JIRA: https://issues.redhat.com/browse/RHEL-67113
commit 4f1591d292277eec51d027405a92f0d4ef5e299e
Author: Johannes Berg <johannes.berg@intel.com>
Date: Mon Jul 29 20:20:05 2024 +0300
wifi: iwlwifi: mvm: use correct key iteration
In the cases changed here, key iteration isn't done from
an RCU critical section, but rather using the wiphy lock
as protection. Therefore, just use ieee80211_iter_keys().
The link switch case can therefore also use sync commands.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20240729201718.69a2d18580c1.I2148e04d4b467d0b100beac8f7e449bfaaf775a5@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-34696
JIRA: https://issues.redhat.com/browse/RHEL-36900
CVE: CVE-2024-27434
commit e35f316bce9e5733c9826120c1838f4c447b2c4c
Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Date: Tue Feb 6 18:02:06 2024 +0200
wifi: iwlwifi: mvm: don't set the MFP flag for the GTK
The firmware doesn't need the MFP flag for the GTK, it can even make the
firmware crash. in case the AP is configured with: group cipher TKIP and
MFPC. We would send the GTK with cipher = TKIP and MFP which is of course
not possible.
Fixes: 5c75a208c244 ("wifi: iwlwifi: mvm: support new key API")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://msgid.link/20240206175739.2f2c602ab3c6.If13b2e2fa532381d985c07df130bee1478046c89@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-34696
commit 619a900f279800876e425ce4ef41c4e493bdf7d4
Author: Ilan Peer <ilan.peer@intel.com>
Date: Wed Jan 31 23:08:16 2024 +0200
wifi: iwlwifi: mvm: Add support for removing responder TKs
When removing a PASN station, the TK must be removed before
the station is removed as otherwise the FW would assert.
To handle this, store the key configuration, and use it to remove
the key when the station is removed.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Gregory Greenman <gregory.greenman@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://msgid.link/20240131230734.3e6364730c04.Ia76dc4a9d399f1f68ac6b157d844b63f74d5159f@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-19746
commit 8f9a791a8edd87fa64b35037d9c3bce89a1b8d21
Author: Ilan Peer <ilan.peer@intel.com>
Date: Wed Oct 11 13:07:20 2023 +0300
wifi: iwlwifi: mvm: Fix key flags for IGTK on AP interface
When an IGTK is installed for an AP interface, there is no station
associated with it. However, the MFP flag must be set for the installed
key as otherwise the FW wouldn't use it.
Fix the security key flag to set the MFP flag also when the AP is
an AP interface and the key index matches that of an IGTK.
Fixes: 5c75a208c244 ("wifi: iwlwifi: mvm: support new key API")
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20231011130030.f67005e2d4d2.I6832c6e87f3c79fff00689eb10a3a30810e1ee83@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-19746
commit 63ef576c9facf5d92702e249ad213fa73eb434bf
Author: Johannes Berg <johannes.berg@intel.com>
Date: Tue Sep 26 11:07:20 2023 +0300
wifi: iwlwifi: mvm: use correct sta ID for IGTK/BIGTK
We don't (yet) send the IGTK down to the firmware, but when
we do it needs to be with the broadcast station ID, not the
multicast station ID. Same for the BIGTK, which we may send
already if firmware advertises it (but it doesn't yet.)
