Skip to content

brcmfmac-cyw: clean up PMKID and cookie code#7470

Merged
pelwell merged 1 commit into
raspberrypi:rpi-6.18.yfrom
bnicolae:rpi-6.18.y
Jul 5, 2026
Merged

brcmfmac-cyw: clean up PMKID and cookie code#7470
pelwell merged 1 commit into
raspberrypi:rpi-6.18.yfrom
bnicolae:rpi-6.18.y

Conversation

@bnicolae

@bnicolae bnicolae commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Do not touch the cookie. Value 0 means any follow-up should be discarded downstream. Instead, set the packet_id directly. Also, zero out the whole auth_status data structure instead of just auth_status.pmkid, which is safer: other bytes than pmkid may leak from stack if ssid_len is less than 32, although the firmware is likely to ignore them. Do not rely on userspace to set params->pmkid only if authentication is successful (true for hostapd). Guard against it anyway.

@pelwell

pelwell commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Is this the version you are sending upstream? It would be nice if it didn't change again.

@bnicolae

bnicolae commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Yes, that's precisely why I cleaned it up

@pelwell

pelwell commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

You ought to run checkpatch on it:

$ scripts/checkpatch.pl -g HEAD
WARNING: Prefer a maximum 75 chars per line (possible unwrapped commit description?)
#6: 
Do not touch the cookie. Value 0 means any follow-up should be discarded downstream. Instead, set the packet_id directly.

WARNING: suspect code indent for conditional statements (16, 20)
#51: FILE: drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c:215:
+               if (params->pmkid)
+                   memcpy(auth_status.pmkid, params->pmkid, WLAN_PMKID_LEN);

total: 0 errors, 2 warnings, 0 checks, 41 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

Commit 5be64be2fa14 ("brcmfmac-cyw: clean up PMKID and cookie code") has style problems, please review.

Do not touch the cookie. Value 0 means any follow-up should be discarded
downstream. Instead, set the packet_id directly.cAlso, zero out the whole
auth_status data structure instead of just auth_status.pmkid, which is
safer: other bytes than pmkid may leak from stack if ssid_len is less than
32, although the firmware is likely to ignore them.  Do not rely on
userspace to set params->pmkid only if authentication is successful (true
for hostapd). Guard against it anyway.

Signed-off-by: Bogdan Nicolae <bogdan.nicolae@acm.org>
@bnicolae

bnicolae commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Done, thanks for the checkpatch tip.

@pelwell pelwell merged commit 05cd286 into raspberrypi:rpi-6.18.y Jul 5, 2026
12 checks passed
@pelwell

pelwell commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Thank you for your contributions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants