From nobody Sun Feb 16 20:22:03 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ywxz06KF5z5ntKK;
	Sun, 16 Feb 2025 20:22:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Ywxz00YbXz3rhg;
	Sun, 16 Feb 2025 20:22:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1739737324;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=5gukZQTHzP/jTXfFM06ouP8ZPZb+KYVmbgyMUhOHtVQ=;
	b=cBjTKiiBEJje39/6/Jt23mNunwAnRkabnPYkZ+tScn6pgzMsbkn+vgIPvlQFvl/RDBEQ+3
	gNcEaNMFJJYFG4fQqjryuVBI8lb5bWuaazeMgTCXSO8ALSngkPlLwQN/GsOwiX/XmrnXPV
	YFd5FTVOf31Pm0FPp+EvoYS2AtWl0Pnx/RhgD4b6VbbbOSIX99NgZKj3pi0jKpZnkIz7HL
	v3Xsgshgyt24Tyoh5t4dmsuhzcKdTfS7cy8OH5Vuo88whSrNLGeE9ihr3XTINX5WNBiPbx
	jNao0rlf6n1ALWB+yxBHi1FDGAQ/zGn3WQD0BzlMradHvZAE6xJjPZ7ksM2wdQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739737324; a=rsa-sha256; cv=none;
	b=OYR2wSsX/zinxQWtNW47bpn8ZlGlu6L7m5QQ3IA6bbJVc4oD6dGrGjqOwbs7XvPUINbmB8
	KiE5FqmvsvEHrVHui8ZvP+YuVv4oWKbtN+cgp9ZigiCe8OklDwqAFXnbgcpZdNk71AUdK4
	KlhjFqvkgeI2qnyJnwUrpaHWuouAyqzk9m6THr2BPX/XcQ1xiuNj1134OvzmnStRNSzipx
	F6vdObPdqaKS3sa1QJdGNZROgUYFpNE/Sfx1xEgTpDruVOsBlObowqK+sE2komUiuOQ1O0
	z9x9algOrLZNvBkl/5wvuWivS8RbHYy+DQf8Z/1ItKo/wlieOm0duqYbFBexDA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1739737324;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=5gukZQTHzP/jTXfFM06ouP8ZPZb+KYVmbgyMUhOHtVQ=;
	b=NdkT56/nornpAa49fBXzVwYd5NeFpk4OvgeLRbok8YMIwzWlhyJ1KJvRUF9gf6GT4Pq6xl
	1MP4ZnbZ6LlZtWjh6vHxLXuNhfdPU8i16BDAZiPRragP9EkcH+Oocy3HIpRfnuaBhpB2hV
	V12phfw6Bq7s6nBlRzP04WUHutx0SlvShSNsWHjEwB2CiY/WK1FUBGaQuFSDml5d7BLZQf
	/Y7viTf+2aSarIXtSDGms4kS5gfa7YQjEbxhbnvqXVTvLw31jBtX+5wjokbfyinrnYrmWU
	r+SecrUOj57PqCwbbCleHX7OzdAiaSbRbsF1UPih07x/JFmYIg9si/6JIYpe5w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Ywxyz6rxPz12sF;
	Sun, 16 Feb 2025 20:22:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51GKM3LP077712;
	Sun, 16 Feb 2025 20:22:03 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51GKM3uo077709;
	Sun, 16 Feb 2025 20:22:03 GMT
	(envelope-from git)
Date: Sun, 16 Feb 2025 20:22:03 GMT
Message-Id: <202502162022.51GKM3uo077709@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Subject: git: ec6185c52661 - main - net80211/crypto: LinuxKPI/802.11:
  introduce IEEE80211_RX_F_PN_VALIDATED
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: bz
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: ec6185c52661d3af0dac6dcc8701fc49fae3e1d9
Auto-Submitted: auto-generated

The branch main has been updated by bz:

URL: https://cgit.FreeBSD.org/src/commit/?id=ec6185c52661d3af0dac6dcc8701fc49fae3e1d9

commit ec6185c52661d3af0dac6dcc8701fc49fae3e1d9
Author:     Bjoern A. Zeeb <bz@FreeBSD.org>
AuthorDate: 2025-01-07 12:02:54 +0000
Commit:     Bjoern A. Zeeb <bz@FreeBSD.org>
CommitDate: 2025-02-16 20:20:50 +0000

    net80211/crypto: LinuxKPI/802.11: introduce IEEE80211_RX_F_PN_VALIDATED
    
    There are cases when we see "rx seq# violation (CCMP)".
    
    Historically these were AHDEMO/IBBS cases (IEEE80211_KEY_NOREPLAY,
    see 5d766a09daab2).
    
    With iwlwifi(4) doing RSS for newer chipsets and us not having any idea
    about multiple rx-queues (passed all the way through) leads to the same
    problem.  An easy way to trigger this is doing an IPv6 all-nodes echo
    request.  With a sufficient amount of nodes answering the answers will
    be hashed to different queues and re-ordering will likely take place
    as queues get released individually.
    However crypto validation is already done in fw/driver for these cases
    and we need to carry the state forward.  Add IEEE80211_RX_F_PN_VALIDATED
    to indicate that the checks were done passing the information from driver
    through LinuxKPI to net80211.
    LinuxKPI enforces that a frame was indeed decrypted; otherwise the flag
    would be invalid.
    
