@marcan.st>
>>  >>>> Reviewed-by: Neal Gompa <neal@gompa.dev>
>>  >>>
>>  >>> Arend, what do you think?
>>  >>>
>>  >>> We recently talked about people testing brcmfmac patches, has anyone else
>>  >>> tested this?
>>  >>
>>  >> Not sure I already replied so maybe I am repeating myself. I would prefer
>>  >> to keep the Cypress sae_password path as well although it reportedly does
>>  >> not work. The vendor support in the driver can be used to accommodate for
>>  >> that. The other option would be to have people with Cypress chipset test
>>  >> this patch. If that works for both we can consider dropping the
>>  >> sae_password path.
>>  >>
>>  >> Regards,
>>  >> Arend
>>  > 
>>  > So, if nobody from Cypress chimes in ever, and nobody cares nor tests
>>  > Cypress chipsets, are we keeping any and all existing Cypress code-paths
>>  > as bitrotting code forever and adding gratuitous conditionals every time
>>  > any functionality needs to change "just in case it breaks Cypress" even
>>  > though it has been tested compatible on Broadcom chipsets/firmware?
>>  > 
>>  > Because that's not sustainable long term.
>>
>>  You should look into WEXT just for the fun of it. If it were up to me 
>>  and a bunch of other people that would have been gone decades ago. Maybe 
>>  a bad example if the sae_password is indeed not working, but the Cypress 
>>  chipset is used in RPi3 and RPi4 so there must be a couple of users.
>>
>> None of this refutes what he said
>>
>> We already know it doesn't work for the rpi3/4 users because they are
>> blogging about it. The fact that you (not personally but as a
>> maintainer) don't know what works for who or doesn't is part of the
>> issue. Who are the users who this is for, how are you getting feedback
>> on what is working or not, how are you testing that it stays working?
>>
>> I'm with Hector - this approach has mainly resulted in a driver that
>> kind of works for some people with no rhyme or reason - but nobody
>> knows who and what works for them. This isn't sustainable. You need
>> testing and feedback loops from some defined populations.
>>
>> Of course, This will all become moot as we argue about it - more and
>> more is breaking for more and more people (for example, management
>> frames are totally broken on newer chips because we silently assume
>> version 1).
>>
>> The driver is about one real upgrade cycle away from not working, in
>> current form, for the vast majority of its users.
>>
>> One would hope we don't sit and argue about how to support the future
>> while waiting for that to happen, instead we should be moving the
>> driver forward. If we need to worry about specific older chip users,
>> we should name who they are, how many there are, and what the limits
>> of support are. We should then talk about the best way to support them
>> while still moving the world forward.
> 
> Why is it that every patch Hector submits seems to end up with flame
> wars?

Perhaps because this driver has approximately 0.1 direct maintainers
right now whose contributions are largely hem and hawing about things
without providing any real sustainable solutions, and your amazing
additions as the Wireless upstream maintainer have been things like
nitpicking whether or not I should use "v2:" in commit messages.

Just recently a patch was posted to remove the Infineon list from
MAINTAINERS because that company cares so little they have literally
stopped accepting emails from us. Meanwhile they are telling their
customers that they do not recommend upstream brcmfmac and they should
use their downstream driver [1].

As a reminder, the last patch authored by the sole (barely) active
maintainer of this driver was almost a year ago. The other two Broadcom
folks in MAINTAINERS haven't done anything in years. Arend himself has
admitted he only gets 20% time to work on this and it never actually
reaches anywhere near 20%.

Meanwhile Daniel here has been revamping large chunks of the driver
downstream, and fixing major longstanding issues with an intent to
upstream. But apparently his opinion doesn't matter.

Hey Linus, you have an M2 MacBook Air, right? I assume you want WiFi to
work on it properly upstream some day. With the dismal state of brcmfmac
maintainership, and with the disdain the people involved have for the
people *actually* doing the work on the driver and trying to get
everything upstream, that is never going to happen at this rate. Care to
chime in?

As far as I'm concerned, Cypress support should be ifdeffed out behind a
Kconfig flag marked BROKEN. If someone cares about it, they better step
up to maintain it and actually test things. We can't have companies
submitting device support patches and then checking out and abandoning
them and expect the remaining people actually working on the driver to
tiptoe around their code "just in case we break them" with no way to
actually test anything or properly support those chips. Even the
Raspberry Pi folks have been silent other than some empty words and no
actual action, so far. You'd think they'd care a bit more about shipping
hardware with zero actual upstream maintainer support, but apparently
they don't.

[1]
https://community.infineon.com/t5/AIROC-Wi-Fi-and-Wi-Fi-Bluetooth/Queries-re-linux-in-tree-driver-for-Infineon-Wifi-BT-controllers/td-p/354857

- Hector
Linus Torvalds Dec. 20, 2023, 1:44 a.m. UTC | #10
On Tue, 19 Dec 2023 at 16:06, Hector Martin <marcan@marcan.st> wrote:
>
> On 2023/12/19 23:42, Kalle Valo wrote:
> >
> > Why is it that every patch Hector submits seems to end up with flame
> > wars?

Well, I do think some of it is Hector's personality and forceful
approaches, but I do think part of it is also the area in question.

Because I do agree with Hector that..

> Just recently a patch was posted to remove the Infineon list from
> MAINTAINERS because that company cares so little they have literally
> stopped accepting emails from us. Meanwhile they are telling their
> customers that they do not recommend upstream brcmfmac and they should
> use their downstream driver [1].

Unquestionably broadcom is not helping maintain things, and I think it
should matter.

As Hector says, they point to their random driver dumps on their site
that you can't even download unless you are a "Broadcom community
member" or whatever, and hey - any company that works that way should
be seen as pretty much hostile to any actual maintenance and proper
development.

If Daniel and Hector are responsive to actual problem reports for the
changes they cause, I do think that should count a lot.

I don't think Cypress support should necessarily be removed (or marked
broken), but if the sae_password code already doesn't work, _that_
part certainly shouldn't hold things up?

Put another way: if we effectively don't have a driver maintainer that
can test things, and somebody is willing to step up, shouldn't we take
that person up on it?

                  Linus
Hector Martin Dec. 20, 2023, 4:16 a.m. UTC | #11
On 2023/12/20 10:44, Linus Torvalds wrote:
> On Tue, 19 Dec 2023 at 16:06, Hector Martin <marcan@marcan.st> wrote:
>>
>> On 2023/12/19 23:42, Kalle Valo wrote:
>>>
>>> Why is it that every patch Hector submits seems to end up with flame
>>> wars?
> 
> Well, I do think some of it is Hector's personality and forceful
> approaches, but I do think part of it is also the area in question.
> 
> Because I do agree with Hector that..
> 
>> Just recently a patch was posted to remove the Infineon list from
>> MAINTAINERS because that company cares so little they have literally
>> stopped accepting emails from us. Meanwhile they are telling their
>> customers that they do not recommend upstream brcmfmac and they should
>> use their downstream driver [1].
> 
> Unquestionably broadcom is not helping maintain things, and I think it
> should matter.
> 
> As Hector says, they point to their random driver dumps on their site
> that you can't even download unless you are a "Broadcom community
> member" or whatever, and hey - any company that works that way should
> be seen as pretty much hostile to any actual maintenance and proper
> development.
> 
> If Daniel and Hector are responsive to actual problem reports for the
> changes they cause, I do think that should count a lot.

Of course we're happy to do that. If this change goes in and we get an
actual report of breakage from someone, we'll have learned some very
valuable information: That there is, in fact, an end-user use case
(hardware/firmware/AP setting combination) where this code functions and
matters, and perhaps we'll have found someone willing to test things in
the future. Then we revert and rework the patch to keep the old code
path alive in that case.

The report will also give us valuable information about how to condition
it, because e.g. right now we don't even know if the sae_password code
works on any Cypress chips/firmwares at all, or conversely whether the
new WSEC code rather makes things work on some subset of Cypress
chips/firmwares instead. It is largely a mystery to everyone outside of
Broadcom and Cypress how that whole corporate division fork worked and
when and how the firmwares started diverging (never mind how Apple's
Broadcom firmwares may themselves differ).

It's the "don't touch it just in case" approach that is not sustainable,
because then we'll just be accumulating technical debt without the
slightest clue whether it even does anything useful or not, and
needlessly setting back development on the other and newer chips.

All this would, of course, be much easier if the vendor actually replied
to our emails, since evidently they know what chips/firmware branches
might have support for this, but even before Cypress names got removed
from MAINTAINERS I was already getting radio silence from them when I
asked questions like this, and even on the Broadcom side I had trouble
getting Arend to answer simple questions. Ultimately, with minimal to no
vendor cooperation, this driver becomes a reverse engineered, community
supported driver, with the inevitable gaps in testing and support that
entails when we don't have the information the manufacturers do, and
people need to understand the consequences of that. If the manufacturers
aren't stepping up to do their job, other members of the community (or
customers of those vendors) need to do so if there are hardware
configurations they rely on, because Daniel and I can't sign up to
proactively maintain and test every single Broadcom and Cypress/Infineon
chip out there. We don't have the hardware, nor do we have that kind of
bandwidth/time. Support for hardware that no maintainer/developer is
proactively testing will necessarily fall back to being reactive to
regression reports.

> I don't think Cypress support should necessarily be removed (or marked
> broken), but if the sae_password code already doesn't work, _that_
> part certainly shouldn't hold things up?
> 
> Put another way: if we effectively don't have a driver maintainer that
> can test things, and somebody is willing to step up, shouldn't we take
> that person up on it?

Personally, I do think the rPi folks themselves should step up for
*testing* at the very least. I did point them at our downstream WiFi
branch at one point during a previous discussion and haven't heard back,
so either they never tested it, or they did and it didn't break
anything. If they're shipping popular Linux hardware where the WiFi
chipset vendor has fully and completely checked out of any upstream
support, they need to either accept that upstream support will likely
break at some point (because that's just what happens when nobody cares
about a given piece of hardware, especially with drivers shared across
others like this one) or they need to proactively step up and take on,
minimally, an early testing role themselves.

- Hector
Paul Fertser Dec. 20, 2023, 10:16 a.m. UTC | #12
Hey Hector,

On Tue, Nov 07, 2023 at 03:05:31PM +0900, Hector Martin wrote:
> Using the WSEC command instead of sae_password seems to be the supported
> mechanism on newer firmware, and also how the brcmdhd driver does it.
> 
> According to user reports [1], the sae_password codepath doesn't actually
> work on machines with Cypress chips anyway, so no harm in removing it.

I'm sorry to disappoint you but I've just tested this patch on a
"Pinebook Pro" which has AP6255 module and it broke WPA3 Personal.

No error messages are emitted to the kernel log, just iwctl saying it
can't establish connection.

This is using "Cypress" firmware from the Linux firmware tree [0]
renamed to "brcmfmac43455-sdio.bin" which has the following features
(extracted from last two lines):

43455c0-roml/43455_sdio-pno-aoe-pktfilter-pktctx-wfds-mfp-dfsradar-wowlpf-idsup-idauth-noclminc-clm_min-obss-obssdump-swdiv-gtkoe-roamprof-txbf-ve-sae-dpp-sr-okc-bpd Version: 7.45.234 (4ca95bb CY) CRC: 212e223d Date: Thu 2021-04-15 03:06:00 PDT Ucode Ver: 1043.2161 FWID 01-996384e2
DVID 01-1fda2915


This module is used on many SBCs, including some RaspberryPi
boards. The reason RaspberryPi owners complain about lack of WPA3
Personal support is that most of them are using obscure downstream
distros which ship brcmfmac firmware from somewhere else rather than
the Linux firmware tree, so they lack the "sae" feature. Another is
that it only works with iwd while default is wpa_supplicant.

So far all known reports of those who tried the right firmware on
RaspberryPi boards confirm WPA3 Personal was working with iwd [1].