Fixes: a5de7de7e78e ("wifi: iwlwifi: mvm: enable TX beacon protection")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230926110319.dbc653913353.I82e90c86010f0b9588a180d9835fd11f666f5196@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-2907
commit d615ea32f62042c3484520dca648f5120fb1035a
Author: Johannes Berg <johannes.berg@intel.com>
Date: Tue Jun 13 15:57:22 2023 +0300
wifi: iwlwifi: mvm: put only a single IGTK into FW
The firmware only supports a single IGTK, and due to some
changes it really doesn't like to have multiple programmed
in later versions. Since only newer firmware cannot remove
a key that isn't present any more, adjust only the MLD API
code to keep track of the previous IGTK and remove it when
a new one is added.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230613155501.3fde1ef09270.I2e12a3b0bba4325c07dc8fcce39b711f158bd621@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-2907
commit 0945f9762ec3766186a179f7ccd001a3e160e3a0
Author: Avraham Stern <avraham.stern@intel.com>
Date: Wed May 24 20:42:02 2023 +0300
wifi: iwlwifi: mvm: support PASN for MLO
When adding a PASN station, the non MLD API was used. This results
in assert when operating as MLD. Fix it to use the MLD API when
operating as MLD. For now, the default link is used for the added
station.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230524203151.7c35dccc8a12.I7bc78cd16d7c750f42fdd60e07e839a860d279d2@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
Bugzilla: https://bugzilla.redhat.com/2196821
commit 8642ddb2a363cab424fd6975165007f308de75ba
Author: Johannes Berg <johannes.berg@intel.com>
Date: Sun Apr 16 15:47:36 2023 +0300
wifi: iwlwifi: mvm: implement key link switching
Implement switching keys from one set of firmware station IDs
to another set, during link switch.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.c6a777dd5e47.I693f7fd7c52fe8b51a58af69d45488511367f49e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Bugzilla: https://bugzilla.redhat.com/2196821
commit 66a588bff29e61345df6d281c56d9864b84eb8cc
Author: Johannes Berg <johannes.berg@intel.com>
Date: Sun Apr 16 15:47:30 2023 +0300
wifi: iwlwifi: mvm: factor out iwl_mvm_sta_fw_id_mask()
We are going to need this in more places than just the
key code, so factor out the functionality of getting
the FW station ID mask (filtered to a specific link if
needed) to a separate function that can now be called
both under RCU and mvm->mutex protection.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230416154301.eff92b93025d.I2c50290a0537d5db3d3460f4d57c78a4712ffb75@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Bugzilla: https://bugzilla.redhat.com/2196821
commit aea99650f7316b43a064311bb79064e397ed237c
Author: Johannes Berg <johannes.berg@intel.com>
Date: Fri Apr 14 13:12:03 2023 +0300
wifi: iwlwifi: mvm: set STA mask for keys in MLO
Implement the full STA mask and selecting the correct link
for key installation.
While at it, catch errors if this function returns a bad
zero station mask, rather than waiting for the firmware to
crash on it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.cedae2f21829.Iae07b736c3109d085ad5b74ec8282ce45020da39@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Bugzilla: https://bugzilla.redhat.com/2196821
commit 0c9a8f9084be45525d445bf9e55ccbb152a16e1f
Author: Johannes Berg <johannes.berg@intel.com>
Date: Fri Apr 14 13:12:00 2023 +0300
wifi: iwlwifi: mvm: track AP STA pointer and use it for MFP
Instead of relying on the AP STA ID and dereferencing our
firmware -> mac80211 STA array when we really only need
the STA, not the per-link information (and might not have
it, e.g. for a pairwise key installation where this is
relevant), keep track of the AP STA as a pointer to the
mac80211 STA, protected by the mutex. Then use it here in
the key code instead.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230414130637.7db01b1508de.I88e6d252cdb0a6e4581d7c5fd7cbc037b4fd40ae@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Bugzilla: https://bugzilla.redhat.com/2196821
commit 072573f6971dcedeb0e221259a41718e42154c8f
Author: Johannes Berg <johannes.berg@intel.com>
Date: Wed Mar 29 10:05:24 2023 +0300
wifi: iwlwifi: mvm: remove only link-specific AP keys
When we remove the AP station, we iterate over the links
and remove all the keys, however, the key iteration will
return all keys for all links, so skip the ones that we
don't need based on the link ID.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230329100039.e724878f502e.I66870d4629244b4b309be79e11cbbd384bdf93be@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Bugzilla: https://bugzilla.redhat.com/2196821
commit ba9eef6ba636e72c00b565610d29d10984711d68
Author: Gregory Greenman <gregory.greenman@intel.com>
Date: Wed Mar 29 10:05:14 2023 +0300
wifi: iwlwifi: mvm: adjust iwl_mvm_sec_key_remove_ap to MLO
It has to be done per link. We still don't support keys
configuration for several links, but the single vif link can
still point to a link different from deflink. For now handle
the removal of keys for the default link.
