[v2,1/1] cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient

Commit Message

Vinayak Yadawad Sept. 15, 2023, 5:17 a.m. UTC

In 4way handshake offload, cfg80211_port_authorized enables driver
to indicate successful 4way handshake to cfg80211 layer. Currently
this path of port authorization is restricted to interface type
NL80211_IFTYPE_STATION and NL80211_IFTYPE_P2P_CLIENT. This patch
extends the support for NL80211_IFTYPE_AP and NL80211_IFTYPE_P2P_GO
interfaces to authorize peer STA/P2P_CLIENT, whenever authentication
is offloaded on the AP/P2P_GO interface.

Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
---
 include/net/cfg80211.h |  8 ++++++--
 net/wireless/core.h    |  2 +-
 net/wireless/nl80211.c |  4 ++--
 net/wireless/nl80211.h |  5 ++++-
 net/wireless/sme.c     | 23 ++++++++++++++---------
 net/wireless/util.c    |  2 +-
 6 files changed, 28 insertions(+), 16 deletions(-)

Comments

Jeff Johnson Sept. 15, 2023, 7:11 p.m. UTC | #1

On 9/14/2023 10:17 PM, Vinayak Yadawad wrote:
> In 4way handshake offload, cfg80211_port_authorized enables driver
> to indicate successful 4way handshake to cfg80211 layer. Currently
> this path of port authorization is restricted to interface type
> NL80211_IFTYPE_STATION and NL80211_IFTYPE_P2P_CLIENT. This patch
> extends the support for NL80211_IFTYPE_AP and NL80211_IFTYPE_P2P_GO
> interfaces to authorize peer STA/P2P_CLIENT, whenever authentication
> is offloaded on the AP/P2P_GO interface.
> 
> Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
> ---

v1->v2 change log is missing
can you provide that as a separate message

Johannes Berg Sept. 18, 2023, 7:48 a.m. UTC | #2

On Fri, 2023-09-15 at 12:11 -0700, Jeff Johnson wrote:
> On 9/14/2023 10:17 PM, Vinayak Yadawad wrote:
> > In 4way handshake offload, cfg80211_port_authorized enables driver
> > to indicate successful 4way handshake to cfg80211 layer. Currently
> > this path of port authorization is restricted to interface type
> > NL80211_IFTYPE_STATION and NL80211_IFTYPE_P2P_CLIENT. This patch
> > extends the support for NL80211_IFTYPE_AP and NL80211_IFTYPE_P2P_GO
> > interfaces to authorize peer STA/P2P_CLIENT, whenever authentication
> > is offloaded on the AP/P2P_GO interface.
> > 
> > Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
> > ---
> 
> v1->v2 change log is missing
> can you provide that as a separate message

Or just fix it with v3, this doesn't apply ...

Also please indent the documentation per what you see there (tab).

johannes

Vinayak Yadawad Sept. 23, 2023, 2:26 p.m. UTC | #3

Hi,

I have addressed the comments as part of "[PATCH v3 1/1] cfg80211:
Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient".
Please review.

Regards,
Vinayak

On Mon, Sep 18, 2023 at 1:18 PM Johannes Berg <johannes@sipsolutions.net> wrote:
>
> On Fri, 2023-09-15 at 12:11 -0700, Jeff Johnson wrote:
> > On 9/14/2023 10:17 PM, Vinayak Yadawad wrote:
> > > In 4way handshake offload, cfg80211_port_authorized enables driver
> > > to indicate successful 4way handshake to cfg80211 layer. Currently
> > > this path of port authorization is restricted to interface type
> > > NL80211_IFTYPE_STATION and NL80211_IFTYPE_P2P_CLIENT. This patch
> > > extends the support for NL80211_IFTYPE_AP and NL80211_IFTYPE_P2P_GO
> > > interfaces to authorize peer STA/P2P_CLIENT, whenever authentication
> > > is offloaded on the AP/P2P_GO interface.
> > >
> > > Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
> > > ---
> >
> > v1->v2 change log is missing
> > can you provide that as a separate message
>
> Or just fix it with v3, this doesn't apply ...
>
> Also please indent the documentation per what you see there (tab).
>
> johannes

Patch

diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 3a4b684f89bf..54f09ad2692b 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -7967,7 +7967,8 @@  void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info,
  * cfg80211_port_authorized - notify cfg80211 of successful security association
  *
  * @dev: network device
- * @bssid: the BSSID of the AP
+ * @peer_addr: BSSID of the AP/P2P GO in case of STA/GC or STA/GC MAC address
+ * in case of AP/P2P GO
  * @td_bitmap: transition disable policy
  * @td_bitmap_len: Length of transition disable policy
  * @gfp: allocation flags
@@ -7978,8 +7979,11 @@  void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info,
  * should be preceded with a call to cfg80211_connect_result(),
  * cfg80211_connect_done(), cfg80211_connect_bss() or cfg80211_roamed() to
  * indicate the 802.11 association.
+ * This function can also be called by AP/P2P GO driver that supports
+ * authentication offload. In this case the peer_mac passed is that of
+ * associated STA/GC.
  */
-void cfg80211_port_authorized(struct net_device *dev, const u8 *bssid,
+void cfg80211_port_authorized(struct net_device *dev, const u8 *peer_addr,
 			      const u8* td_bitmap, u8 td_bitmap_len, gfp_t gfp);
 
