From patchwork Tue May 26 17:18:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?SsOpcsO0bWUgUG91aWxsZXI=?= X-Patchwork-Id: 215522 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.7 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, MSGID_FROM_MTA_HEADER, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4CDEC433DF for ; Tue, 26 May 2020 17:19:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BCDFE2073B for ; Tue, 26 May 2020 17:19:13 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=silabs.onmicrosoft.com header.i=@silabs.onmicrosoft.com header.b="JAiXmu8L" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389053AbgEZRTM (ORCPT ); Tue, 26 May 2020 13:19:12 -0400 Received: from mail-bn8nam11on2083.outbound.protection.outlook.com ([40.107.236.83]:48578 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2388995AbgEZRTL (ORCPT ); Tue, 26 May 2020 13:19:11 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FEMpcC7b3WKd4jakYOuIrX8EsgVSHxVd3s2A6W2/E1pLo5rpBPJTEgF8QQXHAX6XBbBdN7/dRqM4dkz09wygWYXuq5X9ikm5fAR5IWZC4tujrkHfOMrRM3kCiIOnpAN0YtYmDfmY4VrG6lxm8VjYlEBfGQafYCbK4kOED7msNiX6LDgyMbAuhd4E+LT50m302vloxX8aihtE6rhqxWX3c5/FBLVkPyXEocDiI1SklbwSaga7K0XH/Ugmv+D9GhYgjHwBHhxZ17ydD1ZRmgjTBCOyLJ4blAQGsrA1n5KdZWvbo/ICdkmwtg9SMxc21z8/231PKAxzVllw12SYEt+/ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vyrbr3YFnwOdvTfBarbes+ILcX0rykOlaggmKjWAZSQ=; b=bNHbH4oiqCQpPWVuLTFlYw56fpmnrqMTp6amE5QUL3RwyWVGHT5jYpjwJcxSxr1N5XYHBp1XLtzEWuQso1SCByCpsS7swp/T+jfLdlpGUCRrUYQ1NeY3H6VfKNmWFMWCOhPWlXy3lwlPgfeUjYRxbqgQKNkAnJm+8LAV49d1DV9P6q3ajf1tJ/9WmcJN7ctZ/7qQ3sjhjrbdQecuPyclagRSq7Ba9c2d3NAOn8Q7PU4vi2aGxbUvzVSjTESc52ptywn7eoEvPs/fX8ECudD6P4FUWBQc/0SDBUtovJD7c1hiyzSMfR6CbFAlSTeyQHhJvKAnCmBDDw14sA+VyzMu+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=silabs.com; dmarc=pass action=none header.from=silabs.com; dkim=pass header.d=silabs.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=silabs.onmicrosoft.com; s=selector2-silabs-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vyrbr3YFnwOdvTfBarbes+ILcX0rykOlaggmKjWAZSQ=; b=JAiXmu8LqpyLWYFX6dl0AcLCVSl9bdSZdwwH+kOuNF4T9dUofuXfbBCJ81rqdg5bP30efQ7/JKPKyXyQne1PwlBBajc+MYaP09MPApm77zoSQFNEDvja0y+FOdJnxd6VfNbkBkPZxGD/j1Pivp+5+UnwiR62hEBNC7GmnIhuaCs= Authentication-Results: driverdev.osuosl.org; dkim=none (message not signed) header.d=none; driverdev.osuosl.org; dmarc=none action=none header.from=silabs.com; Received: from SN6PR11MB2718.namprd11.prod.outlook.com (2603:10b6:805:63::18) by SN6PR11MB2750.namprd11.prod.outlook.com (2603:10b6:805:54::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.25; Tue, 26 May 2020 17:18:53 +0000 Received: from SN6PR11MB2718.namprd11.prod.outlook.com ([fe80::c504:2d66:a8f7:2336]) by SN6PR11MB2718.namprd11.prod.outlook.com ([fe80::c504:2d66:a8f7:2336%7]) with mapi id 15.20.3021.029; Tue, 26 May 2020 17:18:53 +0000 From: Jerome Pouiller To: devel@driverdev.osuosl.org, linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Greg Kroah-Hartman , Kalle Valo , "David S . Miller" , =?utf-8?b?SsOpcsO0bWUgUG91aWxsZXI=?