Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 686681b0 authored by Johannes Berg's avatar Johannes Berg
Browse files

iwlwifi: disallow MFP with software crypto 



When software crypto is enabled, it isn't safe
to enable MFP since the firmware interprets some
management packets, and with MFP it would do so
without proper validation.

Reviewed-by: default avatarEmmanuel Grumbach <emmanuel.grumbach@intel.com>
Reviewed-by: default avatarAssaf Krauss <assaf.krauss@intel.com>
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent f6d497cd

drivers/net/wireless/iwlwifi/dvm/mac80211.c

+7 −2
Original line number Diff line number Diff line
@@ -168,8 +168,13 @@ int iwlagn_mac_setup_register(struct iwl_priv *priv, 
		hw->flags |= IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS |

			     IEEE80211_HW_SUPPORTS_STATIC_SMPS;



	/* enable 11w if the uCode advertise */

	if (capa->flags & IWL_UCODE_TLV_FLAGS_MFP)

	/*

	 * Enable 11w if advertised by firmware and software crypto

	 * is not enabled (as the firmware will interpret some mgmt

	 * packets, so enabling it with software crypto isn't safe)

	 */

	if (priv->fw->ucode_capa.flags & IWL_UCODE_TLV_FLAGS_MFP &&

	    !iwlwifi_mod_params.sw_crypto)

		hw->flags |= IEEE80211_HW_MFP_CAPABLE;



	hw->sta_data_size = sizeof(struct iwl_station_priv);