diff options
| author | Alexander Wetzel | 2019-02-09 15:01:38 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman | 2019-05-08 07:21:54 +0200 |
| commit | a78c3898de59bf790f0f98fd4c087505d1a16007 (patch) | |
| tree | 25801787bb8e3fbf957780cf25db18ecd4fd1372 /net/mac80211 | |
| parent | selinux: never allow relabeling on context mounts (diff) | |
| download | kernel-qcow2-linux-a78c3898de59bf790f0f98fd4c087505d1a16007.tar.gz kernel-qcow2-linux-a78c3898de59bf790f0f98fd4c087505d1a16007.tar.xz kernel-qcow2-linux-a78c3898de59bf790f0f98fd4c087505d1a16007.zip | |
mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode
commit 78ad2341521d5ea96cb936244ed4c4c4ef9ec13b upstream.
Restore SW_CRYPTO_CONTROL operation on AP_VLAN interfaces for unicast
keys, the original override was intended to be done for group keys as
those are treated specially by mac80211 and would always have been
rejected.
Now the situation is that AP_VLAN support must be enabled by the driver
if it can support it (meaning it can support software crypto GTK TX).
Thus, also simplify the code - if we get here with AP_VLAN and non-
pairwise key, software crypto must be used (driver doesn't know about
the interface) and can be used (driver must've advertised AP_VLAN if
it also uses SW_CRYPTO_CONTROL).
Fixes: db3bdcb9c3ff ("mac80211: allow AP_VLAN operation on crypto controlled devices")
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
[rewrite commit message]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/mac80211')
| -rw-r--r-- | net/mac80211/key.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/net/mac80211/key.c b/net/mac80211/key.c index c054ac85793c..f20bb39f492d 100644 --- a/net/mac80211/key.c +++ b/net/mac80211/key.c @@ -167,8 +167,10 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) * The driver doesn't know anything about VLAN interfaces. * Hence, don't send GTKs for VLAN interfaces to the driver. */ - if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) + if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) { + ret = 1; goto out_unsupported; + } } ret = drv_set_key(key->local, SET_KEY, sdata, @@ -213,11 +215,8 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) /* all of these we can do in software - if driver can */ if (ret == 1) return 0; - if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL)) { - if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) - return 0; + if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL)) return -EINVAL; - } return 0; default: return -EINVAL; |