= Subject: [PATCH 08/10] staging: wfx: allow to burn prevent rollback bit Date: Tue, 26 May 2020 19:18:19 +0200 Message-Id: <20200526171821.934581-9-Jerome.Pouiller@silabs.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200526171821.934581-1-Jerome.Pouiller@silabs.com> References: <20200526171821.934581-1-Jerome.Pouiller@silabs.com> X-ClientProxiedBy: PR1PR01CA0007.eurprd01.prod.exchangelabs.com (2603:10a6:102::20) To SN6PR11MB2718.namprd11.prod.outlook.com (2603:10b6:805:63::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from pc-42.home (2a01:e35:2435:66a0:544b:f17b:7ae8:fb7) by PR1PR01CA0007.eurprd01.prod.exchangelabs.com (2603:10a6:102::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.17 via Frontend Transport; Tue, 26 May 2020 17:18:52 +0000 X-Mailer: git-send-email 2.26.2 X-Originating-IP: [2a01:e35:2435:66a0:544b:f17b:7ae8:fb7] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 65bfd7e7-6822-4ccd-d6cd-08d80198dd7c X-MS-TrafficTypeDiagnostic: SN6PR11MB2750: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-Forefront-PRVS: 041517DFAB X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: jUO/CafqVZFkVxIILs2FdskS45/HWMQfkM/n8C+Tb5w/ov2wSIAqt6h7+ItEjh2kAuEcK1hjZJ3FyV49zbWqxNM57MPbZRNrg3o/31/mPKmvLb+jvU9ciu8+WXCKVJoRrXci9chUuHpY2ZKXu1dDTOzj/YMoIeGogMlX6ybTi+s6A9Rz3XGnpt3p47LsvxvIL+AdnB+u+cvHoSZQO16i2tXh2hqHyaMVlWT/Y1YHhOb1TqDS20xX+r5UzP8fmkbZITVpKpMUgii2CdH6VtzahF2DfUCNU/PGkA2ugNY0e+qwPC3YbXsVdybq3a5UOf18G5v1B4OXoHoomMjfxytqbg== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR11MB2718.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(396003)(376002)(366004)(39860400002)(136003)(346002)(4326008)(6512007)(316002)(8676002)(8936002)(2616005)(6486002)(2906002)(107886003)(1076003)(86362001)(6666004)(186003)(16526019)(5660300002)(66574014)(36756003)(54906003)(66556008)(478600001)(8886007)(6506007)(66946007)(66476007)(52116002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: EQzkXU43bTAg7TukimXaKp7LLqEAjO/IDv85M1uItUIfaxaKNzrDZtJW2ARjo+7q44jSQkBgQ2nghPY8TFLV2+iPBVNzGRfxcALyUgnntmQK0oORAz3EQga/JrDNU/sBQbqV/cjeeDyPATSd98Qg/ehxGyJ0PwjXAIREbRLryTEnCtXhbqelQSUxaQKKoUZSeV27iM8Zw07UZG1Q5HbfQmsxFUSXvIlNLPRF27yNjrbp8+mSfoul26asGQiRs+ITDiQiQCniGRaNTDsqnovGzEUQ/wkbY8yKdF4QSDK4+s3FfPqHExSO8thKM/bC0EFFsZzJnMSyT5HZ6p9bsU3u4EG+KEihZINl94Z8Wxp9uST8Upx1IzOTpe33VWnIo08iPrWRWq+Dzg2m1DPOvwMtvSQzwKpIGndpbIXiZm8DMp5KvbVx5wETgPYyk5tt/0aPICTq0eZqxlaa+wAeqObVUzthumfx0lM93b1Ijs9dcJyoVWXx9iBw97tyuaLt1XSc1PDEyNzKX2V1vcdMW7WgUrtbBYJ0b0xwf0Lu8A0Uvts= X-OriginatorOrg: silabs.com