From patchwork Tue Jun 21 08:42:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinayak Yadawad X-Patchwork-Id: 1645925 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=KsN+D5hG; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=broadcom.com header.i=@broadcom.com header.a=rsa-sha256 header.s=google header.b=JEf3yT2R; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LS0RK41C5z9sGp for ; Tue, 21 Jun 2022 18:43:41 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: MIME-Version:Message-Id:Date:Subject:Cc:To:From:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=E/QZXLfCizptWy1iLmfVNb78acFdCHW/AKNZQ1qA6iQ=; b=KsN +D5hGz3diQrw+YnvKMvz9f5RyP21n6BRPazlUuYrsSI7Si2qUBI1xyeX47tVQRufZOFYdrZHlteB7 v33LFEq9mrKfWWf3vFT81ixUMRslb3Z37kE8wbhdYZ0FGOrsUeLNm8pefPh2iyeA2CePgX4N551XQ 18Va5XNcLTmwhxrkH6XHb+tUrFjTUjMkSWaif8TaRAkyEAOMUXOwpKaLQLJqgPxg5aEwJQsHqEoXI /SobFtwrPJa+1+QyIL1OSySy+c1ivxEpPkwH8eLWncTBY4sxslTCC/hEgWWaEmLpfg4DTSf3qx01g Mvt3rHngyozHmNkrwqXsXPADR2lJmMg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1o3ZTD-004NtD-1Q; Tue, 21 Jun 2022 08:42:47 +0000 Received: from mail-pg1-x52d.google.com ([2607:f8b0:4864:20::52d]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1o3ZTA-004NsG-DO for hostap@lists.infradead.org; Tue, 21 Jun 2022 08:42:45 +0000 Received: by mail-pg1-x52d.google.com with SMTP id a14so2878401pgh.11 for ; Tue, 21 Jun 2022 01:42:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=from:to:cc:subject:date:message-id:mime-version; bh=2ZtvCQgDuH8XXDQ2ZodFw/xg/MDQH8sbS1UhrRZuPhA=; b=JEf3yT2RNcOYWKrEVEMCgo7DPMaZEH/jrK+jqUXRCUIsFXjina0OV6hoA7veSDaUXQ D5kjPOTEKSOkga0oR8cnpv0fKoDDQG5WEbxYIsbBHn2OBtwp/AA/ie1fEXbOL6grYJLX /TT0M4hZPw37FUfvP/nB9N6pbgNdbngiO8CXo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version; bh=2ZtvCQgDuH8XXDQ2ZodFw/xg/MDQH8sbS1UhrRZuPhA=; b=zDmyWbz/CmwCrPfShjAXdWNhXbKh1t1sE07Sl/kC7jGhWoDENQMV6xogi2RUmV5Fux +g/NGNBr8I/IkRYC2g7IeznDIQsEk7ZSc444kNyn+5LGoZ3KX8arqU9KOB2/TmY88ZcH i8q/WB7EKLvS0GzadqAXcNcXf5oGqrj7bn97zvuvUYZicvLK6Fs7C07pYRthM6USLrqT MhIQNMbPU9HbaaFFKW2mztQJXgGhuAy5pGDxBzNp04L46TACm/cPSETYGdsVlvE45hfe FQ07MK4T0ucUySzATn9dF9f8gYn54DliNiAyzTvcfPCekfsBVIHKDaNuSS8OVqrZkhId 6RCQ== X-Gm-Message-State: AJIora9LEbsyl03yt99bKNjIh+rdSX5YOmrZsVfoMYb+y8yWvUWhBWEA ujn997yvnxMfsadG3zQ7r0UzfrOcbqDtg2Wt/4YV7jqrtG+/OqWkDbsUx4+1YdpsA+Md+eke1P/ V+LNxm18dNAusDxbLBkdoLrdw+/1jo7lfsR1PMh/ufOkDHyVwTAoj+R5josWBkoac8VnS63gfgL kdHXjy08uqjek= X-Google-Smtp-Source: AGRyM1uq3n55xMY7pg2eBZZ4uQHwrqK4IMmk1iclm0OD/7sd4ftJX3XTZ1iJSJaxlMHm/q11zE7MiA== X-Received: by 2002:a05:6a00:124a:b0:51c:26a5:1b05 with SMTP id u10-20020a056a00124a00b0051c26a51b05mr28767277pfi.14.1655800962807; Tue, 21 Jun 2022 01:42:42 -0700 (PDT) Received: from ibnvda0196.ibn.broadcom.net ([192.19.252.250]) by smtp.gmail.com with ESMTPSA id ja13-20020a170902efcd00b0016a087cfad8sm7682470plb.264.2022.06.21.01.42.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Jun 2022 01:42:42 -0700 (PDT) From: Vinayak Yadawad To: hostap@lists.infradead.org Cc: jithu.jance@broadcom.com, Vinayak Yadawad Subject: [PATCH 1/1] STA_ASSOC: Mark Port authorization and State Completion based on authorized state in connect event Date: Tue, 21 Jun 2022 14:12:26 +0530 Message-Id: X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220621_014244_494732_CDDB4FCC X-CRM114-Status: GOOD ( 17.77 ) X-Spam-Score: -0.4 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: In case of drivers supporting 4way handshake offload, mark port authorized and state completion only if driver advertizes authorized state in the connect event. Otherwise there are fair chances of dri [...] Content analysis details: (-0.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:52d listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.2 DKIMWL_WL_HIGH DKIMwl.org - High trust sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org In case of drivers supporting 4way handshake offload, mark port authorized and state completion only if driver advertizes authorized state in the connect event. Otherwise there are fair chances of driver port authorization api gets called while 4-way handshake is in progress at the lower layer. In order to avoid this possible race condition always update port authorization and supplicant state WPA_COMPLETED setting from EVENT_PORT_AUTHORIZED context when driver is done with 4way handshake. Signed-off-by: Vinayak Yadawad --- wpa_supplicant/events.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index ec56cfdc0..f20e1c87b 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -3478,14 +3478,23 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, eapol_sm_notify_eap_success(wpa_s->eapol, true); } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) && wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) { - /* - * We are done; the driver will take care of RSN 4-way - * handshake. - */ - wpa_supplicant_cancel_auth_timeout(wpa_s); - wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); - eapol_sm_notify_portValid(wpa_s->eapol, true); - eapol_sm_notify_eap_success(wpa_s->eapol, true); + if (already_authorized) { + /* + * We are done; the driver will take care of RSN 4-way + * handshake. + */ + wpa_supplicant_cancel_auth_timeout(wpa_s); + wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); + eapol_sm_notify_portValid(wpa_s->eapol, true); + eapol_sm_notify_eap_success(wpa_s->eapol, true); + } else { + /* Update port, WPA_COMPLETED state from + * EVENT_PORT_AUTHORIZED context when driver is done + * with 4way handshake. + */ + wpa_msg(wpa_s, MSG_INFO, "ASSOC INFO: wait for driver port " + "authorized indication"); + } } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) && wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) { /*