Hi Arend, >>>>>> i was able to reproduce an (maybe older issue) with 4-way handshake >>>>>> offloading for 802.1X in the brcmfmac driver. My setup consists of >>>>>> Raspberry Pi 3 B (current linux-next, arm64/defconfig) on STA side and a >>>>>> Raspberry Pi 3 A+ (Linux 4.19) on AP side. >>>>> >>>>> Looks like Raspberry Pi isn't the only affected platform [3], [4]. >>>>> >>>>> [3] - https://bugzilla.redhat.com/show_bug.cgi?id=1665608 >>>>> [4] - https://bugzilla.kernel.org/show_bug.cgi?id=202521 >>>> >>>> Stefan, >>>> >>>> Could you please try the attached patch for your wpa_supplicant? We'll >>>> upstream if it works for you. >>> >>> I hope that someone is also providing a kernel patch to fix the issue. Hacking around a kernel issue in userspace is not enough. Fix the root cause in the kernel. >> Marcel, >> This is a kernel warning for invalid application PMK set actions, so the >> fix is to only set PMK to wifi driver when 4-way is offloaded. I think >> Arend added the WARN_ON() intentionally to catch application misuse of > > PMK setting. >> You may also remove the warnings with the attached patch, but let's see >> what Arend says first. >> Arend, >> Any comment? > > Hi Chi-Hsien, Marcel > > From the kernel side I do not see an issue. In order to use 802.1X offload the NL80211_ATTR_WANT_1X_4WAY_HS flag must be set in NL80211_CMD_CONNECT. Otherwise, NL80211_CMD_SET_PMK is not accepted. The only improvement would be to document this more clearly in the "WPA/WPA2 EAPOL handshake offload" DOC section in nl80211.h. so nl80211 is an API. And an application can use that API wrongly (be that intentionally or unintentionally), the kernel can not just go WARN_ON and print a backtrace. That is your bug. So please handle wrong user input properly. Frankly, I don’t get why nl80211 itself is not validating the input and this is left to the driver. I think we need a nl80211 fuzzer that really exercises this API with random values and parameters to provide invalid input. Regards Marcel
