Re: athn panic ieee80211_encrypt: key unset for sw crypto: 0 on May 24 2020 generic.mp

Wed, 27 May 2020 00:32:25 -0700 

On Tue, May 26, 2020 at 01:45:13PM +0000, Mikolaj Kucharski wrote:
> On Tue, May 26, 2020 at 11:16:30AM +0000, Mikolaj Kucharski wrote:
> > On Tue, May 26, 2020 at 10:37:09AM +0200, Stefan Sperling wrote:
> > > 
> > > I don't yet have a definite idea what could cause this.
> > > I did however notice a problem which may be related. Could you try this 
> > > diff?
> > 
> > I'm running below diff, with small change:
> > 
> >        if (rekeysta == 0) {
> >                printf("XXX %s() [%s|%d] rekeysta == 0\n", __FUNCTION__, 
> > __FILE__, __LINE__);
> >                ieee80211_setkeysdone(ic);
> >        }
> > 
> > Access point has a bit over 1 hour of uptime and so far no XXX entries
> > in dmesg nor in /var/log/messages.
> 
> Uptime of 3h37m with following two entries (from dmesg):

So this uptime is a lot better than what you saw before?

The printf you've added does help; this looks strange:

> athn0: sending msg 1/2 of the group key handshake to c0:ee:fb:33:f0:11
> XXX ieee80211_setkeys() 
> [/home/mkucharski/openbsd/src/sys/net80211/ieee80211_proto.c|463] rekeysta == > 0
> athn0: received msg 2/2 of the group key handshake from c0:ee:fb:33:f0:11

I wouldn't expect 'rekeysta' to be zero in the above case.
The value should match the amount of currently associated clients.

The patch I sent had a small bug. It added an uninitialized variable at
the top ieee80211_setkeys(). Please change:

        int rekeysta;

to this:

        int rekeysta = 0;

As in shown in this new patch.

diff fb4b0a9b3955c9a65ddbc22c472ac0e5fb216ac6 /usr/src
blob - b44405af41448849059a4558c55bd182f823c1df
file + sys/net80211/ieee80211_proto.c
--- sys/net80211/ieee80211_proto.c
+++ sys/net80211/ieee80211_proto.c
@@ -433,6 +433,7 @@ ieee80211_setkeys(struct ieee80211com *ic)
 {
        struct ieee80211_key *k;
        u_int8_t kid;
+       int rekeysta = 0;
 
        /* Swap(GM, GN) */
        kid = (ic->ic_def_txkey == 1) ? 2 : 1;
@@ -457,6 +458,9 @@ ieee80211_setkeys(struct ieee80211com *ic)
        }
 
        ieee80211_iterate_nodes(ic, ieee80211_node_gtk_rekey, ic);
+       ieee80211_iterate_nodes(ic, ieee80211_count_rekeysta, &rekeysta);
+       if (rekeysta == 0)
+               ieee80211_setkeysdone(ic);
 }
 
 /*
@@ -466,6 +470,12 @@ void
 ieee80211_setkeysdone(struct ieee80211com *ic)
 {
        u_int8_t kid;
+
+       /*
+        * Discard frames buffered for power-saving which were encrypted with
+        * the old group key. Clients are no longer able to decrypt them.
+        */
+       mq_purge(&ic->ic_bss->ni_savedq);
 
        /* install GTK */
        kid = (ic->ic_def_txkey == 1) ? 2 : 1;

Reply via email to