brain-hackers_pepepper-mirror/linux-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/linux-brain.git synced 2024-06-09 23:36:23 +09:00
Code Issues Projects Releases Wiki Activity
c65755f595
linux-brain/drivers
History
Martin Fuzzey 6707b3d438 rsi: fix AP mode with WPA failure due to encrypted EAPOL 
commit 314538041b5632ffaf64798faaeabaf2793fe029 upstream.

In AP mode WPA2-PSK connections were not established.

The reason was that the AP was sending the first message
of the 4 way handshake encrypted, even though no pairwise
key had (correctly) yet been set.

Encryption was enabled if the "security_enable" driver flag
was set and encryption was not explicitly disabled by
IEEE80211_TX_INTFL_DONT_ENCRYPT.

However security_enable was set when *any* key, including
the AP GTK key, had been set which was causing unwanted
encryption even if no key was avaialble for the unicast
packet to be sent.

Fix this by adding a check that we have a key and drop
the old security_enable driver flag which is insufficient
and redundant.

The Redpine downstream out of tree driver does it this way too.

Regarding the Fixes tag the actual code being modified was
introduced earlier, with the original driver submission, in
dad0d04fa7 ("rsi: Add RS9113 wireless driver"), however
at that time AP mode was not yet supported so there was
no bug at that point.

So I have tagged the introduction of AP support instead
which was part of the patch set "rsi: support for AP mode" [1]

It is not clear whether AP WPA has ever worked, I can see nothing
on the kernel side that broke it afterwards yet the AP support
patch series says "Tests are performed to confirm aggregation,
connections in WEP and WPA/WPA2 security."

One possibility is that the initial tests were done with a modified
userspace (hostapd).

