| From 78ad2341521d5ea96cb936244ed4c4c4ef9ec13b Mon Sep 17 00:00:00 2001 |
| From: Alexander Wetzel <alexander@wetzel-home.de> |
| Date: Sat, 9 Feb 2019 15:01:38 +0100 |
| Subject: mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode |
| |
| From: Alexander Wetzel <alexander@wetzel-home.de> |
| |
| commit 78ad2341521d5ea96cb936244ed4c4c4ef9ec13b upstream. |
| |
| Restore SW_CRYPTO_CONTROL operation on AP_VLAN interfaces for unicast |
| keys, the original override was intended to be done for group keys as |
| those are treated specially by mac80211 and would always have been |
| rejected. |
| |
| Now the situation is that AP_VLAN support must be enabled by the driver |
| if it can support it (meaning it can support software crypto GTK TX). |
| |
| Thus, also simplify the code - if we get here with AP_VLAN and non- |
| pairwise key, software crypto must be used (driver doesn't know about |
| the interface) and can be used (driver must've advertised AP_VLAN if |
| it also uses SW_CRYPTO_CONTROL). |
| |
| Fixes: db3bdcb9c3ff ("mac80211: allow AP_VLAN operation on crypto controlled devices") |
| Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de> |
| [rewrite commit message] |
| Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| net/mac80211/key.c | 9 ++++----- |
| 1 file changed, 4 insertions(+), 5 deletions(-) |
| |
| --- a/net/mac80211/key.c |
| +++ b/net/mac80211/key.c |
| @@ -167,8 +167,10 @@ static int ieee80211_key_enable_hw_accel |
| * The driver doesn't know anything about VLAN interfaces. |
| * Hence, don't send GTKs for VLAN interfaces to the driver. |
| */ |
| - if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) |
| + if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) { |
| + ret = 1; |
| goto out_unsupported; |
| + } |
| } |
| |
| ret = drv_set_key(key->local, SET_KEY, sdata, |
| @@ -213,11 +215,8 @@ static int ieee80211_key_enable_hw_accel |
| /* all of these we can do in software - if driver can */ |
| if (ret == 1) |
| return 0; |
| - if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL)) { |
| - if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) |
| - return 0; |
| + if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL)) |
| return -EINVAL; |
| - } |
| return 0; |
| default: |
| return -EINVAL; |