X-MS-Exchange-CrossTenant-Network-Message-Id: 65bfd7e7-6822-4ccd-d6cd-08d80198dd7c X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2020 17:18:53.6967 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 54dbd822-5231-4b20-944d-6f4abcd541fb X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5kEqbL68/L4DIRzDGGxORw0ENP9j8CXHamZJ0mZfBb51zcnMSmVmXQMW4rfrwlspKj/RQRgALZEe4QDAQLNF4A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2750 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Jérôme Pouiller In case a security flaw is found in a version of firmware, the device offers a way to disallow the loading an older firmware. This patch provides a vendor extension to nl80211 to enable this feature. Signed-off-by: Jérôme Pouiller --- drivers/staging/wfx/hif_api_general.h | 8 ++++++++ drivers/staging/wfx/hif_tx.c | 18 ++++++++++++++++++ drivers/staging/wfx/hif_tx.h | 1 + drivers/staging/wfx/nl80211_vendor.c | 23 +++++++++++++++++++++++ drivers/staging/wfx/nl80211_vendor.h | 11 +++++++++++ 5 files changed, 61 insertions(+) diff --git a/drivers/staging/wfx/hif_api_general.h b/drivers/staging/wfx/hif_api_general.h index dba18a7ae9194..c8af3534700ca 100644 --- a/drivers/staging/wfx/hif_api_general.h +++ b/drivers/staging/wfx/hif_api_general.h @@ -361,4 +361,12 @@ struct hif_cnf_sl_configure { __le32 status; } __packed; +struct hif_req_prevent_rollback { + __le32 magic_word; // Return an error if not equal to 0x5C8912F3 +} __packed; + +struct hif_cnf_prevent_rollback { + __le32 status; +} __packed; + #endif diff --git a/drivers/staging/wfx/hif_tx.c b/drivers/staging/wfx/hif_tx.c index 6db41587cc7a5..899e1eb71a44b 100644 --- a/drivers/staging/wfx/hif_tx.c +++ b/drivers/staging/wfx/hif_tx.c @@ -535,6 +535,24 @@ int hif_update_ie_beacon(struct wfx_vif *wvif, const u8 *ies, size_t ies_len) return ret; } +int hif_burn_prevent_rollback(struct wfx_dev *wdev, u32 magic_word) +{ + int ret; + struct hif_msg *hif; + struct hif_req_prevent_rollback *body = wfx_alloc_hif(sizeof(*body), + &hif); + + if (!hif) + return -ENOMEM; + body->magic_word = cpu_to_le32(magic_word); + wfx_fill_header(hif, -1, HIF_REQ_ID_PREVENT_ROLLBACK, sizeof(*body)); + ret = wfx_cmd_send(wdev, hif, NULL, 0, false); + if (ret == le32_to_cpu(HIF_STATUS_ROLLBACK_SUCCESS)) + ret = 0; + kfree(hif); + return ret; +} + int hif_sl_send_pub_keys(struct wfx_dev *wdev, const u8 *pubkey, const u8 *pubkey_hmac) { diff --git a/drivers/staging/wfx/hif_tx.h b/drivers/staging/wfx/hif_tx.h index e1da28aef706e..d29c72d94789a 100644 --- a/drivers/staging/wfx/hif_tx.h +++ b/drivers/staging/wfx/hif_tx.h @@ -57,6 +57,7 @@ int hif_start(struct wfx_vif *wvif, const struct ieee80211_bss_conf *conf, int hif_beacon_transmit(struct wfx_vif *wvif, bool enable); int hif_map_link(struct wfx_vif *wvif, u8 *mac_addr, int