 /**
diff --git a/net/wireless/core.h b/net/wireless/core.h
index 507d184b8b40..678aba05e78b 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -276,7 +276,7 @@  struct cfg80211_event {
 			struct ieee80211_channel *channel;
 		} ij;
 		struct {
-			u8 bssid[ETH_ALEN];
+			u8 peer_addr[ETH_ALEN];
 			const u8 *td_bitmap;
 			u8 td_bitmap_len;
 		} pa;
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index de47838aca4f..af4878df118e 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -18219,7 +18219,7 @@  void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
 }
 
 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
-				  struct net_device *netdev, const u8 *bssid,
+				  struct net_device *netdev, const u8 *peer_addr,
 				  const u8 *td_bitmap, u8 td_bitmap_len)
 {
 	struct sk_buff *msg;
@@ -18237,7 +18237,7 @@  void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
 
 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
-	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
+	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_addr))
 		goto nla_put_failure;
 
 	if ((td_bitmap_len > 0) && td_bitmap)
diff --git a/net/wireless/nl80211.h b/net/wireless/nl80211.h
index b4af53f9b227..d3cabf358696 100644
--- a/net/wireless/nl80211.h
+++ b/net/wireless/nl80211.h
@@ -82,8 +82,11 @@  void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
 			 struct net_device *netdev,
 			 struct cfg80211_roam_info *info, gfp_t gfp);
+/* For STA/GC, indicate port authorized with AP/GO bssid.
+ * For GO/AP, use peer GC/STA mac_addr.
+ */
 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
-				  struct net_device *netdev, const u8 *bssid,
+				  struct net_device *netdev, const u8 *peer_addr,
 				  const u8 *td_bitmap, u8 td_bitmap_len);
 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
 			       struct net_device *netdev, u16 reason,
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 9bba233b5a6e..59f1e9936c29 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -1294,24 +1294,29 @@  void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info,
 }
 EXPORT_SYMBOL(cfg80211_roamed);
 
-void __cfg80211_port_authorized(struct wireless_dev *wdev, const u8 *bssid,
+void __cfg80211_port_authorized(struct wireless_dev *wdev, const u8 *peer_addr,
 					const u8 *td_bitmap, u8 td_bitmap_len)
 {
 	ASSERT_WDEV_LOCK(wdev);
 
 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
-		    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
+		wdev->iftype != NL80211_IFTYPE_P2P_CLIENT &&
+		wdev->iftype != NL80211_IFTYPE_AP &&
+		wdev->iftype != NL80211_IFTYPE_P2P_GO))
 		return;
 
-	if (WARN_ON(!wdev->connected) ||
-	    WARN_ON(!ether_addr_equal(wdev->u.client.connected_addr, bssid)))
-		return;
+	if (wdev->iftype == NL80211_IFTYPE_STATION ||
+		wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) {
+		if (WARN_ON(!wdev->connected) ||
+			WARN_ON(!ether_addr_equal(wdev->u.client.connected_addr, peer_addr)))
+			return;
+	}
 
 	nl80211_send_port_authorized(wiphy_to_rdev(wdev->wiphy), wdev->netdev,
-				     bssid, td_bitmap, td_bitmap_len);
+				     peer_addr, td_bitmap, td_bitmap_len);
 }
 
-void cfg80211_port_authorized(struct net_device *dev, const u8 *bssid,
+void cfg80211_port_authorized(struct net_device *dev, const u8 *peer_addr,
 			      const u8 *td_bitmap, u8 td_bitmap_len, gfp_t gfp)
 {
 	struct wireless_dev *wdev = dev->ieee80211_ptr;
@@ -1319,7 +1324,7 @@  void cfg80211_port_authorized(struct net_device *dev, const u8 *bssid,
 	struct cfg80211_event *ev;
 	unsigned long flags;
 
-	if (WARN_ON(!bssid))
+	if (WARN_ON(!peer_addr))
 		return;
 
 	ev = kzalloc(sizeof(*ev) + td_bitmap_len, gfp);
@@ -1327,7 +1332,7 @@  void cfg80211_port_authorized(struct net_device *dev, const u8 *bssid,
 		return;
 
 	ev->type = EVENT_PORT_AUTHORIZED;
-	memcpy(ev->pa.bssid, bssid, ETH_ALEN);
+	memcpy(ev->pa.peer_addr, peer_addr, ETH_ALEN);
 	ev->pa.td_bitmap = ((u8 *)ev) + sizeof(*ev);
 	ev->pa.td_bitmap_len = td_bitmap_len;
 	memcpy((void *)ev->pa.td_bitmap, td_bitmap, td_bitmap_len);
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 1783ab9d57a3..e9e2f0a7ea11 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -1069,7 +1069,7 @@  void cfg80211_process_wdev_events(struct wireless_dev *wdev)
 			__cfg80211_leave(wiphy_to_rdev(wdev->wiphy), wdev);
 			break;
 		case EVENT_PORT_AUTHORIZED:
-			__cfg80211_port_authorized(wdev, ev->pa.bssid,
+			__cfg80211_port_authorized(wdev, ev->pa.peer_addr,
 						   ev->pa.td_bitmap,
 						   ev->pa.td_bitmap_len);
 			break;