I'll be happy to do more testing if needed. Thank you very much for
your hard and insightful work!


[0] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/cypress/cyfmac43455-sdio.bin
[1] https://github.com/raspberrypi/linux/issues/4718#issuecomment-1279951709
Kalle Valo Dec. 20, 2023, 10:20 a.m. UTC | #13
Linus Torvalds <torvalds@linux-foundation.org> writes:

>> Just recently a patch was posted to remove the Infineon list from
>> MAINTAINERS because that company cares so little they have literally
>> stopped accepting emails from us. Meanwhile they are telling their
>> customers that they do not recommend upstream brcmfmac and they should
>> use their downstream driver [1].
>
> Unquestionably broadcom is not helping maintain things, and I think it
> should matter.
>
> As Hector says, they point to their random driver dumps on their site
> that you can't even download unless you are a "Broadcom community
> member" or whatever, and hey - any company that works that way should
> be seen as pretty much hostile to any actual maintenance and proper
> development.

Sadly this is the normal in the wireless world. All vendors focus on the
latest generation, currently it's Wi-Fi 7, and lose interest on older
generations. And vendors lose focus on the upstream drivers even faster,
usually after a customer project ends.

So in practise what we try to do is keep the drivers working somehow on
our own, even after the vendors are long gone. If we would deliberately
allow breaking drivers because vendor/corporations don't support us, I
suspect we would have sevaral broken drivers in upstream.

> If Daniel and Hector are responsive to actual problem reports for the
> changes they cause, I do think that should count a lot.

Sure, but they could also respect to the review comments. I find Arend's
proposal is reasonable and that's what I would implement in v2. We
(linux-wireless) make abstractions to workaround firmware problems or
interface conflicts all the time, just look at ath10k for example. I
would not be surprised if we need to add even more abstractions to
brcmfmac in the future. And Arend is the expert here, he has best
knowledge of Broadcom devices and I trust him.

Has anyone even investigated what it would need to implement Arend's
proposal? At least I don't see any indication of that.
Eric Curtin Dec. 20, 2023, 11:32 a.m. UTC | #14
On Wed, 20 Dec 2023 at 01:54, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> On Tue, 19 Dec 2023 at 16:06, Hector Martin <marcan@marcan.st> wrote:
> >
> > On 2023/12/19 23:42, Kalle Valo wrote:
> > >
> > > Why is it that every patch Hector submits seems to end up with flame
> > > wars?
>
> Well, I do think some of it is Hector's personality and forceful
> approaches, but I do think part of it is also the area in question.
>
> Because I do agree with Hector that..
>
> > Just recently a patch was posted to remove the Infineon list from
> > MAINTAINERS because that company cares so little they have literally
> > stopped accepting emails from us. Meanwhile they are telling their
> > customers that they do not recommend upstream brcmfmac and they should
> > use their downstream driver [1].
>
> Unquestionably broadcom is not helping maintain things, and I think it
> should matter.
>
> As Hector says, they point to their random driver dumps on their site
> that you can't even download unless you are a "Broadcom community
> member" or whatever, and hey - any company that works that way should
> be seen as pretty much hostile to any actual maintenance and proper
> development.
>
> If Daniel and Hector are responsive to actual problem reports for the
> changes they cause, I do think that should count a lot.
>
> I don't think Cypress support should necessarily be removed (or marked
> broken), but if the sae_password code already doesn't work, _that_
> part certainly shouldn't hold things up?
>
> Put another way: if we effectively don't have a driver maintainer that
> can test things, and somebody is willing to step up, shouldn't we take
> that person up on it?

I am trying to help try and find a maintainer in the community, but of
course I can't guarantee anything. Theoretically of course it should
be someone from Broadcom, Raspberry Pi, etc. and not the community
(not that this helps unblock us promptly).

I just would like to say this upstream Cypress driver has a large
number of users via Fedora and CentOS Stream Automotive Distribution.
And that's just the Fedora family of distros. But the Apple Silicon
devices have a pretty large amount of users also.

We need to find a way of accommodating both. If that's either fork the
code into two separate files somehow or find another maintainer, I
don't know (just my uninformed opinion).

Is mise le meas/Regards,

Eric Curtin

>
>                   Linus
>
Kalle Valo Dec. 20, 2023, 3:55 p.m. UTC | #15
Kalle Valo <kvalo@kernel.org> writes:

> And Arend is the expert here, he has best knowledge of Broadcom
> devices and I trust him.

But Arend decided to step down:

https://patchwork.kernel.org/project/linux-wireless/patch/20231220095750.307829-1-arend.vanspriel@broadcom.com/

And no wonder.
Eric Curtin Dec. 20, 2023, 4:42 p.m. UTC | #16
On Wed, 20 Dec 2023 at 16:05, Kalle Valo <kvalo@kernel.org> wrote:
>
> Kalle Valo <kvalo@kernel.org> writes:
>
> > And Arend is the expert here, he has best knowledge of Broadcom
> > devices and I trust him.
>
> But Arend decided to step down:
>
> https://patchwork.kernel.org/project/linux-wireless/patch/20231220095750.307829-1-arend.vanspriel@broadcom.com/
>
> And no wonder.

By the way, just in case my earlier email was misinterpreted, when I
suggested we find another maintainer, I meant a co-maintainer to help
spread the load, test, review, etc.

I'm sad Arend stepped down and that we have less maintainers now. I
meant it in good spirits.

I have received messages from almost 100 people that seem interested
in helping integrate Broadcom wifi in the upstream kernel. I have
asked them kindly to not pollute the mailing list and to read this
thread to get full context.

Is mise le meas/Regards,

Eric Curtin

>
> --
> https://patchwork.kernel.org/project/linux-wireless/list/
>
> https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
>
Hector Martin Dec. 20, 2023, 6:02 p.m. UTC | #17
On 2023/12/20 19:16, Paul Fertser wrote:
> Hey Hector,
> 
> On Tue, Nov 07, 2023 at 03:05:31PM +0900, Hector Martin wrote:
>> Using the WSEC command instead of sae_password seems to be the supported
>> mechanism on newer firmware, and also how the brcmdhd driver does it.
>>
>> According to user reports [1], the sae_password codepath doesn't actually
>> work on machines with Cypress chips anyway, so no harm in removing it.
> 
> I'm sorry to disappoint you but I've just tested this patch on a
> "Pinebook Pro" which has AP6255 module and it broke WPA3 Personal.
> 
> No error messages are emitted to the kernel log, just iwctl saying it
> can't establish connection.
> 
> This is using "Cypress" firmware from the Linux firmware tree [0]
> renamed to "brcmfmac43455-sdio.bin" which has the following features
> (extracted from last two lines):
> 
> 43455c0-roml/43455_sdio-pno-aoe-pktfilter-pktctx-wfds-mfp-dfsradar-wowlpf-idsup-idauth-noclminc-clm_min-obss-obssdump-swdiv-gtkoe-roamprof-txbf-ve-sae-dpp-sr-okc-bpd Version: 7.45.234 (4ca95bb CY) CRC: 212e223d Date: Thu 2021-04-15 03:06:00 PDT Ucode Ver: 1043.2161 FWID 01-996384e2
> DVID 01-1fda2915
> 
> 
> This module is used on many SBCs, including some RaspberryPi
> boards. The reason RaspberryPi owners complain about lack of WPA3
> Personal support is that most of them are using obscure downstream
> distros which ship brcmfmac firmware from somewhere else rather than
> the Linux firmware tree, so they lack the "sae" feature. Another is
> that it only works with iwd while default is wpa_supplicant.
> 
> So far all known reports of those who tried the right firmware on
> RaspberryPi boards confirm WPA3 Personal was working with iwd [1].
> 
> 
> I'll be happy to do more testing if needed. Thank you very much for
> your hard and insightful work!

Thank you for being the first person to actually test any of this :)

Now we actually have a reason to keep the code. The next thing I wonder
is whether any of the *other* Cypress chips will respond to WSEC (in
addition to or instead of sae_password)...

Are you willing to test all the other wifi stuff we have queued up
downstream? There's a whole pile of changes here:

https://github.com/AsahiLinux/linux/commits/bits/080-wifi/

If things break it would be very helpful if you could bisect it down to
the specific commit. This patch is also in there of course, feel free to
revert/rebase it out.

- Hector
Hector Martin Dec. 20, 2023, 6:14 p.m. UTC | #18
On 2023/12/20 19:20, Kalle Valo wrote:
> Linus Torvalds <torvalds@linux-foundation.org> writes:
> 
>>> Just recently a patch was posted to remove the Infineon list from
>>> MAINTAINERS because that company cares so little they have literally
>>> stopped accepting emails from us. Meanwhile they are telling their
>>> customers that they do not recommend upstream brcmfmac and they should
>>> use their downstream driver [1].
>>
>> Unquestionably broadcom is not helping maintain things, and I think it
>> should matter.
>>
>> As Hector says, they point to their random driver dumps on their site
>> that you can't even download unless you are a "Broadcom community
>> member" or whatever, and hey - any company that works that way should
>> be seen as pretty much hostile to any actual maintenance and proper
>> development.
> 
> Sadly this is the normal in the wireless world. All vendors focus on the
> latest generation, currently it's Wi-Fi 7, and lose interest on older
> generations. And vendors lose focus on the upstream drivers even faster,
> usually after a customer project ends.
> 
> So in practise what we try to do is keep the drivers working somehow on
> our own, even after the vendors are long gone. If we would deliberately
> allow breaking drivers because vendor/corporations don't support us, I
> suspect we would have sevaral broken drivers in upstream.
> 
>> If Daniel and Hector are responsive to actual problem reports for the
>> changes they cause, I do think that should count a lot.
> 
> Sure, but they could also respect to the review comments. I find Arend's
> proposal is reasonable and that's what I would implement in v2. We
> (linux-wireless) make abstractions to workaround firmware problems or
> interface conflicts all the time, just look at ath10k for example. I
> would not be surprised if we need to add even more abstractions to
> brcmfmac in the future. And Arend is the expert here, he has best
> knowledge of Broadcom devices and I trust him.
> 
> Has anyone even investigated what it would need to implement Arend's
> proposal? At least I don't see any indication of that.

Of course we can implement it (and we will as we actually got a report
of this patch breaking Cypress now, finally).

The question was never whether it could be done, we're already doing a
bunch of abstractions to deal with just the Broadcom-only side of things
too. The point I was trying to make is that we need to *know* what
firmware abstractions we need and *why* they are needed. We can't just
say, for every change, "well, nobody knows if the existing code works or
not, so let's just add an abstraction just in case the change breaks
something". As far as anyone involved in the discussions until now could
tell, this code was just something some Cypress person dumped upstream,
and nobody involved was being responsive to any of our inquiries, so
there was no way to be certain it worked at all, whether it was
supported in public firmware, or anything else.

*Now* that we know the existing code is actually functional and not just
dead/broken, and that the WSEC approach is conversely not functional on
the Cypress firmwares, it makes sense to introduce an abstraction.

Here's an example of the case where an abstraction was *not* needed: I
switched over WPA PSK configuration from hex-encoded to binary. That was
needed to make more recent Apple firmwares work. My evidence at the time
that that change *was* at least fairly backwards compatible was that the
OpenBSD driver had been doing it that way all along. Had we introduced
an abstraction/conditional for that case "just in case", it would have
generated superfluous technical debt for no reason.

