git: 6bd0e98fd3e5 - stable/14 - net80211: LinuxKPI 802.11: clean up MIC vs. MMIC rx flags

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Bjoern A. Zeeb <bz_at_FreeBSD.org>
Date: Wed, 19 Mar 2025 22:27:04 UTC
The branch stable/14 has been updated by bz:

URL: https://cgit.FreeBSD.org/src/commit/?id=6bd0e98fd3e5a6785833a33352f71ca7db56e234

commit 6bd0e98fd3e5a6785833a33352f71ca7db56e234
Author:     Bjoern A. Zeeb <bz@FreeBSD.org>
AuthorDate: 2025-03-03 11:43:00 +0000
Commit:     Bjoern A. Zeeb <bz@FreeBSD.org>
CommitDate: 2025-03-19 22:22:15 +0000

    net80211: LinuxKPI 802.11: clean up MIC vs. MMIC rx flags
    
    net80211 used MMIC flags for CCMP instead of only for TKIP.
    LinuxKPI 802.11 compat code (and later net80211) had a comment about
    this.  Given LinuxKPI seems to be the only consumer for these flags
    currently outside of net80211 itself, clean them up before implementing
    TKIP in LinuxKPI after all and before GCMP comes into the tree.
    
    Sponsored by:   The FreeBSD Foundation
    Reviewed by:    adrian
    Differential Revision: https://reviews.freebsd.org/D49219
    
    (cherry picked from commit 394a9a5b1c2ad7b679a00c3087c41378abfa74a1)
    (cherry picked from commit 5f2893553f3cde7c1529f9ca3987be378a9b7025)
---
 sys/compat/linuxkpi/common/src/linux_80211.c | 10 ++++------
 sys/net80211/_ieee80211.h                    |  5 +++--
 sys/net80211/ieee80211_crypto.c              |  7 ++++---
 sys/net80211/ieee80211_crypto_ccmp.c         | 11 +++--------
 sys/net80211/ieee80211_crypto_tkip.c         |  2 +-
 5 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/sys/compat/linuxkpi/common/src/linux_80211.c b/sys/compat/linuxkpi/common/src/linux_80211.c
index 88bbc9fa52a7..9c3ca961d6be 100644
--- a/sys/compat/linuxkpi/common/src/linux_80211.c
+++ b/sys/compat/linuxkpi/common/src/linux_80211.c
@@ -6224,14 +6224,12 @@ lkpi_convert_rx_status(struct ieee80211_hw *hw,
 	}
 	if (rx_status->flag & RX_FLAG_MMIC_STRIPPED)
 		rx_stats->c_pktflags |= IEEE80211_RX_F_MMIC_STRIP;
-	if (rx_status->flag & RX_FLAG_MIC_STRIPPED) {
-		/* net80211 re-uses M[ichael]MIC for MIC too. Confusing. */
-		rx_stats->c_pktflags |= IEEE80211_RX_F_MMIC_STRIP;
-	}
+	if (rx_status->flag & RX_FLAG_MMIC_ERROR)
+		rx_stats->c_pktflags |= IEEE80211_RX_F_FAIL_MMIC;
+	if (rx_status->flag & RX_FLAG_MIC_STRIPPED)
+		rx_stats->c_pktflags |= IEEE80211_RX_F_MIC_STRIP;
 	if (rx_status->flag & RX_FLAG_IV_STRIPPED)
 		rx_stats->c_pktflags |= IEEE80211_RX_F_IV_STRIP;
-	if (rx_status->flag & RX_FLAG_MMIC_ERROR)
-		rx_stats->c_pktflags |= IEEE80211_RX_F_FAIL_MIC;
 	if (rx_status->flag & RX_FLAG_FAILED_FCS_CRC)
 		rx_stats->c_pktflags |= IEEE80211_RX_F_FAIL_FCSCRC;
 #endif
diff --git a/sys/net80211/_ieee80211.h b/sys/net80211/_ieee80211.h
index 8b86cd612168..798dde6fe08a 100644
--- a/sys/net80211/_ieee80211.h
+++ b/sys/net80211/_ieee80211.h
@@ -564,16 +564,17 @@ struct ieee80211_mimo_info {
 #define	IEEE80211_RX_F_AMPDU		0x00000010 /* This is the start of an decap AMPDU list */
 #define	IEEE80211_RX_F_AMPDU_MORE	0x00000020 /* This is another decap AMPDU frame in the batch */
 #define	IEEE80211_RX_F_FAIL_FCSCRC	0x00000040 /* Failed CRC/FCS */
-#define	IEEE80211_RX_F_FAIL_MIC		0x00000080 /* Failed MIC check */
+#define	IEEE80211_RX_F_FAIL_MMIC	0x00000080 /* Failed Michael MIC (MMIC) check */
 #define	IEEE80211_RX_F_DECRYPTED	0x00000100 /* Hardware decrypted */
 #define	IEEE80211_RX_F_IV_STRIP		0x00000200 /* Decrypted; IV stripped */
-#define	IEEE80211_RX_F_MMIC_STRIP	0x00000400 /* Decrypted; [Micheal] MIC ([M]MIC) stripped */
+#define	IEEE80211_RX_F_MMIC_STRIP	0x00000400 /* Decrypted; Michael MIC (MMIC) stripped */
 #define	IEEE80211_RX_F_SHORTGI		0x00000800 /* This is a short-GI frame */
 #define	IEEE80211_RX_F_CCK		0x00001000
 #define	IEEE80211_RX_F_OFDM		0x00002000
 #define	IEEE80211_RX_F_HT		0x00004000
 #define	IEEE80211_RX_F_VHT		0x00008000
 #define	IEEE80211_RX_F_PN_VALIDATED	0x00010000 /* Decrypted; PN validated */
+#define	IEEE80211_RX_F_MIC_STRIP	0x00020000 /* Decrypted; MIC stripped */
 