[1] https://www.spinics.net/lists/linux-wireless/msg165302.html

Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group>
Fixes: 38ef62353a ("rsi: security enhancements for AP mode")
CC: stable@vger.kernel.org
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1622564459-24430-1-git-send-email-martin.fuzzey@flowbird.group
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-07-14 16:53:07 +02:00
..
accessibility
acpi ACPICA: Clean up context mutex during object deletion 2021-06-10 13:37:04 +02:00
amba amba: Fix resource leak for drivers without .remove 2021-03-04 10:26:32 +01:00
android binder: add flag to clear buffer on txn complete 2020-12-30 11:51:35 +01:00
ata ata: libahci_platform: fix IRQ check 2021-05-14 09:44:24 +02:00
atm atm: idt77252: fix null-ptr-dereference 2021-03-30 14:35:21 +02:00
auxdisplay auxdisplay: ht16k33: Fix refresh rate handling 2021-03-04 10:26:30 +01:00
base PM: runtime: Fix unpaired parent child_count for force_resume 2021-05-19 10:08:20 +02:00
bcma
block nbd: Fix NULL pointer in flush_workqueue 2021-05-19 10:08:30 +02:00
bluetooth Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl 2021-03-07 12:20:44 +01:00
bus bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act 2021-06-10 13:37:08 +02:00
cdrom cdrom: gdrom: initialize global variable at init time 2021-05-26 12:05:19 +02:00
char char: hpet: add checks after calling ioremap 2021-06-03 08:59:09 +02:00
clk clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 2021-06-23 14:41:31 +02:00
clocksource clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined 2021-03-04 10:26:29 +01:00
connector
counter counter: stm32-timer-cnt: fix ceiling miss-alignment with reload register 2021-04-14 08:24:09 +02:00
cpufreq cpufreq: armada-37xx: Fix determining base CPU frequency 2021-05-14 09:44:21 +02:00
cpuidle
crypto crypto: qat - Fix a double free in adf_create_ring 2021-05-14 09:44:20 +02:00
dax device-dax/core: Fix memory leak when rmmod dax.ko 2020-12-30 11:51:46 +01:00
dca
devfreq PM / devfreq: Use more accurate returned new_freq as resume_freq 2021-05-14 09:44:20 +02:00
dio
dma dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma 2021-06-30 08:47:46 -04:00
dma-buf dmabuf: fix use-after-free of dmabuf's file->f_inode 2021-01-12 20:16:23 +01:00
edac EDAC/amd64: Fix PCI component registration 2020-12-30 11:51:36 +01:00
eisa
extcon extcon: arizona: Fix various races on driver unbind 2021-05-11 14:04:09 +02:00
firewire firewire: nosy: Fix a use-after-free bug in nosy_ioctl() 2021-04-07 14:47:43 +02:00
firmware efi: cper: fix snprintf() use in cper_dimm_err_location() 2021-06-10 13:37:03 +02:00
fpga
fsi
gnss
gpio gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP 2021-07-07 08:22:58 -04:00
gpu drm/nouveau: fix dma_address check for CPU/GPU sync 2021-07-07 08:22:58 -04:00
greybus
hid HID: gt683r: add missing MODULE_DEVICE_TABLE 2021-06-18 09:58:58 +02:00
hsi HSI: core: fix resource leaks in hsi_add_client_from_dt() 2021-05-14 09:44:25 +02:00
hv Drivers: hv: vmbus: Increase wait time for VMbus unload 2021-05-14 09:44:22 +02:00
hwmon hwmon: (scpi-hwmon) shows the negative temperature properly 2021-06-23 14:41:27 +02:00
hwspinlock
hwtracing intel_th: pci: Add Alder Lake-M support 2021-05-11 14:04:15 +02:00
i2c i2c: robotfuzz-osif: fix control-request directions 2021-06-30 08:47:50 -04:00
i3c Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register" 2021-05-14 09:44:15 +02:00
ide scsi: ide: Do not set the RQF_PREEMPT flag for sense requests 2021-01-12 20:16:09 +01:00
idle
iio iio: ltr501: ltr501_read_ps(): add missing endianness conversion 2021-07-14 16:53:06 +02:00
infiniband RDMA/mlx5: Block FDB rules when not in switchdev mode 2021-07-07 08:22:58 -04:00
input Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl 2021-07-14 16:53:02 +02:00
interconnect interconnect: core: fix error return code of icc_link_destroy() 2021-04-16 11:46:37 +02:00
iommu iommu/vt-d: Fix sysfs leak in alloc_iommu() 2021-06-03 08:59:00 +02:00
ipack
irqchip irqchip/gic-v3: Fix OF_BAD_ADDR error handling 2021-05-14 09:44:20 +02:00
isdn isdn: mISDN: netjet: Fix crash in nj_probe: 2021-06-16 11:59:34 +02:00
leds leds: lp5523: check return value of lp5xx_read and jump to cleanup code 2021-05-26 12:05:20 +02:00
lightnvm lightnvm: fix memory leak when submit fails 2021-01-27 11:47:53 +01:00
macintosh
mailbox
mcb
md dm verity: fix require_signatures module_param permissions 2021-06-16 11:59:37 +02:00
media media: dvb-usb: fix wrong definition 2021-07-14 16:53:00 +02:00