- Hector
Arend van Spriel Dec. 20, 2023, 7:36 p.m. UTC | #19
On 12/20/2023 7:14 PM, Hector Martin wrote:
> 
> 
> On 2023/12/20 19:20, Kalle Valo wrote:
>> Linus Torvalds <torvalds@linux-foundation.org> writes:
>>
>>>> Just recently a patch was posted to remove the Infineon list from
>>>> MAINTAINERS because that company cares so little they have literally
>>>> stopped accepting emails from us. Meanwhile they are telling their
>>>> customers that they do not recommend upstream brcmfmac and they should
>>>> use their downstream driver [1].
>>>
>>> Unquestionably broadcom is not helping maintain things, and I think it
>>> should matter.
>>>
>>> As Hector says, they point to their random driver dumps on their site
>>> that you can't even download unless you are a "Broadcom community
>>> member" or whatever, and hey - any company that works that way should
>>> be seen as pretty much hostile to any actual maintenance and proper
>>> development.
>>
>> Sadly this is the normal in the wireless world. All vendors focus on the
>> latest generation, currently it's Wi-Fi 7, and lose interest on older
>> generations. And vendors lose focus on the upstream drivers even faster,
>> usually after a customer project ends.
>>
>> So in practise what we try to do is keep the drivers working somehow on
>> our own, even after the vendors are long gone. If we would deliberately
>> allow breaking drivers because vendor/corporations don't support us, I
>> suspect we would have sevaral broken drivers in upstream.
>>
>>> If Daniel and Hector are responsive to actual problem reports for the
>>> changes they cause, I do think that should count a lot.
>>
>> Sure, but they could also respect to the review comments. I find Arend's
>> proposal is reasonable and that's what I would implement in v2. We
>> (linux-wireless) make abstractions to workaround firmware problems or
>> interface conflicts all the time, just look at ath10k for example. I
>> would not be surprised if we need to add even more abstractions to
>> brcmfmac in the future. And Arend is the expert here, he has best
>> knowledge of Broadcom devices and I trust him.
>>
>> Has anyone even investigated what it would need to implement Arend's
>> proposal? At least I don't see any indication of that.
> 
> Of course we can implement it (and we will as we actually got a report
> of this patch breaking Cypress now, finally).
> 
> The question was never whether it could be done, we're already doing a
> bunch of abstractions to deal with just the Broadcom-only side of things
> too. The point I was trying to make is that we need to *know* what
> firmware abstractions we need and *why* they are needed. We can't just
> say, for every change, "well, nobody knows if the existing code works or
> not, so let's just add an abstraction just in case the change breaks
> something". As far as anyone involved in the discussions until now could
> tell, this code was just something some Cypress person dumped upstream,
> and nobody involved was being responsive to any of our inquiries, so
> there was no way to be certain it worked at all, whether it was
> supported in public firmware, or anything else.
> 
> *Now* that we know the existing code is actually functional and not just
> dead/broken, and that the WSEC approach is conversely not functional on
> the Cypress firmwares, it makes sense to introduce an abstraction.

Just a quick look in the git history could have told you that it was not 
just dumped upstream and at least one person was using it and extended 
it for 802.11r support (fast-roaming):


author	Paweł Drewniak <czajernia@gmail.com>	2021-08-24 23:13:30 +0100
committer	Kalle Valo <kvalo@codeaurora.org>	2021-08-29 11:33:07 +0300
commit	4b51de063d5310f1fb297388b7955926e63e45c9 (patch)
tree	ba2ccb5cbd055d482a8daa263f5e53531c07667f 
/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
parent	81f9ebd43659320a88cae8ed5124c50b4d47ab66 (diff)
download	wireless-4b51de063d5310f1fb297388b7955926e63e45c9.tar.gz
brcmfmac: Add WPA3 Personal with FT to supported cipher suites
This allows the driver to connect to BSSIDs supporting SAE with 802.11r.
Tested on Raspberry Pi 4 Model B (STA) and UniFi 6LR/OpenWRT 21.02.0-rc2.
AP was set to 'sae-mixed' (WPA2/3 Personal).

Signed-off-by: Paweł Drewniak <czajernia@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20210824221330.3847139-1-czajernia@gmail.com

> Here's an example of the case where an abstraction was *not* needed: I
> switched over WPA PSK configuration from hex-encoded to binary. That was
> needed to make more recent Apple firmwares work. My evidence at the time
> that that change *was* at least fairly backwards compatible was that the
> OpenBSD driver had been doing it that way all along. Had we introduced
> an abstraction/conditional for that case "just in case", it would have
> generated superfluous technical debt for no reason.

Fully agreeing here and you already given the argument for that in the 
commit message. Hence there was no discussion whatsoever about that.

Regards,
Arend
Hector Martin Dec. 21, 2023, 12:49 a.m. UTC | #20
On 2023/12/21 4:36, Arend van Spriel wrote:
> On 12/20/2023 7:14 PM, Hector Martin wrote:
>>
>>
>> On 2023/12/20 19:20, Kalle Valo wrote:
>>> Linus Torvalds <torvalds@linux-foundation.org> writes:
>>>
>>>>> Just recently a patch was posted to remove the Infineon list from
>>>>> MAINTAINERS because that company cares so little they have literally
>>>>> stopped accepting emails from us. Meanwhile they are telling their
>>>>> customers that they do not recommend upstream brcmfmac and they should
>>>>> use their downstream driver [1].
>>>>
>>>> Unquestionably broadcom is not helping maintain things, and I think it
>>>> should matter.
>>>>
>>>> As Hector says, they point to their random driver dumps on their site
>>>> that you can't even download unless you are a "Broadcom community
>>>> member" or whatever, and hey - any company that works that way should
>>>> be seen as pretty much hostile to any actual maintenance and proper
>>>> development.
>>>
>>> Sadly this is the normal in the wireless world. All vendors focus on the
>>> latest generation, currently it's Wi-Fi 7, and lose interest on older
>>> generations. And vendors lose focus on the upstream drivers even faster,
>>> usually after a customer project ends.
>>>
>>> So in practise what we try to do is keep the drivers working somehow on
>>> our own, even after the vendors are long gone. If we would deliberately
>>> allow breaking drivers because vendor/corporations don't support us, I
>>> suspect we would have sevaral broken drivers in upstream.
>>>
>>>> If Daniel and Hector are responsive to actual problem reports for the
>>>> changes they cause, I do think that should count a lot.
>>>
>>> Sure, but they could also respect to the review comments. I find Arend's
>>> proposal is reasonable and that's what I would implement in v2. We
>>> (linux-wireless) make abstractions to workaround firmware problems or
>>> interface conflicts all the time, just look at ath10k for example. I
>>> would not be surprised if we need to add even more abstractions to
>>> brcmfmac in the future. And Arend is the expert here, he has best
>>> knowledge of Broadcom devices and I trust him.
>>>
>>> Has anyone even investigated what it would need to implement Arend's
>>> proposal? At least I don't see any indication of that.
>>
>> Of course we can implement it (and we will as we actually got a report
>> of this patch breaking Cypress now, finally).
>>
>> The question was never whether it could be done, we're already doing a
>> bunch of abstractions to deal with just the Broadcom-only side of things
>> too. The point I was trying to make is that we need to *know* what
>> firmware abstractions we need and *why* they are needed. We can't just
>> say, for every change, "well, nobody knows if the existing code works or
>> not, so let's just add an abstraction just in case the change breaks
>> something". As far as anyone involved in the discussions until now could
>> tell, this code was just something some Cypress person dumped upstream,
>> and nobody involved was being responsive to any of our inquiries, so
>> there was no way to be certain it worked at all, whether it was
>> supported in public firmware, or anything else.
>>
>> *Now* that we know the existing code is actually functional and not just
>> dead/broken, and that the WSEC approach is conversely not functional on
>> the Cypress firmwares, it makes sense to introduce an abstraction.
> 
> Just a quick look in the git history could have told you that it was not 
> just dumped upstream and at least one person was using it and extended 
> it for 802.11r support (fast-roaming):
> 
> 
> author	Paweł Drewniak <czajernia@gmail.com>	2021-08-24 23:13:30 +0100
> committer	Kalle Valo <kvalo@codeaurora.org>	2021-08-29 11:33:07 +0300
> commit	4b51de063d5310f1fb297388b7955926e63e45c9 (patch)
> tree	ba2ccb5cbd055d482a8daa263f5e53531c07667f 
> /drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> parent	81f9ebd43659320a88cae8ed5124c50b4d47ab66 (diff)
> download	wireless-4b51de063d5310f1fb297388b7955926e63e45c9.tar.gz
> brcmfmac: Add WPA3 Personal with FT to supported cipher suites
> This allows the driver to connect to BSSIDs supporting SAE with 802.11r.
> Tested on Raspberry Pi 4 Model B (STA) and UniFi 6LR/OpenWRT 21.02.0-rc2.
> AP was set to 'sae-mixed' (WPA2/3 Personal).
> 
> Signed-off-by: Paweł Drewniak <czajernia@gmail.com>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
> Link: https://lore.kernel.org/r/20210824221330.3847139-1-czajernia@gmail.com

Sure, but we also had user reports of it *not* actually working (maybe
it regressed?). We didn't know whether it was functional with the
linux-firmware blobs in any way, I wanted confirmation of that. And we
also didn't know that the patch *would* break it at all; perhaps the
Cypress firmware had also grown support for the WSEC mechanism.

That's why I wanted someone to actually confirm the code worked (in some
subset of cases) and the patch didn't, before starting to introduce
conditionals. There is, of course, also the element that the Cypress
side has been long unmaintained, and if nobody is testing/giving
feedback/complaining, perhaps it's better to err on the side of maybe
breaking something and see if that gets someone to come out of the
woodwork if it really breaks, rather than tiptoeing around the code
without knowing what's going on and without anyone actually testing things.

It's not about this *specific* patch, it's about the general situation
of not being able to touch firmware interfaces "just in case Cypress
breaks" being unsustainable in the long term. I wasn't pushing back
because I think this particular one will be hard, I was pushing back
because I can read the tea leaves and see this is not going to end well
if it's the approach we start taking for everything. We *need* someone
to be testing patches on Cypress, we can't just "try not to touch it"
and cross our fingers. That just ends in disaster, we are not going to
succeed in not breaking it either way and it's going to make the driver
worse.

- Hector
Arend van Spriel Dec. 21, 2023, 9:57 a.m. UTC | #21
- SHA-cyfmac-dev-list@infineon.com

