Hi, Am 18.06.19 um 10:27 schrieb Arend Van Spriel: > + Jouni > > On 6/18/2019 7:33 AM, Chi-Hsien Lin wrote: >> >> >> On 06/17/2019 10:33, Marcel Holtmann wrote: >>> Hi Chi-hsien, >>> >>>>>> i was able to reproduce an (maybe older issue) with 4-way handshake >>>>>> offloading for 802.1X in the brcmfmac driver. My setup consists of >>>>>> Raspberry Pi 3 B (current linux-next, arm64/defconfig) on STA >>>>>> side and a >>>>>> Raspberry Pi 3 A+ (Linux 4.19) on AP side. >>>>> >>>>> Looks like Raspberry Pi isn't the only affected platform [3], [4]. >>>>> >>>>> [3] - https://bugzilla.redhat.com/show_bug.cgi?id=1665608 >>>>> [4] - https://bugzilla.kernel.org/show_bug.cgi?id=202521 >>>> >>>> Stefan, >>>> >>>> Could you please try the attached patch for your wpa_supplicant? We'll >>>> upstream if it works for you. i've forward this patch to the Arch Linux board hoping someone else has currently more time. >>> >>> I hope that someone is also providing a kernel patch to fix the >>> issue. Hacking around a kernel issue in userspace is not enough. Fix >>> the root cause in the kernel. >> >> Marcel, >> >> This is a kernel warning for invalid application PMK set actions, so the >> fix is to only set PMK to wifi driver when 4-way is offloaded. I think >> Arend added the WARN_ON() intentionally to catch application misuse of > > PMK setting. >> >> You may also remove the warnings with the attached patch, but let's see >> what Arend says first. Instead of removing the WARN_ON i suggest to replace it with a more user friendly dev_warn(). >> >> >> Arend, >> >> Any comment? > > Hi Chi-Hsien, Marcel > > From the kernel side I do not see an issue. In order to use 802.1X > offload the NL80211_ATTR_WANT_1X_4WAY_HS flag must be set in > NL80211_CMD_CONNECT. Otherwise, NL80211_CMD_SET_PMK is not accepted. > The only improvement would be to document this more clearly in the > "WPA/WPA2 EAPOL handshake offload" DOC section in nl80211.h. I missed to add my expectation as a user. At first i assume this new behavior in wpa_supplicant 2.8 has been tested successful with at least one Linux wifi driver. So i'm curious if all drivers behave that way? Another point is that in my wpa_supplicant.conf i never enforced 802.1X offload and i assume this feature is optional. So can't we do some kind of fallback in this case? Stefan > > As for the wpa_supplicant behavior it seemed a good idea to reuse the > req_key_mgmt_offload parameter at the time, but it seems to bite each > other. Maybe it is better to have a separate flag like > 'req_handshake_offload'. Jouni, any thoughts on this? > > Regards, > Arend
