On 2018-03-14 16:39, Rafał Miłecki wrote:
On 2018-03-14 13:58, Arend van Spriel wrote:
On 3/14/2018 12:01 PM, Rafał Miłecki wrote:
From: Rafał Miłecki <ra...@milecki.pl>

Testing brcmfmac with more recent firmwares resulted in AP interfaces
not working in some specific setups. Debugging resulted in discovering support for IAPP in Broadcom's firmwares. This is an obsoleted standard
and its implementation is something that:
1) Most people don't need / want to use
2) Can allow local DoS attacks
3) Breaks AP interfaces in some specific bridge setups

To solve issues it can cause this commit modifies brcmfmac to drop IAPP
packets. If affects:
1) Rx path: driver won't be sending these unwanted packets up.
2) Tx path: driver will reject packets that would trigger STA
disassociation perfromed by a firmware (possible local DoS attack).

It appears there are some Broadcom's clients/users who care about this
feature despite the drawbacks. They can switch it on by a newly added
Kconfig option.

Thanks for taking this approach. Looks fine except for .... (see below)

Reviewed-by: Arend van Spriel <arend.vanspr...@broadcom.com>
Signed-off-by: Rafał Miłecki <ra...@milecki.pl>
---
  drivers/net/wireless/broadcom/brcm80211/Kconfig    | 20 +++++++++++
.../wireless/broadcom/brcm80211/brcmfmac/core.c | 39 ++++++++++++++++++++++
  2 files changed, 59 insertions(+)

diff --git a/drivers/net/wireless/broadcom/brcm80211/Kconfig b/drivers/net/wireless/broadcom/brcm80211/Kconfig
index 9d99eb42d917..876787ef991a 100644
--- a/drivers/net/wireless/broadcom/brcm80211/Kconfig
+++ b/drivers/net/wireless/broadcom/brcm80211/Kconfig
@@ -68,6 +68,26 @@ config BRCMFMAC_PCIE
          IEEE802.11ac embedded FullMAC WLAN driver. Say Y if you want to
          use the driver for an PCIE wireless card.

+config BRCMFMAC_IAPP
+       bool "Partial support for obsoleted Inter-Access Point Protocol"
+       depends on BRCMFMAC
+       ---help---
+         Most of Broadcom's firmwares can send 802.11f ADD frame every
+         time new STA connects to the AP interface. Some recent ones
+         can also disassociate STA when they receive such a frame.

I do not see any evidence that this would occur only for recent
firmware. That stuff is old and not touched recently.

My evidence is comparing firmwares for 4366b1: 10.10.69.3309 (r610991)
vs. 10.10 (TOB) (r663589).

The first one is from linux-firmware.git and it doesn't implement IAPP
in the TX path. The later one is what I got from you privately and it
implements it.

Also a firmware for 4366c0: 10.10.122.20 (r683106) which is relatively
new implements IAPP in the TX path.

Please also take a look at my original patch
[PATCH] brcmfmac: detect & reject faked packet generated by a firmware
https://patchwork.kernel.org/patch/10191451/

Reply via email to