On 12/21/2023 1:49 AM, Hector Martin wrote:
> 
> 
> On 2023/12/21 4:36, Arend van Spriel wrote:
>> On 12/20/2023 7:14 PM, Hector Martin wrote:
>>>
>>>
>>> On 2023/12/20 19:20, Kalle Valo wrote:
>>>> Linus Torvalds <torvalds@linux-foundation.org> writes:
>>>>
>>>>>> Just recently a patch was posted to remove the Infineon list from
>>>>>> MAINTAINERS because that company cares so little they have literally
>>>>>> stopped accepting emails from us. Meanwhile they are telling their
>>>>>> customers that they do not recommend upstream brcmfmac and they should
>>>>>> use their downstream driver [1].
>>>>>
>>>>> Unquestionably broadcom is not helping maintain things, and I think it
>>>>> should matter.
>>>>>
>>>>> As Hector says, they point to their random driver dumps on their site
>>>>> that you can't even download unless you are a "Broadcom community
>>>>> member" or whatever, and hey - any company that works that way should
>>>>> be seen as pretty much hostile to any actual maintenance and proper
>>>>> development.
>>>>
>>>> Sadly this is the normal in the wireless world. All vendors focus on the
>>>> latest generation, currently it's Wi-Fi 7, and lose interest on older
>>>> generations. And vendors lose focus on the upstream drivers even faster,
>>>> usually after a customer project ends.
>>>>
>>>> So in practise what we try to do is keep the drivers working somehow on
>>>> our own, even after the vendors are long gone. If we would deliberately
>>>> allow breaking drivers because vendor/corporations don't support us, I
>>>> suspect we would have sevaral broken drivers in upstream.
>>>>
>>>>> If Daniel and Hector are responsive to actual problem reports for the
>>>>> changes they cause, I do think that should count a lot.
>>>>
>>>> Sure, but they could also respect to the review comments. I find Arend's
>>>> proposal is reasonable and that's what I would implement in v2. We
>>>> (linux-wireless) make abstractions to workaround firmware problems or
>>>> interface conflicts all the time, just look at ath10k for example. I
>>>> would not be surprised if we need to add even more abstractions to
>>>> brcmfmac in the future. And Arend is the expert here, he has best
>>>> knowledge of Broadcom devices and I trust him.
>>>>
>>>> Has anyone even investigated what it would need to implement Arend's
>>>> proposal? At least I don't see any indication of that.
>>>
>>> Of course we can implement it (and we will as we actually got a report
>>> of this patch breaking Cypress now, finally).
>>>
>>> The question was never whether it could be done, we're already doing a
>>> bunch of abstractions to deal with just the Broadcom-only side of things
>>> too. The point I was trying to make is that we need to *know* what
>>> firmware abstractions we need and *why* they are needed. We can't just
>>> say, for every change, "well, nobody knows if the existing code works or
>>> not, so let's just add an abstraction just in case the change breaks
>>> something". As far as anyone involved in the discussions until now could
>>> tell, this code was just something some Cypress person dumped upstream,
>>> and nobody involved was being responsive to any of our inquiries, so
>>> there was no way to be certain it worked at all, whether it was
>>> supported in public firmware, or anything else.
>>>
>>> *Now* that we know the existing code is actually functional and not just
>>> dead/broken, and that the WSEC approach is conversely not functional on
>>> the Cypress firmwares, it makes sense to introduce an abstraction.
>>
>> Just a quick look in the git history could have told you that it was not
>> just dumped upstream and at least one person was using it and extended
>> it for 802.11r support (fast-roaming):
>>
>>
>> author	Paweł Drewniak <czajernia@gmail.com>	2021-08-24 23:13:30 +0100
>> committer	Kalle Valo <kvalo@codeaurora.org>	2021-08-29 11:33:07 +0300
>> commit	4b51de063d5310f1fb297388b7955926e63e45c9 (patch)
>> tree	ba2ccb5cbd055d482a8daa263f5e53531c07667f
>> /drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>> parent	81f9ebd43659320a88cae8ed5124c50b4d47ab66 (diff)
>> download	wireless-4b51de063d5310f1fb297388b7955926e63e45c9.tar.gz
>> brcmfmac: Add WPA3 Personal with FT to supported cipher suites
>> This allows the driver to connect to BSSIDs supporting SAE with 802.11r.
>> Tested on Raspberry Pi 4 Model B (STA) and UniFi 6LR/OpenWRT 21.02.0-rc2.
>> AP was set to 'sae-mixed' (WPA2/3 Personal).
>>
>> Signed-off-by: Paweł Drewniak <czajernia@gmail.com>
>> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
>> Link: https://lore.kernel.org/r/20210824221330.3847139-1-czajernia@gmail.com
> 
> Sure, but we also had user reports of it *not* actually working (maybe
> it regressed?). We didn't know whether it was functional with the
> linux-firmware blobs in any way, I wanted confirmation of that. And we
> also didn't know that the patch *would* break it at all; perhaps the
> Cypress firmware had also grown support for the WSEC mechanism.
> 
> That's why I wanted someone to actually confirm the code worked (in some
> subset of cases) and the patch didn't, before starting to introduce
> conditionals. There is, of course, also the element that the Cypress
> side has been long unmaintained, and if nobody is testing/giving
> feedback/complaining, perhaps it's better to err on the side of maybe
> breaking something and see if that gets someone to come out of the
> woodwork if it really breaks, rather than tiptoeing around the code
> without knowing what's going on and without anyone actually testing things.

That is because you distrust the intent that Cypress was really 
contributing. They were and I trusted them to not just throw in a 
feature like WPA3. When Infineon took over they went mute. Upon 
reviewing your patch (again) I also sent an email to them asking 
specifically about the status of the sae_password interface. I did not 
use the mailing list which indeed bounces these days (hence removed 
them) but the last living soul that I had contact with about a year ago 
whether they were still comitted to be involved. I guess out of 
politeness or embarrassment I got confirmation they were and never heard 
from him again. The query about the sae_password interface is still pending.

> It's not about this *specific* patch, it's about the general situation
> of not being able to touch firmware interfaces "just in case Cypress
> breaks" being unsustainable in the long term. I wasn't pushing back
> because I think this particular one will be hard, I was pushing back
> because I can read the tea leaves and see this is not going to end well
> if it's the approach we start taking for everything. We *need* someone
> to be testing patches on Cypress, we can't just "try not to touch it"
> and cross our fingers. That just ends in disaster, we are not going to
> succeed in not breaking it either way and it's going to make the driver
> worse.

I admire you ability of reading tea leaves. You saw the Grim I reckon. 
Admittedly your responses on every comment from my side (or Kalle for 
that matter) was polarizing every discussion. That is common way people 
treat each other nowadays especially online where a conversation is just 
a pile of text going shit. It does not bring out the best in me either, 
but it was draining every ounce of energy from me so better end it by 
stepping out.

I added the ground work for multi-vendor support, but have not decided 
on the approach to take. Abstract per firmware interface primitive or 
simply have a cfg80211.c and fwil_types.h per vendor OR implement a 
vendor-specific cfg80211 callback and override the default callback 
during the driver attach, ie. in brcmf_fwvid_wcc_attach(). The latter 
duplicates things, but lean towards that as it may be easier on the 
long-term. What do your tea leaves tell you ;-)

Regards,
Arend
Marcel Holtmann Dec. 21, 2023, 8:39 p.m. UTC | #22
Hi Julian,

>>>>>> Using the WSEC command instead of sae_password seems to be the supported
>>>>>> mechanism on newer firmware, and also how the brcmdhd driver does it.
>>>>>> 
>>>>>> According to user reports [1], the sae_password codepath doesn't actually
>>>>>> work on machines with Cypress chips anyway, so no harm in removing it.
>>>>>> 
>>>>>> This makes WPA3 work with iwd, or with wpa_supplicant pending a support
>>>>>> patchset [2].
>>>>>> 
>>>>>> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/
>>>>>> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
>>>>>> 
>>>>>> Signed-off-by: Hector Martin <marcan@marcan.st>
>>>>>> Reviewed-by: Neal Gompa <neal@gompa.dev>
>>>>> 
>>>>> Arend, what do you think?
>>>>> 
>>>>> We recently talked about people testing brcmfmac patches, has anyone else
>>>>> tested this?
>>>> 
>>>> Not sure I already replied so maybe I am repeating myself. I would prefer
>>>> to keep the Cypress sae_password path as well although it reportedly does
>>>> not work. The vendor support in the driver can be used to accommodate for
>>>> that. The other option would be to have people with Cypress chipset test
>>>> this patch. If that works for both we can consider dropping the
>>>> sae_password path.
>>>> 
>>>> Regards,
>>>> Arend
>>> 
>>> So, if nobody from Cypress chimes in ever, and nobody cares nor tests
>>> Cypress chipsets, are we keeping any and all existing Cypress code-paths
>>> as bitrotting code forever and adding gratuitous conditionals every time
>>> any functionality needs to change "just in case it breaks Cypress" even
>>> though it has been tested compatible on Broadcom chipsets/firmware?
>>> 
>>> Because that's not sustainable long term.
>> 
>> You should look into WEXT just for the fun of it. If it were up to me
>> and a bunch of other people that would have been gone decades ago. Maybe
>> a bad example if the sae_password is indeed not working, but the Cypress
>> chipset is used in RPi3 and RPi4 so there must be a couple of users.
> 
> There are reports that WPA3 is broken on the Cypress chipsets the
> Raspberry Pis are using and this patch fixes it:
> https://rachelbythebay.com/w/2023/11/06/wpa3/
> 
> Based on that, it appears that all known users of WPA3 capable
> hardware with this driver require this fix.

the Pis are all using an outdated firmware. In their distro they put the
firmware already under the alternates systems, but it just lacks the SAE
offload support that is required to make WPA3 work. The linux-firmware
version does the trick nicely.

I documented what I did to make this work on Pi5 (note that I normally
use Fedora on Pi4 and thus never encountered this issue)

https://holtmann.dev/enabling-wpa3-on-raspberry-pi/

However you need to use iwd and not hope that you get a wpa_supplicant
released version that will work.

So whole game of wpa_supplicant is vendor specific to the company that
provides the driver is also insane, but that is another story. Use iwd
and you can most likely have WPA3 support if you have the right firmware.

Regards

Marcel
Neal Gompa Dec. 22, 2023, 12:03 a.m. UTC | #23
On Thu, Dec 21, 2023 at 3:40 PM Marcel Holtmann <marcel@holtmann.org> wrote:
>
> Hi Julian,
>
> >>>>>> Using the WSEC command instead of sae_password seems to be the supported
> >>>>>> mechanism on newer firmware, and also how the brcmdhd driver does it.
> >>>>>>
> >>>>>> According to user reports [1], the sae_password codepath doesn't actually
> >>>>>> work on machines with Cypress chips anyway, so no harm in removing it.
> >>>>>>
> >>>>>> This makes WPA3 work with iwd, or with wpa_supplicant pending a support
> >>>>>> patchset [2].
> >>>>>>
> >>>>>> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/
> >>>>>> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
> >>>>>>
> >>>>>> Signed-off-by: Hector Martin <marcan@marcan.st>
> >>>>>> Reviewed-by: Neal Gompa <neal@gompa.dev>
> >>>>>
> >>>>> Arend, what do you think?
> >>>>>
> >>>>> We recently talked about people testing brcmfmac patches, has anyone else
> >>>>> tested this?
> >>>>
> >>>> Not sure I already replied so maybe I am repeating myself. I would prefer
> >>>> to keep the Cypress sae_password path as well although it reportedly does
> >>>> not work. The vendor support in the driver can be used to accommodate for
> >>>> that. The other option would be to have people with Cypress chipset test
> >>>> this patch. If that works for both we can consider dropping the
> >>>> sae_password path.
> >>>>
> >>>> Regards,
> >>>> Arend
> >>>
> >>> So, if nobody from Cypress chimes in ever, and nobody cares nor tests
> >>> Cypress chipsets, are we keeping any and all existing Cypress code-paths
> >>> as bitrotting code forever and adding gratuitous conditionals every time
> >>> any functionality needs to change "just in case it breaks Cypress" even
> >>> though it has been tested compatible on Broadcom chipsets/firmware?
> >>>
> >>> Because that's not sustainable long term.
> >>
> >> You should look into WEXT just for the fun of it. If it were up to me
> >> and a bunch of other people that would have been gone decades ago. Maybe
> >> a bad example if the sae_password is indeed not working, but the Cypress
> >> chipset is used in RPi3 and RPi4 so there must be a couple of users.
> >
> > There are reports that WPA3 is broken on the Cypress chipsets the
> > Raspberry Pis are using and this patch fixes it:
> > https://rachelbythebay.com/w/2023/11/06/wpa3/
> >
> > Based on that, it appears that all known users of WPA3 capable
> > hardware with this driver require this fix.
>
> the Pis are all using an outdated firmware. In their distro they put the
> firmware already under the alternates systems, but it just lacks the SAE
> offload support that is required to make WPA3 work. The linux-firmware
> version does the trick nicely.
>
> I documented what I did to make this work on Pi5 (note that I normally
> use Fedora on Pi4 and thus never encountered this issue)
>
> https://holtmann.dev/enabling-wpa3-on-raspberry-pi/
>
> However you need to use iwd and not hope that you get a wpa_supplicant
> released version that will work.
>
> So whole game of wpa_supplicant is vendor specific to the company that
> provides the driver is also insane, but that is another story. Use iwd
> and you can most likely have WPA3 support if you have the right firmware.
>

wpa_supplicant is perfectly fine if the necessary patches are
backported, as Fedora has done:
https://src.fedoraproject.org/rpms/wpa_supplicant/c/99f4bf2096d3976cee01c499d7a30c1376f5f0f7