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230329100039.19d729cc4654.I4ebe8e3eb5fc00a994761f7c0ad40107382705ca@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Bugzilla: https://bugzilla.redhat.com/2196821
commit 6a2a71e563d5cb53037d01785d3817650371213a
Author: Johannes Berg <johannes.berg@intel.com>
Date: Wed Mar 29 10:05:13 2023 +0300
wifi: iwlwifi: mvm: make a few warnings only trigger once
We're hitting these while starting to enable MLO in the
driver, but getting them each and every time isn't very
useful one way or the other. Make these warnings trigger
only once.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230329100039.f333741d3dcf.If063d4cfe8a583f0f980a1b0ae4e63e17ba4ddc9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Bugzilla: https://bugzilla.redhat.com/2196821
commit c8ee33e184e4163586cc6c786d5c14dcdf6f4e07
Author: Gregory Greenman <gregory.greenman@intel.com>
Date: Tue Mar 28 10:58:42 2023 +0300
wifi: iwlwifi: mvm: sta preparation for MLO
Split iwl_mvm_sta into general and link specific parts. As a first
step, all link dependent parameters reside in deflink.
The change was done mostly using the spatch below with some manual
adjustments.
@iwl_mvm_sta@
struct iwl_mvm_sta *s;
identifier var = {sta_id, lq_sta, avg_energy};
@@
(
s->
- var
+ deflink.var
)
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230328104948.34eace06d583.I1f8c5e919a71b21030460fbdd220d42401b688b1@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Bugzilla: https://bugzilla.redhat.com/2196821
commit 650cadb730105f1894b6c8afacc57a368dd18b91
Author: Gregory Greenman <gregory.greenman@intel.com>
Date: Tue Mar 28 10:58:41 2023 +0300
wifi: iwlwifi: mvm: vif preparation for MLO
In MLO, some fields of iwl_mvm_vif should be defined in the
context of a link. Define a separate structure for these fields and
add a deflink object to hold it as part of iwl_mvm_vif. Non-MLO legacy
code will use only deflink object while MLO related code will use the
corresponding link from the link array.
It follows the strategy applied in mac80211 for introducing MLO
changes.
The below spatch takes care of updating all driver code to access
fields separated into MLD specific data structure via deflink (need
to convert all references to the fields listed in var to deflink.var
and also to take care of calls like iwl_mvm_vif_from_mac80211(vif)->field).
@iwl_mld_vif@
struct iwl_mvm_vif *v;
struct ieee80211_vif *vv;
identifier fn;
identifier var = {bssid, ap_sta_id, bcast_sta, mcast_sta,
beacon_stats, smps_requests, probe_resp_data,
he_ru_2mhz_block, cab_queue, phy_ctxt,
queue_params};
@@
(
v->
- var
+ deflink.var
|
fn(vv)->
- var
+ deflink.var
)
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230328104948.4896576f0a9f.Ifaf0187c96b9fe52b24bd629331165831a877691@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Bugzilla: https://bugzilla.redhat.com/2178526
commit 5c75a208c2449c6ea24f07610cc052f6a352246c
Author: Johannes Berg <johannes.berg@intel.com>
Date: Wed Nov 2 16:59:53 2022 +0200
wifi: iwlwifi: mvm: support new key API
In order to support MLD, the key API is also changing to have
station masks instead of just the station ID etc. Change the
driver to support this, and add the new code in a new file so
it's more clearly separated.
For now this isn't separated at the mac80211 ops level, which
we wanted to do, but we're calling these functions in a place
when pre-start keys are installed in iwl_mvm_start_ap_ibss(),
and the function has some glue logic to mac80211. We may want
to change that later.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20221102165239.ed9ccd814abc.Iacc7360de68807fbac19e5b67c86504b39cc15df@changeid
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
Jose Ignacio Tornos Martinez
Íñigo Huguet