flags, int sta_id); int hif_update_ie_beacon(struct wfx_vif *wvif, const u8 *ies, size_t ies_len); +int hif_burn_prevent_rollback(struct wfx_dev *wdev, u32 magic_word); int hif_sl_set_mac_key(struct wfx_dev *wdev, const u8 *slk_key, int destination); int hif_sl_config(struct wfx_dev *wdev, const unsigned long *bitmap); diff --git a/drivers/staging/wfx/nl80211_vendor.c b/drivers/staging/wfx/nl80211_vendor.c index ec2fd2d73885f..1a9d411718a73 100644 --- a/drivers/staging/wfx/nl80211_vendor.c +++ b/drivers/staging/wfx/nl80211_vendor.c @@ -7,6 +7,7 @@ #include "nl80211_vendor.h" #include "wfx.h" #include "sta.h" +#include "hif_tx.h" int wfx_nl_ps_timeout(struct wiphy *wiphy, struct wireless_dev *widev, const void *data, int data_len) @@ -47,3 +48,25 @@ int wfx_nl_ps_timeout(struct wiphy *wiphy, struct wireless_dev *widev, return rc; } +int wfx_nl_burn_antirollback(struct wiphy *wiphy, struct wireless_dev *widev, + const void *data, int data_len) +{ + struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy); + struct wfx_dev *wdev = (struct wfx_dev *)hw->priv; + struct nlattr *tb[WFX_NL80211_ATTR_MAX]; + u32 magic; + int rc; + + rc = nla_parse(tb, WFX_NL80211_ATTR_MAX - 1, data, data_len, + wfx_nl_policy, NULL); + if (rc) + return rc; + if (!tb[WFX_NL80211_ATTR_ROLLBACK_MAGIC]) + return -EINVAL; + magic = nla_get_u32(tb[WFX_NL80211_ATTR_ROLLBACK_MAGIC]); + rc = hif_burn_prevent_rollback(wdev, magic); + if (rc) + return -EINVAL; + return 0; +} + diff --git a/drivers/staging/wfx/nl80211_vendor.h b/drivers/staging/wfx/nl80211_vendor.h index c069330e240a9..49efe8716a654 100644 --- a/drivers/staging/wfx/nl80211_vendor.h +++ b/drivers/staging/wfx/nl80211_vendor.h @@ -16,18 +16,23 @@ int wfx_nl_ps_timeout(struct wiphy *wiphy, struct wireless_dev *widev, const void *data, int data_len); +int wfx_nl_burn_antirollback(struct wiphy *wiphy, struct wireless_dev *widev, + const void *data, int data_len); enum { WFX_NL80211_SUBCMD_PS_TIMEOUT = 0x10, + WFX_NL80211_SUBCMD_BURN_PREVENT_ROLLBACK = 0x20, }; enum { WFX_NL80211_ATTR_PS_TIMEOUT = 1, + WFX_NL80211_ATTR_ROLLBACK_MAGIC = 2, WFX_NL80211_ATTR_MAX }; static const struct nla_policy wfx_nl_policy[WFX_NL80211_ATTR_MAX] = { [WFX_NL80211_ATTR_PS_TIMEOUT] = NLA_POLICY_RANGE(NLA_S32, -1, 127), + [WFX_NL80211_ATTR_ROLLBACK_MAGIC] = { .type = NLA_U32 }, }; static const struct wiphy_vendor_command wfx_nl80211_vendor_commands[] = { @@ -38,6 +43,12 @@ static const struct wiphy_vendor_command wfx_nl80211_vendor_commands[] = { .policy = wfx_nl_policy, .doit = wfx_nl_ps_timeout, .maxattr = WFX_NL80211_ATTR_MAX - 1, + }, { + .info.vendor_id = WFX_NL80211_ID, + .info.subcmd = WFX_NL80211_SUBCMD_BURN_PREVENT_ROLLBACK, + .policy = wfx_nl_policy, + .doit = wfx_nl_burn_antirollback, + .maxattr = WFX_NL80211_ATTR_MAX - 1, }, };