--
真実はいつも一つ!/ Always, there's only one truth!
Hector Martin Dec. 22, 2023, 5:10 a.m. UTC | #24
On 2023/12/21 18:57, Arend van Spriel wrote:
> - SHA-cyfmac-dev-list@infineon.com
> 
> On 12/21/2023 1:49 AM, Hector Martin wrote:
>>
>>
>> On 2023/12/21 4:36, Arend van Spriel wrote:
>>> On 12/20/2023 7:14 PM, Hector Martin wrote:
>>>>
>>>>
>>>> On 2023/12/20 19:20, Kalle Valo wrote:
>>>>> Linus Torvalds <torvalds@linux-foundation.org> writes:
>>>>>
>>>>>>> Just recently a patch was posted to remove the Infineon list from
>>>>>>> MAINTAINERS because that company cares so little they have literally
>>>>>>> stopped accepting emails from us. Meanwhile they are telling their
>>>>>>> customers that they do not recommend upstream brcmfmac and they should
>>>>>>> use their downstream driver [1].
>>>>>>
>>>>>> Unquestionably broadcom is not helping maintain things, and I think it
>>>>>> should matter.
>>>>>>
>>>>>> As Hector says, they point to their random driver dumps on their site
>>>>>> that you can't even download unless you are a "Broadcom community
>>>>>> member" or whatever, and hey - any company that works that way should
>>>>>> be seen as pretty much hostile to any actual maintenance and proper
>>>>>> development.
>>>>>
>>>>> Sadly this is the normal in the wireless world. All vendors focus on the
>>>>> latest generation, currently it's Wi-Fi 7, and lose interest on older
>>>>> generations. And vendors lose focus on the upstream drivers even faster,
>>>>> usually after a customer project ends.
>>>>>
>>>>> So in practise what we try to do is keep the drivers working somehow on
>>>>> our own, even after the vendors are long gone. If we would deliberately
>>>>> allow breaking drivers because vendor/corporations don't support us, I
>>>>> suspect we would have sevaral broken drivers in upstream.
>>>>>
>>>>>> If Daniel and Hector are responsive to actual problem reports for the
>>>>>> changes they cause, I do think that should count a lot.
>>>>>
>>>>> Sure, but they could also respect to the review comments. I find Arend's
>>>>> proposal is reasonable and that's what I would implement in v2. We
>>>>> (linux-wireless) make abstractions to workaround firmware problems or
>>>>> interface conflicts all the time, just look at ath10k for example. I
>>>>> would not be surprised if we need to add even more abstractions to
>>>>> brcmfmac in the future. And Arend is the expert here, he has best
>>>>> knowledge of Broadcom devices and I trust him.
>>>>>
>>>>> Has anyone even investigated what it would need to implement Arend's
>>>>> proposal? At least I don't see any indication of that.
>>>>
>>>> Of course we can implement it (and we will as we actually got a report
>>>> of this patch breaking Cypress now, finally).
>>>>
>>>> The question was never whether it could be done, we're already doing a
>>>> bunch of abstractions to deal with just the Broadcom-only side of things
>>>> too. The point I was trying to make is that we need to *know* what
>>>> firmware abstractions we need and *why* they are needed. We can't just
>>>> say, for every change, "well, nobody knows if the existing code works or
>>>> not, so let's just add an abstraction just in case the change breaks
>>>> something". As far as anyone involved in the discussions until now could
>>>> tell, this code was just something some Cypress person dumped upstream,
>>>> and nobody involved was being responsive to any of our inquiries, so
>>>> there was no way to be certain it worked at all, whether it was
>>>> supported in public firmware, or anything else.
>>>>
>>>> *Now* that we know the existing code is actually functional and not just
>>>> dead/broken, and that the WSEC approach is conversely not functional on
>>>> the Cypress firmwares, it makes sense to introduce an abstraction.
>>>
>>> Just a quick look in the git history could have told you that it was not
>>> just dumped upstream and at least one person was using it and extended
>>> it for 802.11r support (fast-roaming):
>>>
>>>
>>> author	Paweł Drewniak <czajernia@gmail.com>	2021-08-24 23:13:30 +0100
>>> committer	Kalle Valo <kvalo@codeaurora.org>	2021-08-29 11:33:07 +0300
>>> commit	4b51de063d5310f1fb297388b7955926e63e45c9 (patch)
>>> tree	ba2ccb5cbd055d482a8daa263f5e53531c07667f
>>> /drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>>> parent	81f9ebd43659320a88cae8ed5124c50b4d47ab66 (diff)
>>> download	wireless-4b51de063d5310f1fb297388b7955926e63e45c9.tar.gz
>>> brcmfmac: Add WPA3 Personal with FT to supported cipher suites
>>> This allows the driver to connect to BSSIDs supporting SAE with 802.11r.
>>> Tested on Raspberry Pi 4 Model B (STA) and UniFi 6LR/OpenWRT 21.02.0-rc2.
>>> AP was set to 'sae-mixed' (WPA2/3 Personal).
>>>
>>> Signed-off-by: Paweł Drewniak <czajernia@gmail.com>
>>> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
>>> Link: https://lore.kernel.org/r/20210824221330.3847139-1-czajernia@gmail.com
>>
>> Sure, but we also had user reports of it *not* actually working (maybe
>> it regressed?). We didn't know whether it was functional with the
>> linux-firmware blobs in any way, I wanted confirmation of that. And we
>> also didn't know that the patch *would* break it at all; perhaps the
>> Cypress firmware had also grown support for the WSEC mechanism.
>>
>> That's why I wanted someone to actually confirm the code worked (in some
>> subset of cases) and the patch didn't, before starting to introduce
>> conditionals. There is, of course, also the element that the Cypress
>> side has been long unmaintained, and if nobody is testing/giving
>> feedback/complaining, perhaps it's better to err on the side of maybe
>> breaking something and see if that gets someone to come out of the
>> woodwork if it really breaks, rather than tiptoeing around the code
>> without knowing what's going on and without anyone actually testing things.
> 
> That is because you distrust the intent that Cypress was really 
> contributing. They were and I trusted them to not just throw in a 
> feature like WPA3. When Infineon took over they went mute. Upon 
> reviewing your patch (again) I also sent an email to them asking 
> specifically about the status of the sae_password interface. I did not 
> use the mailing list which indeed bounces these days (hence removed 
> them) but the last living soul that I had contact with about a year ago 
> whether they were still comitted to be involved. I guess out of 
> politeness or embarrassment I got confirmation they were and never heard 
> from him again. The query about the sae_password interface is still pending.

If only corporate acquisition politics didn't repeatedly throw a wrench
into this one... :/

This is where we are though, Infineon clearly doesn't care, so it's time
to move on.

>> It's not about this *specific* patch, it's about the general situation
>> of not being able to touch firmware interfaces "just in case Cypress
>> breaks" being unsustainable in the long term. I wasn't pushing back
>> because I think this particular one will be hard, I was pushing back
>> because I can read the tea leaves and see this is not going to end well
>> if it's the approach we start taking for everything. We *need* someone
>> to be testing patches on Cypress, we can't just "try not to touch it"
>> and cross our fingers. That just ends in disaster, we are not going to
>> succeed in not breaking it either way and it's going to make the driver
>> worse.
> 
> I admire you ability of reading tea leaves. You saw the Grim I reckon. 
> Admittedly your responses on every comment from my side (or Kalle for 
> that matter) was polarizing every discussion. That is common way people 
> treat each other nowadays especially online where a conversation is just 
> a pile of text going shit. It does not bring out the best in me either, 
> but it was draining every ounce of energy from me so better end it by 
> stepping out.

The hilariously outdated kernel development model surely doesn't help
either (I've stated my opinion on this quite a few times if you've
followed around) ;)

This stuff gets *really* frustrating when you're trying to improve what
is, I hope we can all admit, an undermaintained driver (that is not to
say it's anyone's fault personally), and end up getting held back due to
everything from coding style nitpicks to people not having the time to
be responsive. It's just not helpful. It's important to know when to
step aside and let people actually get stuff done.

When Daniel started sending me brcmfmac patches downstream, I took a
look at a few of them, decided he knew what he was doing, and just
started pulling in his branches wholesale. Was it perfect? No, I had to
debug at least one regression at one point. But it took me less time to
do that than it would've to go through the commits with a fine toothed
comb, so it was clearly the right decision.

That is not to say that should be the standard upstream (we make a point
of moving fast and breaking things more downstream, since it's a proving
ground for what eventually will be upstreamed), but I think it does
demonstrate the kind of delegation ability that is sorely lacking in
many drivers and subsystems in the kernel these days. Maintainers become
entrenched in their position, long beyond the point where they have the
time/motivation/ability to drive the code forward, and end up in the way
of new people who are trying to make a difference. I think Linus knows
full well the kernel maintainer community is stagnating.

That doesn't mean people should step down entirely. But it does mean
they need to recognize when this is happening and, at least, proactively
try to bring new people in, instead of just continuing to play a
gatekeeping role. The role of maintainers should not be that of a wall
people have to climb over to get their changes in, it should be to guide
new contributors and help onboard people who can contribute, as peers
and eventually as future maintainers.

Kalle, in the other thread you said "this is not fun anymore, this is
more like a business with requirements and demands coming from
everywhere.". That's what it feels like to us when our changes get
rejected because the local vars aren't in reverse Christmas tree order,
or because our commit messages have "v2:" in them. It feels like some
manager is trying to justify their position by creating busywork for
everyone else. Nobody should actually care about any of those things,
and if they do, they need to step back and really ask themselves how
they ended up believing that. If the goal is to enforce a reasonable
shared coding style so things don't spiral into chaos, FFS, let's just
do what every other project does these days and adopt clang-format. Then
*all* of us can stop wasting time on these trivialities and go back to
getting stuff done. And really, nobody cares about commit messages as
long as the tags are right, the subject line is succinct, and the
important information is in there. Extra stuff never hurt anyone.

> I added the ground work for multi-vendor support, but have not decided 
> on the approach to take. Abstract per firmware interface primitive or 
> simply have a cfg80211.c and fwil_types.h per vendor OR implement a 
> vendor-specific cfg80211 callback and override the default callback 
> during the driver attach, ie. in brcmf_fwvid_wcc_attach(). The latter 
> duplicates things, but lean towards that as it may be easier on the 
> long-term. What do your tea leaves tell you ;-)

FWIW, I was hoping you'd stay on at least as a reviewer. Your
contributions are valuable. You obviously know the driver and hardware
much better than most people. I encourage you to, at least, post a v2 of
the MAINTAINERS patch with yourself as an R: line.

