mac80211: treat some SAE auth steps as final

Message ID	20220223112146.008533287568.I273035bd1d8eebebb59bfadd7f43aef81431bd3a@changeid
State	New
Headers	show Return-Path: <linux-wireless-owner@kernel.org> From: Johannes Berg <johannes@sipsolutions.net> To: linux-wireless@vger.kernel.org Cc: Johannes Berg <johannes.berg@intel.com>, Jouni Malinen <j@w1.fi> Subject: [PATCH] mac80211: treat some SAE auth steps as final Date: Wed, 23 Feb 2022 11:21:47 +0100 Message-Id: <20220223112146.008533287568.I273035bd1d8eebebb59bfadd7f43aef81431bd3a@changeid> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	mac80211: treat some SAE auth steps as final \| expand mac80211: treat some SAE auth steps as final

Message ID

20220223112146.008533287568.I273035bd1d8eebebb59bfadd7f43aef81431bd3a@changeid

State

New

Headers

From: Johannes Berg <johannes@sipsolutions.net>
To: linux-wireless@vger.kernel.org
Cc: Johannes Berg <johannes.berg@intel.com>, Jouni Malinen <j@w1.fi>
Subject: [PATCH] mac80211: treat some SAE auth steps as final
Date: Wed, 23 Feb 2022 11:21:47 +0100
Message-Id: 
 <20220223112146.008533287568.I273035bd1d8eebebb59bfadd7f43aef81431bd3a@changeid>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

mac80211: treat some SAE auth steps as final | expand

Commit Message

Johannes Berg Feb. 23, 2022, 10:21 a.m. UTC

From: Johannes Berg <johannes.berg@intel.com>

When we get anti-clogging token required (added by the commit
mentioned below), or the other status codes added by the later
commit 4e56cde15f7d ("mac80211: Handle special status codes in
SAE commit") we currently just pretend (towards the internal
state machine of authentication) that we didn't receive anything.

This has the undesirable consequence of retransmitting the prior
frame, which is not expected, because the timer is still armed.

If we just disarm the timer at that point, it would result in
the undesirable side effect of being in this state indefinitely
if userspace crashes, or so.

So to fix this, reset the timer and actually set auth_data->done
in order to have no more retransmission, but to have the data
destroyed when the timer actually fires, which will only happen
if userspace didn't continue (i.e. crashed or abandoned it.)

Fixes: a4055e74a2ff ("mac80211: Don't destroy auth data in case of anti-clogging")
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 net/mac80211/mlme.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index e5ccf17618ab..0216c22a5287 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -37,6 +37,7 @@ 
 #define IEEE80211_AUTH_TIMEOUT_SAE	(HZ * 2)
 #define IEEE80211_AUTH_MAX_TRIES	3
 #define IEEE80211_AUTH_WAIT_ASSOC	(HZ * 5)
+#define IEEE80211_AUTH_WAIT_SAE_RETRY	(HZ * 2)
 #define IEEE80211_ASSOC_TIMEOUT		(HZ / 5)
 #define IEEE80211_ASSOC_TIMEOUT_LONG	(HZ / 2)
 #define IEEE80211_ASSOC_TIMEOUT_SHORT	(HZ / 10)
@@ -3011,8 +3012,15 @@  static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
 		    (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED ||
 		     (auth_transaction == 1 &&
 		      (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
-		       status_code == WLAN_STATUS_SAE_PK))))
+		       status_code == WLAN_STATUS_SAE_PK)))) {
+			/* treat it as done so that timeout will remove it */
+			ifmgd->auth_data->done = true;
+			ifmgd->auth_data->timeout =
+				jiffies + IEEE80211_AUTH_WAIT_SAE_RETRY;
+			ifmgd->auth_data->timeout_started = true;
+			run_again(sdata, ifmgd->auth_data->timeout);
 			goto notify_driver;
+		}
 
 		sdata_info(sdata, "%pM denied authentication (status %d)\n",
 			   mgmt->sa, status_code);

mac80211: treat some SAE auth steps as final

Commit Message

Patch