git: 6bd0e98fd3e5 - stable/14 - net80211: LinuxKPI 802.11: clean up MIC vs. MMIC rx flags

Wed, 19 Mar 2025 15:27:19 -0700 

The branch stable/14 has been updated by bz:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=6bd0e98fd3e5a6785833a33352f71ca7db56e234

commit 6bd0e98fd3e5a6785833a33352f71ca7db56e234
Author:     Bjoern A. Zeeb <[email protected]>
AuthorDate: 2025-03-03 11:43:00 +0000
Commit:     Bjoern A. Zeeb <[email protected]>
CommitDate: 2025-03-19 22:22:15 +0000

    net80211: LinuxKPI 802.11: clean up MIC vs. MMIC rx flags
    
    net80211 used MMIC flags for CCMP instead of only for TKIP.
    LinuxKPI 802.11 compat code (and later net80211) had a comment about
    this.  Given LinuxKPI seems to be the only consumer for these flags
    currently outside of net80211 itself, clean them up before implementing
    TKIP in LinuxKPI after all and before GCMP comes into the tree.
    
    Sponsored by:   The FreeBSD Foundation
    Reviewed by:    adrian
    Differential Revision: https://reviews.freebsd.org/D49219
    
    (cherry picked from commit 394a9a5b1c2ad7b679a00c3087c41378abfa74a1)
    (cherry picked from commit 5f2893553f3cde7c1529f9ca3987be378a9b7025)
---
 sys/compat/linuxkpi/common/src/linux_80211.c | 10 ++++------
 sys/net80211/_ieee80211.h                    |  5 +++--
 sys/net80211/ieee80211_crypto.c              |  7 ++++---
 sys/net80211/ieee80211_crypto_ccmp.c         | 11 +++--------
 sys/net80211/ieee80211_crypto_tkip.c         |  2 +-
 5 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/sys/compat/linuxkpi/common/src/linux_80211.c 
b/sys/compat/linuxkpi/common/src/linux_80211.c
index 88bbc9fa52a7..9c3ca961d6be 100644
--- a/sys/compat/linuxkpi/common/src/linux_80211.c
+++ b/sys/compat/linuxkpi/common/src/linux_80211.c
@@ -6224,14 +6224,12 @@ lkpi_convert_rx_status(struct ieee80211_hw *hw,
        }
        if (rx_status->flag & RX_FLAG_MMIC_STRIPPED)
                rx_stats->c_pktflags |= IEEE80211_RX_F_MMIC_STRIP;
-       if (rx_status->flag & RX_FLAG_MIC_STRIPPED) {
-               /* net80211 re-uses M[ichael]MIC for MIC too. Confusing. */
-               rx_stats->c_pktflags |= IEEE80211_RX_F_MMIC_STRIP;
-       }
+       if (rx_status->flag & RX_FLAG_MMIC_ERROR)
+               rx_stats->c_pktflags |= IEEE80211_RX_F_FAIL_MMIC;
+       if (rx_status->flag & RX_FLAG_MIC_STRIPPED)
+               rx_stats->c_pktflags |= IEEE80211_RX_F_MIC_STRIP;
        if (rx_status->flag & RX_FLAG_IV_STRIPPED)
                rx_stats->c_pktflags |= IEEE80211_RX_F_IV_STRIP;
-       if (rx_status->flag & RX_FLAG_MMIC_ERROR)
-               rx_stats->c_pktflags |= IEEE80211_RX_F_FAIL_MIC;
        if (rx_status->flag & RX_FLAG_FAILED_FCS_CRC)
                rx_stats->c_pktflags |= IEEE80211_RX_F_FAIL_FCSCRC;
 #endif
diff --git a/sys/net80211/_ieee80211.h b/sys/net80211/_ieee80211.h
index 8b86cd612168..798dde6fe08a 100644
--- a/sys/net80211/_ieee80211.h
+++ b/sys/net80211/_ieee80211.h
@@ -564,16 +564,17 @@ struct ieee80211_mimo_info {
 #define        IEEE80211_RX_F_AMPDU            0x00000010 /* This is the start 
of an decap AMPDU list */
 #define        IEEE80211_RX_F_AMPDU_MORE       0x00000020 /* This is another 
decap AMPDU frame in the batch */
 #define        IEEE80211_RX_F_FAIL_FCSCRC      0x00000040 /* Failed CRC/FCS */
-#define        IEEE80211_RX_F_FAIL_MIC         0x00000080 /* Failed MIC check 
*/
+#define        IEEE80211_RX_F_FAIL_MMIC        0x00000080 /* Failed Michael 
MIC (MMIC) check */
 #define        IEEE80211_RX_F_DECRYPTED        0x00000100 /* Hardware 
decrypted */
 #define        IEEE80211_RX_F_IV_STRIP         0x00000200 /* Decrypted; IV 
stripped */
-#define        IEEE80211_RX_F_MMIC_STRIP       0x00000400 /* Decrypted; 
[Micheal] MIC ([M]MIC) stripped */
+#define        IEEE80211_RX_F_MMIC_STRIP       0x00000400 /* Decrypted; 
Michael MIC (MMIC) stripped */
 #define        IEEE80211_RX_F_SHORTGI          0x00000800 /* This is a 
short-GI frame */
 #define        IEEE80211_RX_F_CCK              0x00001000
 #define        IEEE80211_RX_F_OFDM             0x00002000
 #define        IEEE80211_RX_F_HT               0x00004000
 #define        IEEE80211_RX_F_VHT              0x00008000
 #define        IEEE80211_RX_F_PN_VALIDATED     0x00010000 /* Decrypted; PN 
validated */
+#define        IEEE80211_RX_F_MIC_STRIP        0x00020000 /* Decrypted; MIC 
stripped */
 