As far as the actual driver abstraction architecture, I'm going to leave
it to Daniel to decide what makes the most sense, since he's the one
introducing new mechanisms for that already. There's always room for
refactoring later though, depending on the direction things take with
the vendor split. BTW, clang-format also makes refactoring a lot less
painful ;)

- Hector
Marcel Holtmann Dec. 22, 2023, 6:16 a.m. UTC | #25
Hi Neal,

>>>>>>>> Using the WSEC command instead of sae_password seems to be the supported
>>>>>>>> mechanism on newer firmware, and also how the brcmdhd driver does it.
>>>>>>>> 
>>>>>>>> According to user reports [1], the sae_password codepath doesn't actually
>>>>>>>> work on machines with Cypress chips anyway, so no harm in removing it.
>>>>>>>> 
>>>>>>>> This makes WPA3 work with iwd, or with wpa_supplicant pending a support
>>>>>>>> patchset [2].
>>>>>>>> 
>>>>>>>> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/
>>>>>>>> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
>>>>>>>> 
>>>>>>>> Signed-off-by: Hector Martin <marcan@marcan.st>
>>>>>>>> Reviewed-by: Neal Gompa <neal@gompa.dev>
>>>>>>> 
>>>>>>> Arend, what do you think?
>>>>>>> 
>>>>>>> We recently talked about people testing brcmfmac patches, has anyone else
>>>>>>> tested this?
>>>>>> 
>>>>>> Not sure I already replied so maybe I am repeating myself. I would prefer
>>>>>> to keep the Cypress sae_password path as well although it reportedly does
>>>>>> not work. The vendor support in the driver can be used to accommodate for
>>>>>> that. The other option would be to have people with Cypress chipset test
>>>>>> this patch. If that works for both we can consider dropping the
>>>>>> sae_password path.
>>>>>> 
>>>>>> Regards,
>>>>>> Arend
>>>>> 
>>>>> So, if nobody from Cypress chimes in ever, and nobody cares nor tests
>>>>> Cypress chipsets, are we keeping any and all existing Cypress code-paths
>>>>> as bitrotting code forever and adding gratuitous conditionals every time
>>>>> any functionality needs to change "just in case it breaks Cypress" even
>>>>> though it has been tested compatible on Broadcom chipsets/firmware?
>>>>> 
>>>>> Because that's not sustainable long term.
>>>> 
>>>> You should look into WEXT just for the fun of it. If it were up to me
>>>> and a bunch of other people that would have been gone decades ago. Maybe
>>>> a bad example if the sae_password is indeed not working, but the Cypress
>>>> chipset is used in RPi3 and RPi4 so there must be a couple of users.
>>> 
>>> There are reports that WPA3 is broken on the Cypress chipsets the
>>> Raspberry Pis are using and this patch fixes it:
>>> https://rachelbythebay.com/w/2023/11/06/wpa3/
>>> 
>>> Based on that, it appears that all known users of WPA3 capable
>>> hardware with this driver require this fix.
>> 
>> the Pis are all using an outdated firmware. In their distro they put the
>> firmware already under the alternates systems, but it just lacks the SAE
>> offload support that is required to make WPA3 work. The linux-firmware
>> version does the trick nicely.
>> 
>> I documented what I did to make this work on Pi5 (note that I normally
>> use Fedora on Pi4 and thus never encountered this issue)
>> 
>> https://holtmann.dev/enabling-wpa3-on-raspberry-pi/
>> 
>> However you need to use iwd and not hope that you get a wpa_supplicant
>> released version that will work.
>> 
>> So whole game of wpa_supplicant is vendor specific to the company that
>> provides the driver is also insane, but that is another story. Use iwd
>> and you can most likely have WPA3 support if you have the right firmware.
>> 
> 
> wpa_supplicant is perfectly fine if the necessary patches are
> backported, as Fedora has done:
> https://src.fedoraproject.org/rpms/wpa_supplicant/c/99f4bf2096d3976cee01c499d7a30c1376f5f0f7

my point exactly. Tell me when the last hostap release was and how much
delta that has to HEAD. So the wpa_supplicant you have in Fedora is
essentially yet another fork of an upstream project. One of many.

Reality is there is limited interest to make WiFi great on Linux. And
if you really look honestly, then you realize it is pretty bad.

Regards

Marcel
Eric Curtin Dec. 22, 2023, 12:25 p.m. UTC | #26
On Fri, 22 Dec 2023 at 05:19, Hector Martin <marcan@marcan.st> wrote:
>
>
>
> On 2023/12/21 18:57, Arend van Spriel wrote:
> > - SHA-cyfmac-dev-list@infineon.com
> >
> > On 12/21/2023 1:49 AM, Hector Martin wrote:
> >>
> >>
> >> On 2023/12/21 4:36, Arend van Spriel wrote:
> >>> On 12/20/2023 7:14 PM, Hector Martin wrote:
> >>>>
> >>>>
> >>>> On 2023/12/20 19:20, Kalle Valo wrote:
> >>>>> Linus Torvalds <torvalds@linux-foundation.org> writes:
> >>>>>
> >>>>>>> Just recently a patch was posted to remove the Infineon list from
> >>>>>>> MAINTAINERS because that company cares so little they have literally
> >>>>>>> stopped accepting emails from us. Meanwhile they are telling their
> >>>>>>> customers that they do not recommend upstream brcmfmac and they should
> >>>>>>> use their downstream driver [1].
> >>>>>>
> >>>>>> Unquestionably broadcom is not helping maintain things, and I think it
> >>>>>> should matter.
> >>>>>>
> >>>>>> As Hector says, they point to their random driver dumps on their site
> >>>>>> that you can't even download unless you are a "Broadcom community
> >>>>>> member" or whatever, and hey - any company that works that way should
> >>>>>> be seen as pretty much hostile to any actual maintenance and proper
> >>>>>> development.
> >>>>>
> >>>>> Sadly this is the normal in the wireless world. All vendors focus on the
> >>>>> latest generation, currently it's Wi-Fi 7, and lose interest on older
> >>>>> generations. And vendors lose focus on the upstream drivers even faster,
> >>>>> usually after a customer project ends.
> >>>>>
> >>>>> So in practise what we try to do is keep the drivers working somehow on
> >>>>> our own, even after the vendors are long gone. If we would deliberately
> >>>>> allow breaking drivers because vendor/corporations don't support us, I
> >>>>> suspect we would have sevaral broken drivers in upstream.
> >>>>>
> >>>>>> If Daniel and Hector are responsive to actual problem reports for the
> >>>>>> changes they cause, I do think that should count a lot.
> >>>>>
> >>>>> Sure, but they could also respect to the review comments. I find Arend's
> >>>>> proposal is reasonable and that's what I would implement in v2. We
> >>>>> (linux-wireless) make abstractions to workaround firmware problems or
> >>>>> interface conflicts all the time, just look at ath10k for example. I
> >>>>> would not be surprised if we need to add even more abstractions to
> >>>>> brcmfmac in the future. And Arend is the expert here, he has best
> >>>>> knowledge of Broadcom devices and I trust him.
> >>>>>
> >>>>> Has anyone even investigated what it would need to implement Arend's
> >>>>> proposal? At least I don't see any indication of that.
> >>>>
> >>>> Of course we can implement it (and we will as we actually got a report
> >>>> of this patch breaking Cypress now, finally).
> >>>>
> >>>> The question was never whether it could be done, we're already doing a
> >>>> bunch of abstractions to deal with just the Broadcom-only side of things
> >>>> too. The point I was trying to make is that we need to *know* what
> >>>> firmware abstractions we need and *why* they are needed. We can't just
> >>>> say, for every change, "well, nobody knows if the existing code works or
> >>>> not, so let's just add an abstraction just in case the change breaks
> >>>> something". As far as anyone involved in the discussions until now could
> >>>> tell, this code was just something some Cypress person dumped upstream,
> >>>> and nobody involved was being responsive to any of our inquiries, so
> >>>> there was no way to be certain it worked at all, whether it was
> >>>> supported in public firmware, or anything else.
> >>>>
> >>>> *Now* that we know the existing code is actually functional and not just
> >>>> dead/broken, and that the WSEC approach is conversely not functional on
> >>>> the Cypress firmwares, it makes sense to introduce an abstraction.
> >>>
> >>> Just a quick look in the git history could have told you that it was not
> >>> just dumped upstream and at least one person was using it and extended
> >>> it for 802.11r support (fast-roaming):
> >>>
> >>>
> >>> author      Paweł Drewniak <czajernia@gmail.com>    2021-08-24 23:13:30 +0100
> >>> committer   Kalle Valo <kvalo@codeaurora.org>       2021-08-29 11:33:07 +0300
> >>> commit      4b51de063d5310f1fb297388b7955926e63e45c9 (patch)
> >>> tree        ba2ccb5cbd055d482a8daa263f5e53531c07667f
> >>> /drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
> >>> parent      81f9ebd43659320a88cae8ed5124c50b4d47ab66 (diff)
> >>> download    wireless-4b51de063d5310f1fb297388b7955926e63e45c9.tar.gz
> >>> brcmfmac: Add WPA3 Personal with FT to supported cipher suites
> >>> This allows the driver to connect to BSSIDs supporting SAE with 802.11r.
> >>> Tested on Raspberry Pi 4 Model B (STA) and UniFi 6LR/OpenWRT 21.02.0-rc2.
> >>> AP was set to 'sae-mixed' (WPA2/3 Personal).
> >>>
> >>> Signed-off-by: Paweł Drewniak <czajernia@gmail.com>
> >>> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
> >>> Link: https://lore.kernel.org/r/20210824221330.3847139-1-czajernia@gmail.com
> >>
> >> Sure, but we also had user reports of it *not* actually working (maybe
> >> it regressed?). We didn't know whether it was functional with the
> >> linux-firmware blobs in any way, I wanted confirmation of that. And we
> >> also didn't know that the patch *would* break it at all; perhaps the
> >> Cypress firmware had also grown support for the WSEC mechanism.
> >>
> >> That's why I wanted someone to actually confirm the code worked (in some
> >> subset of cases) and the patch didn't, before starting to introduce
> >> conditionals. There is, of course, also the element that the Cypress
> >> side has been long unmaintained, and if nobody is testing/giving
> >> feedback/complaining, perhaps it's better to err on the side of maybe
> >> breaking something and see if that gets someone to come out of the
> >> woodwork if it really breaks, rather than tiptoeing around the code
> >> without knowing what's going on and without anyone actually testing things.
> >
> > That is because you distrust the intent that Cypress was really
> > contributing. They were and I trusted them to not just throw in a
> > feature like WPA3. When Infineon took over they went mute. Upon
> > reviewing your patch (again) I also sent an email to them asking
> > specifically about the status of the sae_password interface. I did not
> > use the mailing list which indeed bounces these days (hence removed
> > them) but the last living soul that I had contact with about a year ago
> > whether they were still comitted to be involved. I guess out of
> > politeness or embarrassment I got confirmation they were and never heard
> > from him again. The query about the sae_password interface is still pending.
>
> If only corporate acquisition politics didn't repeatedly throw a wrench
> into this one... :/
>
> This is where we are though, Infineon clearly doesn't care, so it's time
> to move on.
>
> >> It's not about this *specific* patch, it's about the general situation
> >> of not being able to touch firmware interfaces "just in case Cypress
> >> breaks" being unsustainable in the long term. I wasn't pushing back
> >> because I think this particular one will be hard, I was pushing back
> >> because I can read the tea leaves and see this is not going to end well
> >> if it's the approach we start taking for everything. We *need* someone
> >> to be testing patches on Cypress, we can't just "try not to touch it"
> >> and cross our fingers. That just ends in disaster, we are not going to
> >> succeed in not breaking it either way and it's going to make the driver
> >> worse.
> >
> > I admire you ability of reading tea leaves. You saw the Grim I reckon.
> > Admittedly your responses on every comment from my side (or Kalle for
> > that matter) was polarizing every discussion. That is common way people
> > treat each other nowadays especially online where a conversation is just
> > a pile of text going shit. It does not bring out the best in me either,
> > but it was draining every ounce of energy from me so better end it by
> > stepping out.
>
> The hilariously outdated kernel development model surely doesn't help
> either (I've stated my opinion on this quite a few times if you've
> followed around) ;)
>
> This stuff gets *really* frustrating when you're trying to improve what
> is, I hope we can all admit, an undermaintained driver (that is not to
> say it's anyone's fault personally), and end up getting held back due to
> everything from coding style nitpicks to people not having the time to
> be responsive. It's just not helpful. It's important to know when to
> step aside and let people actually get stuff done.
>
> When Daniel started sending me brcmfmac patches downstream, I took a
> look at a few of them, decided he knew what he was doing, and just
> started pulling in his branches wholesale. Was it perfect? No, I had to
> debug at least one regression at one point. But it took me less time to
> do that than it would've to go through the commits with a fine toothed
> comb, so it was clearly the right decision.
>
> That is not to say that should be the standard upstream (we make a point
> of moving fast and breaking things more downstream, since it's a proving
> ground for what eventually will be upstreamed), but I think it does
> demonstrate the kind of delegation ability that is sorely lacking in
> many drivers and subsystems in the kernel these days. Maintainers become
> entrenched in their position, long beyond the point where they have the
> time/motivation/ability to drive the code forward, and end up in the way
> of new people who are trying to make a difference. I think Linus knows
> full well the kernel maintainer community is stagnating.
>
> That doesn't mean people should step down entirely. But it does mean
> they need to recognize when this is happening and, at least, proactively
> try to bring new people in, instead of just continuing to play a
> gatekeeping role. The role of maintainers should not be that of a wall
> people have to climb over to get their changes in, it should be to guide
> new contributors and help onboard people who can contribute, as peers
> and eventually as future maintainers.
>
> Kalle, in the other thread you said "this is not fun anymore, this is
> more like a business with requirements and demands coming from
> everywhere.". That's what it feels like to us when our changes get
> rejected because the local vars aren't in reverse Christmas tree order,
> or because our commit messages have "v2:" in them. It feels like some
> manager is trying to justify their position by creating busywork for
> everyone else. Nobody should actually care about any of those things,
> and if they do, they need to step back and really ask themselves how
> they ended up believing that. If the goal is to enforce a reasonable
> shared coding style so things don't spiral into chaos, FFS, let's just
> do what every other project does these days and adopt clang-format. Then
> *all* of us can stop wasting time on these trivialities and go back to
> getting stuff done. And really, nobody cares about commit messages as
> long as the tags are right, the subject line is succinct, and the
> important information is in there. Extra stuff never hurt anyone.
>
> > I added the ground work for multi-vendor support, but have not decided
> > on the approach to take. Abstract per firmware interface primitive or
> > simply have a cfg80211.c and fwil_types.h per vendor OR implement a
> > vendor-specific cfg80211 callback and override the default callback
> > during the driver attach, ie. in brcmf_fwvid_wcc_attach(). The latter
> > duplicates things, but lean towards that as it may be easier on the
> > long-term. What do your tea leaves tell you ;-)
>
> FWIW, I was hoping you'd stay on at least as a reviewer. Your
> contributions are valuable. You obviously know the driver and hardware
> much better than most people. I encourage you to, at least, post a v2 of
> the MAINTAINERS patch with yourself as an R: line.