 /* Channel width */
 #define	IEEE80211_RX_FW_20MHZ		1
diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c
index bdbe52720f6e..c5e0816bd43c 100644
--- a/sys/net80211/ieee80211_crypto.c
+++ b/sys/net80211/ieee80211_crypto.c
@@ -716,9 +716,9 @@ ieee80211_crypto_demic(struct ieee80211vap *vap, struct ieee80211_key *k,
 	 * Handle demic / mic errors from hardware-decrypted offload devices.
 	 */
 	if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_DECRYPTED)) {
-		if (rxs->c_pktflags & IEEE80211_RX_F_FAIL_MIC) {
+		if ((rxs->c_pktflags & IEEE80211_RX_F_FAIL_MMIC) != 0) {
 			/*
-			 * Hardware has said MIC failed.  We don't care about
+			 * Hardware has said MMIC failed.  We don't care about
 			 * whether it was stripped or not.
 			 *
 			 * Eventually - teach the demic methods in crypto
@@ -729,7 +729,8 @@ ieee80211_crypto_demic(struct ieee80211vap *vap, struct ieee80211_key *k,
 			return (0);
 		}
 
-		if (rxs->c_pktflags & IEEE80211_RX_F_MMIC_STRIP) {
+		if ((rxs->c_pktflags &
+		    (IEEE80211_RX_F_MIC_STRIP|IEEE80211_RX_F_MMIC_STRIP)) != 0) {
 			/*
 			 * Hardware has decrypted and not indicated a
 			 * MIC failure and has stripped the MIC.
diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c
index 404996b1cbca..87730679c47f 100644
--- a/sys/net80211/ieee80211_crypto_ccmp.c
+++ b/sys/net80211/ieee80211_crypto_ccmp.c
@@ -295,11 +295,7 @@ finish:
 		m_adj(m, ccmp.ic_header);
 	}
 
-	/*
-	 * XXX TODO: see if MMIC_STRIP also covers CCMP MIC trailer.
-	 * Well no as it's a MIC not MMIC but we re-use the same flag for now.
-	 */
-	if ((rxs == NULL) || (rxs->c_pktflags & IEEE80211_RX_F_MMIC_STRIP) == 0)
+	if ((rxs == NULL) || (rxs->c_pktflags & IEEE80211_RX_F_MIC_STRIP) == 0)
 		m_adj(m, -ccmp.ic_trailer);
 
 	/*
@@ -683,10 +679,9 @@ ccmp_decrypt(struct ieee80211_key *key, u_int64_t pn, struct mbuf *m, int hdrlen
 	}
 
 	/*
-	 * If the MIC (we use MMIC despite not being Micheal) was stripped
-	 * by HW/driver we are done.
+	 * If the MIC was stripped by HW/driver we are done.
 	 */
-	if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_MMIC_STRIP) != 0)
+	if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_MIC_STRIP) != 0)
 		return (1);
 
 	if (memcmp(mic, a, ccmp.ic_trailer) != 0) {
diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c
index d2bc281f15a2..4b5cf73e1065 100644
--- a/sys/net80211/ieee80211_crypto_tkip.c
+++ b/sys/net80211/ieee80211_crypto_tkip.c
@@ -394,7 +394,7 @@ tkip_demic(struct ieee80211_key *k, struct mbuf *m, int force)
 	 * directly notify as a michael failure to the upper
 	 * layers.
 	 */
-	if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_FAIL_MIC)) {
+	if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_FAIL_MMIC)) {
 		struct ieee80211vap *vap = ctx->tc_vap;
 		ieee80211_notify_michael_failure(vap, wh,
 		    k->wk_rxkeyix != IEEE80211_KEYIX_NONE ?