    This also avoids returning an error and no key from
    ieee80211_crypto_decap() and thus avoids dropping the frame.
    
    Sponsored by:   The FreeBSD Foundation
    MFC after:      3 days
    Reviewed by:    adrian
    Differential Revision: https://reviews.freebsd.org/D49029
---
 sys/compat/linuxkpi/common/src/linux_80211.c | 16 +++++++++++++++-
 sys/net80211/_ieee80211.h                    |  1 +
 sys/net80211/ieee80211_crypto_ccmp.c         | 16 +++++++++++++---
 3 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/sys/compat/linuxkpi/common/src/linux_80211.c b/sys/compat/linuxkpi/common/src/linux_80211.c
index 8c1b9d73ab56..07b79fed2c2b 100644
--- a/sys/compat/linuxkpi/common/src/linux_80211.c
+++ b/sys/compat/linuxkpi/common/src/linux_80211.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2020-2024 The FreeBSD Foundation
+ * Copyright (c) 2020-2025 The FreeBSD Foundation
  * Copyright (c) 2020-2025 Bjoern A. Zeeb
  *
  * This software was developed by Björn Zeeb under sponsorship from
@@ -5424,6 +5424,20 @@ no_trace_beacons:
 	rx_stats.c_freq = rx_status->freq;
 	rx_stats.c_ieee = ieee80211_mhz2ieee(rx_stats.c_freq, rx_stats.c_band);
 
+	/*
+	 * We only need these for LKPI_80211_HW_CRYPTO in theory but in
+	 * case the hardware does something we do not expect always leave
+	 * these enabled.  Leaving this commant as documentation for the || 1.
+	 */
+#if defined(LKPI_80211_HW_CRYPTO) || 1
+	if (rx_status->flag & RX_FLAG_DECRYPTED) {
+		rx_stats.c_pktflags |= IEEE80211_RX_F_DECRYPTED;
+		/* Only valid if decrypted is set. */
+		if (rx_status->flag & RX_FLAG_PN_VALIDATED)
+			rx_stats.c_pktflags |= IEEE80211_RX_F_PN_VALIDATED;
+	}
+#endif
+
 	/* XXX (*sta_statistics)() to get to some of that? */
 	/* XXX-BZ dump the FreeBSD version of rx_stats as well! */
 
diff --git a/sys/net80211/_ieee80211.h b/sys/net80211/_ieee80211.h
index 8ae7eb0f1c45..8d5583a826e5 100644
--- a/sys/net80211/_ieee80211.h
+++ b/sys/net80211/_ieee80211.h
@@ -594,6 +594,7 @@ struct ieee80211_mimo_info {
 #define	IEEE80211_RX_F_OFDM		0x00002000
 #define	IEEE80211_RX_F_HT		0x00004000
 #define	IEEE80211_RX_F_VHT		0x00008000
+#define	IEEE80211_RX_F_PN_VALIDATED	0x00010000 /* Decrypted; PN validated */
 
 /* Channel width */
 #define	IEEE80211_RX_FW_20MHZ		1
diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c
index 45e795a8799b..8f7d5eed593c 100644
--- a/sys/net80211/ieee80211_crypto_ccmp.c
+++ b/sys/net80211/ieee80211_crypto_ccmp.c
@@ -238,6 +238,7 @@ ccmp_decap(struct ieee80211_key *k, struct mbuf *m, int hdrlen)
 	struct ieee80211_frame *wh;
 	uint8_t *ivp, tid;
 	uint64_t pn;
+	bool noreplaycheck;
 
 	rxs = ieee80211_get_rx_params_ptr(m);
 
@@ -261,8 +262,10 @@ ccmp_decap(struct ieee80211_key *k, struct mbuf *m, int hdrlen)
 	}
 	tid = ieee80211_gettid(wh);
 	pn = READ_6(ivp[0], ivp[1], ivp[4], ivp[5], ivp[6], ivp[7]);
-	if (pn <= k->wk_keyrsc[tid] &&
-	    (k->wk_flags & IEEE80211_KEY_NOREPLAY) == 0) {
+
+	noreplaycheck = (k->wk_flags & IEEE80211_KEY_NOREPLAY) != 0;
+	noreplaycheck |= (rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_PN_VALIDATED) != 0;
+	if (pn <= k->wk_keyrsc[tid] && !noreplaycheck) {
 		/*
 		 * Replay violation.
 		 */
@@ -302,7 +305,14 @@ finish:
 	 * Ok to update rsc now.
 	 */
 	if (! ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP))) {
-		k->wk_keyrsc[tid] = pn;
+		/*
+		 * Do not go backwards in the IEEE80211_KEY_NOREPLAY cases
+		 * or in case hardware has checked but frames are arriving
+		 * reordered (e.g., LinuxKPI drivers doing RSS which we are
+		 * not prepared for at all).
+		 */
+		if (pn > k->wk_keyrsc[tid])
+			k->wk_keyrsc[tid] = pn;
 	}
 
 	return 1;