I generally agree with this email, especially that Arend should stay
on as a reviewer/maintainer.

We need more people as either maintainers/contributors/reviewers/code
writers/testers, not less, to delegate, co-maintain, test, merge, make
the code more portable to many wifi devices, etc.

What really matters at the end of the day I guess is writing the code
that works across all the devices and testing it.

Which is why I spread awareness about this area, got 100s of
responses, especially on Linkedin, there's at least a portion of these
that want to help, in good spirits.

Is mise le meas/Regards,

Eric Curtin

>
> As far as the actual driver abstraction architecture, I'm going to leave
> it to Daniel to decide what makes the most sense, since he's the one
> introducing new mechanisms for that already. There's always room for
> refactoring later though, depending on the direction things take with
> the vendor split. BTW, clang-format also makes refactoring a lot less
> painful ;)
>
> - Hector
>
Arend van Spriel Dec. 24, 2023, 9:03 a.m. UTC | #27
On 12/22/2023 1:03 AM, Neal Gompa wrote:
> On Thu, Dec 21, 2023 at 3:40 PM Marcel Holtmann <marcel@holtmann.org> wrote:
>>
>> Hi Julian,
>>
>>>>>>>> Using the WSEC command instead of sae_password seems to be the supported
>>>>>>>> mechanism on newer firmware, and also how the brcmdhd driver does it.
>>>>>>>>
>>>>>>>> According to user reports [1], the sae_password codepath doesn't actually
>>>>>>>> work on machines with Cypress chips anyway, so no harm in removing it.
>>>>>>>>
>>>>>>>> This makes WPA3 work with iwd, or with wpa_supplicant pending a support
>>>>>>>> patchset [2].
>>>>>>>>
>>>>>>>> [1] https://rachelbythebay.com/w/2023/11/06/wpa3/
>>>>>>>> [2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
>>>>>>>>
>>>>>>>> Signed-off-by: Hector Martin <marcan@marcan.st>
>>>>>>>> Reviewed-by: Neal Gompa <neal@gompa.dev>
>>>>>>>
>>>>>>> Arend, what do you think?
>>>>>>>
>>>>>>> We recently talked about people testing brcmfmac patches, has anyone else
>>>>>>> tested this?
>>>>>>
>>>>>> Not sure I already replied so maybe I am repeating myself. I would prefer
>>>>>> to keep the Cypress sae_password path as well although it reportedly does
>>>>>> not work. The vendor support in the driver can be used to accommodate for
>>>>>> that. The other option would be to have people with Cypress chipset test
>>>>>> this patch. If that works for both we can consider dropping the
>>>>>> sae_password path.
>>>>>>
>>>>>> Regards,
>>>>>> Arend
>>>>>
>>>>> So, if nobody from Cypress chimes in ever, and nobody cares nor tests
>>>>> Cypress chipsets, are we keeping any and all existing Cypress code-paths
>>>>> as bitrotting code forever and adding gratuitous conditionals every time
>>>>> any functionality needs to change "just in case it breaks Cypress" even
>>>>> though it has been tested compatible on Broadcom chipsets/firmware?
>>>>>
>>>>> Because that's not sustainable long term.
>>>>
>>>> You should look into WEXT just for the fun of it. If it were up to me
>>>> and a bunch of other people that would have been gone decades ago. Maybe
>>>> a bad example if the sae_password is indeed not working, but the Cypress
>>>> chipset is used in RPi3 and RPi4 so there must be a couple of users.
>>>
>>> There are reports that WPA3 is broken on the Cypress chipsets the
>>> Raspberry Pis are using and this patch fixes it:
>>> https://rachelbythebay.com/w/2023/11/06/wpa3/
>>>
>>> Based on that, it appears that all known users of WPA3 capable
>>> hardware with this driver require this fix.
>>
>> the Pis are all using an outdated firmware. In their distro they put the
>> firmware already under the alternates systems, but it just lacks the SAE
>> offload support that is required to make WPA3 work. The linux-firmware
>> version does the trick nicely.
>>
>> I documented what I did to make this work on Pi5 (note that I normally
>> use Fedora on Pi4 and thus never encountered this issue)
>>
>> https://holtmann.dev/enabling-wpa3-on-raspberry-pi/
>>
>> However you need to use iwd and not hope that you get a wpa_supplicant
>> released version that will work.
>>
>> So whole game of wpa_supplicant is vendor specific to the company that
>> provides the driver is also insane, but that is another story. Use iwd
>> and you can most likely have WPA3 support if you have the right firmware.
>>
> 
> wpa_supplicant is perfectly fine if the necessary patches are
> backported, as Fedora has done:
> https://src.fedoraproject.org/rpms/wpa_supplicant/c/99f4bf2096d3976cee01c499d7a30c1376f5f0f7

The brcmfmac firmware has its own 802.11 stack implementation and as 
such it has a SME running in firmware which means the driver only 
implements the NL80211_CMD_CONNECT primitive. Now if the firmware also 
has in-driver supplicant (*-idsup-*) supporting SAE (*-sae-*) it can be 
offloaded. That is what Cypress went with at least for upstream. For 
firmware without these in the firmware target string the driver needs to 
implement support for NL80211_CMD_EXTERNAL_AUTH, which is what we opted 
for in Broadcom BCA (or WCC-Access as we call it these days). So I don't 
think it is a fair assessment to call the wpa_supplicant implementation 
vendor specific.