 /* Channel width */
 #define        IEEE80211_RX_FW_20MHZ           1
diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c
index bdbe52720f6e..c5e0816bd43c 100644
--- a/sys/net80211/ieee80211_crypto.c
+++ b/sys/net80211/ieee80211_crypto.c
@@ -716,9 +716,9 @@ ieee80211_crypto_demic(struct ieee80211vap *vap, struct 
ieee80211_key *k,
         * Handle demic / mic errors from hardware-decrypted offload devices.
         */
        if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_DECRYPTED)) {
-               if (rxs->c_pktflags & IEEE80211_RX_F_FAIL_MIC) {
+               if ((rxs->c_pktflags & IEEE80211_RX_F_FAIL_MMIC) != 0) {
                        /*
-                        * Hardware has said MIC failed.  We don't care about
+                        * Hardware has said MMIC failed.  We don't care about
                         * whether it was stripped or not.
                         *
                         * Eventually - teach the demic methods in crypto
@@ -729,7 +729,8 @@ ieee80211_crypto_demic(struct ieee80211vap *vap, struct 
ieee80211_key *k,
                        return (0);
                }
 
-               if (rxs->c_pktflags & IEEE80211_RX_F_MMIC_STRIP) {
+               if ((rxs->c_pktflags &
+                   (IEEE80211_RX_F_MIC_STRIP|IEEE80211_RX_F_MMIC_STRIP)) != 0) 
{
                        /*
                         * Hardware has decrypted and not indicated a
                         * MIC failure and has stripped the MIC.
diff --git a/sys/net80211/ieee80211_crypto_ccmp.c 
b/sys/net80211/ieee80211_crypto_ccmp.c
index 404996b1cbca..87730679c47f 100644
--- a/sys/net80211/ieee80211_crypto_ccmp.c
+++ b/sys/net80211/ieee80211_crypto_ccmp.c
@@ -295,11 +295,7 @@ finish:
                m_adj(m, ccmp.ic_header);
        }
 
-       /*
-        * XXX TODO: see if MMIC_STRIP also covers CCMP MIC trailer.
-        * Well no as it's a MIC not MMIC but we re-use the same flag for now.
-        */
-       if ((rxs == NULL) || (rxs->c_pktflags & IEEE80211_RX_F_MMIC_STRIP) == 0)
+       if ((rxs == NULL) || (rxs->c_pktflags & IEEE80211_RX_F_MIC_STRIP) == 0)
                m_adj(m, -ccmp.ic_trailer);
 
        /*
@@ -683,10 +679,9 @@ ccmp_decrypt(struct ieee80211_key *key, u_int64_t pn, 
struct mbuf *m, int hdrlen
        }
 
        /*
-        * If the MIC (we use MMIC despite not being Micheal) was stripped
-        * by HW/driver we are done.
+        * If the MIC was stripped by HW/driver we are done.
         */
-       if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_MMIC_STRIP) != 0)
+       if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_MIC_STRIP) != 0)
                return (1);
 
        if (memcmp(mic, a, ccmp.ic_trailer) != 0) {
diff --git a/sys/net80211/ieee80211_crypto_tkip.c 
b/sys/net80211/ieee80211_crypto_tkip.c
index d2bc281f15a2..4b5cf73e1065 100644
--- a/sys/net80211/ieee80211_crypto_tkip.c
+++ b/sys/net80211/ieee80211_crypto_tkip.c
@@ -394,7 +394,7 @@ tkip_demic(struct ieee80211_key *k, struct mbuf *m, int 
force)
         * directly notify as a michael failure to the upper
         * layers.
         */
-       if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_FAIL_MIC)) {
+       if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_FAIL_MMIC)) {
                struct ieee80211vap *vap = ctx->tc_vap;
                ieee80211_notify_michael_failure(vap, wh,
                    k->wk_rxkeyix != IEEE80211_KEYIX_NONE ?

Reply via email to