From: Miri Korenblit <miriam.rachel.korenblit@intel.com>
To: johannes@sipsolutions.net
Cc: linux-wireless@vger.kernel.org,
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Subject: [PATCH 03/11] wifi: iwlwifi: mvm: don't set the MFP flag for the GTK
Date: Tue, 6 Feb 2024 18:02:06 +0200 [thread overview]
Message-ID: <20240206175739.2f2c602ab3c6.If13b2e2fa532381d985c07df130bee1478046c89@changeid> (raw)
In-Reply-To: <20240206160214.3260547-1-miriam.rachel.korenblit@intel.com>
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
The firmware doesn't need the MFP flag for the GTK, it can even make the
firmware crash. in case the AP is configured with: group cipher TKIP and
MFPC. We would send the GTK with cipher = TKIP and MFP which is of course
not possible.
Fixes: 5c75a208c244 ("wifi: iwlwifi: mvm: support new key API")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
.../net/wireless/intel/iwlwifi/mvm/mld-key.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c b/drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c
index bbd37a95d4c8..8a38fc4b0b0f 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
/*
- * Copyright (C) 2022 - 2023 Intel Corporation
+ * Copyright (C) 2022 - 2024 Intel Corporation
*/
#include <linux/kernel.h>
#include <net/mac80211.h>
@@ -62,11 +62,13 @@ u32 iwl_mvm_get_sec_flags(struct iwl_mvm *mvm,
struct ieee80211_key_conf *keyconf)
{
struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
+ bool pairwise = keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE;
+ bool igtk = keyconf->keyidx == 4 || keyconf->keyidx == 5;
u32 flags = 0;
lockdep_assert_held(&mvm->mutex);
- if (!(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE))
+ if (!pairwise)
flags |= IWL_SEC_KEY_FLAG_MCAST_KEY;
switch (keyconf->cipher) {
@@ -96,12 +98,14 @@ u32 iwl_mvm_get_sec_flags(struct iwl_mvm *mvm,
if (!sta && vif->type == NL80211_IFTYPE_STATION)
sta = mvmvif->ap_sta;
- /* Set the MFP flag also for an AP interface where the key is an IGTK
- * key as in such a case the station would always be NULL
+ /*
+ * If we are installing an iGTK (in AP or STA mode), we need to tell
+ * the firmware this key will en/decrypt MGMT frames.
+ * Same goes if we are installing a pairwise key for an MFP station.
+ * In case we're installing a groupwise key (which is not an iGTK),
+ * then, we will not use this key for MGMT frames.
*/
- if ((!IS_ERR_OR_NULL(sta) && sta->mfp) ||
- (vif->type == NL80211_IFTYPE_AP &&
- (keyconf->keyidx == 4 || keyconf->keyidx == 5)))
+ if ((!IS_ERR_OR_NULL(sta) && sta->mfp && pairwise) || igtk)
flags |= IWL_SEC_KEY_FLAG_MFP;
if (keyconf->flags & IEEE80211_KEY_FLAG_SPP_AMSDU)
--
2.34.1
next prev parent reply other threads:[~2024-02-06 16:02 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-06 16:02 [PATCH 00/11] wifi: iwlwifi: updates - 2024-02-06 Miri Korenblit
2024-02-06 16:02 ` [PATCH 01/11] wifi: iwlwifi: mvm: fix a crash when we run out of stations Miri Korenblit
2024-02-06 16:02 ` [PATCH 02/11] wifi: iwlwifi: fw: allow vmalloc for PNVM image Miri Korenblit
2024-02-06 16:02 ` Miri Korenblit [this message]
2024-02-06 16:02 ` [PATCH 04/11] wifi: iwlwifi: mvm: don't send the smart fifo command if not needed Miri Korenblit
2024-02-06 16:02 ` [PATCH 05/11] wifi: iwlwifi: pcie: Add new PCI device id and CNVI Miri Korenblit
2024-02-06 16:02 ` [PATCH 06/11] wifi: iwlwifi: mvm: don't set replay counters to 0xff Miri Korenblit
2024-02-06 16:02 ` [PATCH 07/11] wifi: iwlwifi: mvm: remove flags for enable/disable beacon filter Miri Korenblit
2024-02-06 16:02 ` [PATCH 08/11] wifi: iwlwifi: mvm: show skb_mac_gso_segment() failure reason Miri Korenblit
2024-02-06 16:02 ` [PATCH 09/11] wifi: iwlwifi: iwlmvm: handle unprotected deauth/disassoc in d3 Miri Korenblit
2024-02-07 3:39 ` kernel test robot
2024-02-07 6:27 ` kernel test robot
2024-02-06 16:02 ` [PATCH 10/11] wifi: iwlwifi: mvm: move BA notif messages before action Miri Korenblit
2024-02-06 16:02 ` [PATCH 11/11] wifi: iwlwifi: queue: improve warning for no skb in reclaim Miri Korenblit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240206175739.2f2c602ab3c6.If13b2e2fa532381d985c07df130bee1478046c89@changeid \
--to=miriam.rachel.korenblit@intel.com \
--cc=emmanuel.grumbach@intel.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.