Regards,
Arend
Arend van Spriel Jan. 7, 2024, 9:51 a.m. UTC | #28
On 12/22/2023 6:10 AM, Hector Martin wrote:
> 
> 
> On 2023/12/21 18:57, Arend van Spriel wrote:
>> - SHA-cyfmac-dev-list@infineon.com
>>
>> On 12/21/2023 1:49 AM, Hector Martin wrote:
>>>
>>>
>>> On 2023/12/21 4:36, Arend van Spriel wrote:
>>>> On 12/20/2023 7:14 PM, Hector Martin wrote:
>>>>>
>>>>>
>>>>> On 2023/12/20 19:20, Kalle Valo wrote:
>>>>>> Linus Torvalds <torvalds@linux-foundation.org> writes:
>>>>>>
>>>>>>>> Just recently a patch was posted to remove the Infineon list from
>>>>>>>> MAINTAINERS because that company cares so little they have literally
>>>>>>>> stopped accepting emails from us. Meanwhile they are telling their
>>>>>>>> customers that they do not recommend upstream brcmfmac and they should
>>>>>>>> use their downstream driver [1].
>>>>>>>
>>>>>>> Unquestionably broadcom is not helping maintain things, and I think it
>>>>>>> should matter.
>>>>>>>
>>>>>>> As Hector says, they point to their random driver dumps on their site
>>>>>>> that you can't even download unless you are a "Broadcom community
>>>>>>> member" or whatever, and hey - any company that works that way should
>>>>>>> be seen as pretty much hostile to any actual maintenance and proper
>>>>>>> development.
>>>>>>
>>>>>> Sadly this is the normal in the wireless world. All vendors focus on the
>>>>>> latest generation, currently it's Wi-Fi 7, and lose interest on older
>>>>>> generations. And vendors lose focus on the upstream drivers even faster,
>>>>>> usually after a customer project ends.
>>>>>>
>>>>>> So in practise what we try to do is keep the drivers working somehow on
>>>>>> our own, even after the vendors are long gone. If we would deliberately
>>>>>> allow breaking drivers because vendor/corporations don't support us, I
>>>>>> suspect we would have sevaral broken drivers in upstream.
>>>>>>
>>>>>>> If Daniel and Hector are responsive to actual problem reports for the
>>>>>>> changes they cause, I do think that should count a lot.
>>>>>>
>>>>>> Sure, but they could also respect to the review comments. I find Arend's
>>>>>> proposal is reasonable and that's what I would implement in v2. We
>>>>>> (linux-wireless) make abstractions to workaround firmware problems or
>>>>>> interface conflicts all the time, just look at ath10k for example. I
>>>>>> would not be surprised if we need to add even more abstractions to
>>>>>> brcmfmac in the future. And Arend is the expert here, he has best
>>>>>> knowledge of Broadcom devices and I trust him.
>>>>>>
>>>>>> Has anyone even investigated what it would need to implement Arend's
>>>>>> proposal? At least I don't see any indication of that.
>>>>>
>>>>> Of course we can implement it (and we will as we actually got a report
>>>>> of this patch breaking Cypress now, finally).
>>>>>
>>>>> The question was never whether it could be done, we're already doing a
>>>>> bunch of abstractions to deal with just the Broadcom-only side of things
>>>>> too. The point I was trying to make is that we need to *know* what
>>>>> firmware abstractions we need and *why* they are needed. We can't just
>>>>> say, for every change, "well, nobody knows if the existing code works or
>>>>> not, so let's just add an abstraction just in case the change breaks
>>>>> something". As far as anyone involved in the discussions until now could
>>>>> tell, this code was just something some Cypress person dumped upstream,
>>>>> and nobody involved was being responsive to any of our inquiries, so
>>>>> there was no way to be certain it worked at all, whether it was
>>>>> supported in public firmware, or anything else.
>>>>>
>>>>> *Now* that we know the existing code is actually functional and not just
>>>>> dead/broken, and that the WSEC approach is conversely not functional on
>>>>> the Cypress firmwares, it makes sense to introduce an abstraction.
>>>>
>>>> Just a quick look in the git history could have told you that it was not
>>>> just dumped upstream and at least one person was using it and extended
>>>> it for 802.11r support (fast-roaming):
>>>>
>>>>
>>>> author	Paweł Drewniak <czajernia@gmail.com>	2021-08-24 23:13:30 +0100
>>>> committer	Kalle Valo <kvalo@codeaurora.org>	2021-08-29 11:33:07 +0300
>>>> commit	4b51de063d5310f1fb297388b7955926e63e45c9 (patch)
>>>> tree	ba2ccb5cbd055d482a8daa263f5e53531c07667f
>>>> /drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>>>> parent	81f9ebd43659320a88cae8ed5124c50b4d47ab66 (diff)
>>>> download	wireless-4b51de063d5310f1fb297388b7955926e63e45c9.tar.gz
>>>> brcmfmac: Add WPA3 Personal with FT to supported cipher suites
>>>> This allows the driver to connect to BSSIDs supporting SAE with 802.11r.
>>>> Tested on Raspberry Pi 4 Model B (STA) and UniFi 6LR/OpenWRT 21.02.0-rc2.
>>>> AP was set to 'sae-mixed' (WPA2/3 Personal).
>>>>
>>>> Signed-off-by: Paweł Drewniak <czajernia@gmail.com>
>>>> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
>>>> Link: https://lore.kernel.org/r/20210824221330.3847139-1-czajernia@gmail.com
>>>
>>> Sure, but we also had user reports of it *not* actually working (maybe
>>> it regressed?). We didn't know whether it was functional with the
>>> linux-firmware blobs in any way, I wanted confirmation of that. And we
>>> also didn't know that the patch *would* break it at all; perhaps the
>>> Cypress firmware had also grown support for the WSEC mechanism.
>>>
>>> That's why I wanted someone to actually confirm the code worked (in some
>>> subset of cases) and the patch didn't, before starting to introduce
>>> conditionals. There is, of course, also the element that the Cypress
>>> side has been long unmaintained, and if nobody is testing/giving
>>> feedback/complaining, perhaps it's better to err on the side of maybe
>>> breaking something and see if that gets someone to come out of the
>>> woodwork if it really breaks, rather than tiptoeing around the code
>>> without knowing what's going on and without anyone actually testing things.
>>
>> That is because you distrust the intent that Cypress was really
>> contributing. They were and I trusted them to not just throw in a
>> feature like WPA3. When Infineon took over they went mute. Upon
>> reviewing your patch (again) I also sent an email to them asking
>> specifically about the status of the sae_password interface. I did not
>> use the mailing list which indeed bounces these days (hence removed
>> them) but the last living soul that I had contact with about a year ago
>> whether they were still comitted to be involved. I guess out of
>> politeness or embarrassment I got confirmation they were and never heard
>> from him again. The query about the sae_password interface is still pending.
> 
> If only corporate acquisition politics didn't repeatedly throw a wrench
> into this one... :/
> 
> This is where we are though, Infineon clearly doesn't care, so it's time
> to move on.
> 
>>> It's not about this *specific* patch, it's about the general situation
>>> of not being able to touch firmware interfaces "just in case Cypress
>>> breaks" being unsustainable in the long term. I wasn't pushing back
>>> because I think this particular one will be hard, I was pushing back
>>> because I can read the tea leaves and see this is not going to end well
>>> if it's the approach we start taking for everything. We *need* someone
>>> to be testing patches on Cypress, we can't just "try not to touch it"
>>> and cross our fingers. That just ends in disaster, we are not going to
>>> succeed in not breaking it either way and it's going to make the driver
>>> worse.
>>
>> I admire you ability of reading tea leaves. You saw the Grim I reckon.
>> Admittedly your responses on every comment from my side (or Kalle for
>> that matter) was polarizing every discussion. That is common way people
>> treat each other nowadays especially online where a conversation is just
>> a pile of text going shit. It does not bring out the best in me either,
>> but it was draining every ounce of energy from me so better end it by
>> stepping out.
> 
> The hilariously outdated kernel development model surely doesn't help
> either (I've stated my opinion on this quite a few times if you've
> followed around) ;)

It is not a fair statement to call the kernel development process 
outdated. It is a vast code base that needs agreed upon steps to keep it 
rolling as it is. Attend a plumbers conference or collaboration summit 
or better become a speaker and vent all your opinions there and have a 
discussion with community members. They are held yearly and maybe over 
the past years things have been introduced that give more churn than 
value and that would be a great topic for discussion. However, it is 
better left outside of the development workflow.

> This stuff gets *really* frustrating when you're trying to improve what
> is, I hope we can all admit, an undermaintained driver (that is not to
> say it's anyone's fault personally), and end up getting held back due to
> everything from coding style nitpicks to people not having the time to
> be responsive. It's just not helpful. It's important to know when to
> step aside and let people actually get stuff done.
> 
> When Daniel started sending me brcmfmac patches downstream, I took a
> look at a few of them, decided he knew what he was doing, and just
> started pulling in his branches wholesale. Was it perfect? No, I had to
> debug at least one regression at one point. But it took me less time to
> do that than it would've to go through the commits with a fine toothed
> comb, so it was clearly the right decision.

With the patch that started it all I simply had another view based on 
trusting my peers. Infineon has been pulling away from brcmfmac off the 
bat, but Cypress was serious enough about the driver not to drop a heap 
of dung on it. Based on that I felt regressions would be around the 
corner if we took it as is.

> That is not to say that should be the standard upstream (we make a point
> of moving fast and breaking things more downstream, since it's a proving
> ground for what eventually will be upstreamed), but I think it does
> demonstrate the kind of delegation ability that is sorely lacking in
> many drivers and subsystems in the kernel these days. Maintainers become
> entrenched in their position, long beyond the point where they have the
> time/motivation/ability to drive the code forward, and end up in the way
> of new people who are trying to make a difference. I think Linus knows
> full well the kernel maintainer community is stagnating.
> 
> That doesn't mean people should step down entirely. But it does mean
> they need to recognize when this is happening and, at least, proactively
> try to bring new people in, instead of just continuing to play a
> gatekeeping role. The role of maintainers should not be that of a wall
> people have to climb over to get their changes in, it should be to guide
> new contributors and help onboard people who can contribute, as peers
> and eventually as future maintainers.
> 
> Kalle, in the other thread you said "this is not fun anymore, this is
> more like a business with requirements and demands coming from
> everywhere.". That's what it feels like to us when our changes get
> rejected because the local vars aren't in reverse Christmas tree order,
> or because our commit messages have "v2:" in them. It feels like some
> manager is trying to justify their position by creating busywork for
> everyone else. Nobody should actually care about any of those things,
> and if they do, they need to step back and really ask themselves how
> they ended up believing that. If the goal is to enforce a reasonable
> shared coding style so things don't spiral into chaos, FFS, let's just
> do what every other project does these days and adopt clang-format. Then
> *all* of us can stop wasting time on these trivialities and go back to
> getting stuff done. And really, nobody cares about commit messages as
> long as the tags are right, the subject line is succinct, and the
> important information is in there. Extra stuff never hurt anyone.

https://docs.kernel.org/process/clang-format.html#clangformat

Enjoy!!

>> I added the ground work for multi-vendor support, but have not decided
>> on the approach to take. Abstract per firmware interface primitive or
>> simply have a cfg80211.c and fwil_types.h per vendor OR implement a
>> vendor-specific cfg80211 callback and override the default callback
>> during the driver attach, ie. in brcmf_fwvid_wcc_attach(). The latter
>> duplicates things, but lean towards that as it may be easier on the
>> long-term. What do your tea leaves tell you ;-)
> 
> FWIW, I was hoping you'd stay on at least as a reviewer. Your
> contributions are valuable. You obviously know the driver and hardware
> much better than most people. I encourage you to, at least, post a v2 of
> the MAINTAINERS patch with yourself as an R: line.
> 
> As far as the actual driver abstraction architecture, I'm going to leave
> it to Daniel to decide what makes the most sense, since he's the one
> introducing new mechanisms for that already. There's always room for
> refactoring later though, depending on the direction things take with
> the vendor split. BTW, clang-format also makes refactoring a lot less
> painful ;)

Refactoring a single driver is not so painful, but rather a nice 
relaxing puzzle ;-)
diff mbox series

Patch

diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
index 2a90bb24ba77..138af70a33b8 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -1687,52 +1687,44 @@  static u16 brcmf_map_fw_linkdown_reason(const struct brcmf_event_msg *e)
 	return reason;
 }
 
-static int brcmf_set_pmk(struct brcmf_if *ifp, const u8 *pmk_data, u16 pmk_len)
+static int brcmf_set_wsec(struct brcmf_if *ifp, const u8 *key, u16 key_len, u16 flags)
 {
 	struct brcmf_pub *drvr = ifp->drvr;
 	struct brcmf_wsec_pmk_le pmk;
 	int err;
 
+	if (key_len > sizeof(pmk.key)) {
+		bphy_err(drvr, "key must be less than %zu bytes\n",
+			 sizeof(pmk.key));
+		return -EINVAL;
+	}
+
 	memset(&pmk, 0, sizeof(pmk));
 
-	/* pass pmk directly */
-	pmk.key_len = cpu_to_le16(pmk_len);
-	pmk.flags = cpu_to_le16(0);
-	memcpy(pmk.key, pmk_data, pmk_len);
+	/* pass key material directly */
+	pmk.key_len = cpu_to_le16(key_len);
+	pmk.flags = cpu_to_le16(flags);
+	memcpy(pmk.key, key, key_len);
 
-	/* store psk in firmware */
+	/* store key material in firmware */
 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_WSEC_PMK,
 				     &pmk, sizeof(pmk));
 	if (err < 0)
 		bphy_err(drvr, "failed to change PSK in firmware (len=%u)\n",
-			 pmk_len);
+			 key_len);
 
 	return err;
 }
 
+static int brcmf_set_pmk(struct brcmf_if *ifp, const u8 *pmk_data, u16 pmk_len)
+{
+	return brcmf_set_wsec(ifp, pmk_data, pmk_len, 0);
+}
+
 static int brcmf_set_sae_password(struct brcmf_if *ifp, const u8 *pwd_data,
 				  u16 pwd_len)
 {
-	struct brcmf_pub *drvr = ifp->drvr;
-	struct brcmf_wsec_sae_pwd_le sae_pwd;
-	int err;
-
-	if (pwd_len > BRCMF_WSEC_MAX_SAE_PASSWORD_LEN) {
-		bphy_err(drvr, "sae_password must be less than %d\n",
-			 BRCMF_WSEC_MAX_SAE_PASSWORD_LEN);
-		return -EINVAL;
-	}
-
-	sae_pwd.key_len = cpu_to_le16(pwd_len);
-	memcpy(sae_pwd.key, pwd_data, pwd_len);
-
-	err = brcmf_fil_iovar_data_set(ifp, "sae_password", &sae_pwd,
-				       sizeof(sae_pwd));
-	if (err < 0)
-		bphy_err(drvr, "failed to set SAE password in firmware (len=%u)\n",
-			 pwd_len);
-
-	return err;
+	return brcmf_set_wsec(ifp, pwd_data, pwd_len, BRCMF_WSEC_PASSPHRASE);
 }
 
 static void brcmf_link_down(struct brcmf_cfg80211_vif *vif, u16 reason,
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
index 611d1a6aabb9..b68c46caabe8 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
@@ -584,7 +584,7 @@  struct brcmf_wsec_key_le {
 struct brcmf_wsec_pmk_le {
 	__le16  key_len;
 	__le16  flags;
-	u8 key[2 * BRCMF_WSEC_MAX_PSK_LEN + 1];
+	u8 key[BRCMF_WSEC_MAX_SAE_PASSWORD_LEN];
 };
 
 /**