memory memory: pl353: fix mask of ECC page_size config register 2021-05-14 09:44:19 +02:00
memstick memstick: r592: Fix error return in r592_probe() 2020-12-30 11:51:18 +01:00
message
mfd mfd: stm32-timers: Avoid clearing auto reload register 2021-05-14 09:44:25 +02:00
misc platform/x86: hp_accel: Avoid invoking _INI to speed up resume 2021-06-03 08:59:08 +02:00
mmc mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk 2021-06-30 08:47:44 -04:00
mtd mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init 2021-05-14 09:44:20 +02:00
mux
net rsi: fix AP mode with WPA failure due to encrypted EAPOL 2021-07-14 16:53:07 +02:00
nfc nfc: pn533: prevent potential memory corruption 2021-05-14 09:44:27 +02:00
ntb
nubus
nvdimm libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC 2021-04-21 12:56:16 +02:00
nvme nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() 2021-06-18 09:58:59 +02:00
nvmem nvmem: core: skip child nodes not matching binding 2021-03-04 10:26:37 +01:00
of Revert "fdt: Properly handle "no-map" field in the memory region" 2021-05-14 09:44:33 +02:00
opp
oprofile
parisc
parport
pci Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" 2021-06-30 08:47:45 -04:00
pcmcia
perf perf/smmuv3: Don't trample existing events with global filter 2021-07-14 16:53:05 +02:00
phy phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally 2021-05-14 09:44:19 +02:00
pinctrl pinctrl: stm32: fix the reported number of GPIO lines per bank 2021-06-30 08:47:50 -04:00
platform platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet 2021-06-03 08:59:12 +02:00
pnp
power power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() 2021-05-11 14:04:11 +02:00
powercap
pps
ps3 powerpc/ps3: use dma_mapping_error() 2020-12-30 11:51:26 +01:00
ptp ptp: improve max_adj check against unreasonable values 2021-06-23 14:41:26 +02:00
pwm pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() 2021-03-04 10:26:36 +01:00
rapidio rapidio: handle create_workqueue() failure 2021-05-26 12:05:17 +02:00
ras RAS/CEC: Correct ce_add_elem()'s returned values 2021-04-14 08:24:18 +02:00
regulator regulator: max77620: Use device_set_of_node_from_dev() 2021-06-16 11:59:43 +02:00
remoteproc remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() 2020-12-30 11:51:24 +01:00
reset
rpmsg rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() 2021-05-19 10:08:25 +02:00
rtc rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path 2021-07-14 16:53:05 +02:00
s390 s390/cio: dont call css_wait_for_slow_path() inside a lock 2021-07-14 16:53:05 +02:00
sbus
scsi scsi: sr: Return appropriate error code when disk is ejected 2021-07-07 08:22:58 -04:00
sfi
sh
siox
slimbus slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI 2020-12-30 11:51:13 +01:00
soc soc: aspeed: fix a ternary sign expansion bug 2021-05-14 09:44:23 +02:00
soundwire soundwire: stream: fix memory leak in stream config error path 2021-05-14 09:44:19 +02:00
spi spi: spi-nxp-fspi: move the register operation after the clock enable 2021-06-30 08:47:44 -04:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-03-04 10:26:49 +01:00
ssb ssb: sdio: Don't overwrite const buffer if block_write fails 2021-07-14 16:53:07 +02:00
staging pinctrl: ralink: rt2880: avoid to error in calls is pin is already enabled 2021-06-23 14:41:27 +02:00
target scsi: target: core: Fix warning on realtime kernels 2021-06-18 09:58:59 +02:00
tc
tee tee: optee: do not check memref size on return from Secure World 2021-05-11 14:04:06 +02:00
thermal thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID 2021-06-03 08:59:05 +02:00
thunderbolt thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue 2021-06-03 08:59:03 +02:00
tty serial_cs: remove wrong GLOBETROTTER.cis entry 2021-07-14 16:53:07 +02:00
uio uio_hv_generic: Fix a memory leak in error handling paths 2021-05-26 12:05:17 +02:00
usb xhci: solve a double free problem while doing s4 2021-07-14 16:53:01 +02:00
vfio vfio/platform: fix module_put call in error flow 2021-06-10 13:37:03 +02:00
vhost vhost: Fix vhost_vq_reset() 2021-04-07 14:47:39 +02:00
video video: hgafb: correctly handle card detect failure during probe 2021-05-26 12:05:21 +02:00
virt virt: vbox: Do not use wait_event_interruptible when called from kernel context 2021-03-04 10:26:10 +01:00
virtio virtio_ring: Fix two use after free bugs 2020-12-30 11:51:29 +01:00
visorbus
vlynq
vme
w1
watchdog watchdog: mei_wdt: request stop on unregister 2021-03-04 10:26:47 +01:00
xen xen/events: reset active flag for lateeoi events later 2021-07-11 12:52:08 +02:00
zorro
Kconfig
Makefile