Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2989328pxj; Mon, 17 May 2021 15:02:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzGPNMlvgMKBVmj70ps2kViznNtRyPwGHOL6HJjBbug0Q/42VXsyC974AWuTxl33HYrmYP9 X-Received: by 2002:a17:906:7302:: with SMTP id di2mr2038322ejc.409.1621288959530; Mon, 17 May 2021 15:02:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621288959; cv=none; d=google.com; s=arc-20160816; b=hcKhwcjOFBT8JL2C5Ql5KbLRp18Dl1d551ydhjdFMFfFLahG2RRPi2sIYXPHHAxxwo bj3X++N8PRcIm7VpW3Tb1kdjnGIjHnd+J5b/mCfZ5AM8TjVxiFrB/gELBgWuEwaxywi8 YVvkPMOA59kVP6nIidN2sJ8/GPZ1bnN+aA4Rj9w/gKXplxXxCND97QblBQ7vakH8qXPI GxsfejRu2jW2qDBM5uLN31gmE7L9Ni2yjuYakukRT+BIwkiLeF9w763qo2I5kdnkQ/S9 MNYOvEZGAC4QxUz547es6VwQV/COnJEcgne+ds88kcML8Su12w4UoWwNqT20v0y4BMl9 uGZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Y/DuqoX4gJ169NtajAYMD9lJq29GKJ6hy1AHDih3mKk=; b=CyKLn6+6YuUTA0DVmjr4ZFLB7ROUz4+XcA6Z2slzja9MFmUpOX2yfZ8gGD5anUFM3O uo2KdDC5FshGzt1IEqa7M/buW5oElr/tD8z7pS8Coks/SxZchB+oDOSuTJo5CIm184c5 ANayHemnB7MNeUJSwgRz2Ij1ywrffbCXB6MOfi830DbGF+YaL0ESy5tsDtWmp2YD+XB/ O/O+9CYYlHlUdY/h/1iojWrnf6dPLsPV6TdsHJ/7tzDWvhakZ4f/v5rpbA+QIK5b3/pe FqUT+Kc41sj+qo/p/ANX4ti5x/G9n4+asnLhMIvXVfeL9dcMEk+e/0sBlFnmgXTVdLIi 0eHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=nKNKuz+U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f13si15185733eje.90.2021.05.17.15.02.15; Mon, 17 May 2021 15:02:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=nKNKuz+U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238745AbhEQOMT (ORCPT + 99 others); Mon, 17 May 2021 10:12:19 -0400 Received: from mail.kernel.org ([198.145.29.99]:60562 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236504AbhEQOKO (ORCPT ); Mon, 17 May 2021 10:10:14 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id AFAB9613BA; Mon, 17 May 2021 14:07:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1621260440; bh=2Htp6dURzsP1SUR5ARGfwS+oapd+HszsASpsqXB1VAQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nKNKuz+UZXxTRuehe5Wjeu1o20aI3JH4c55qL6p20QyumZq57zqnjyRW6qLYDOTQ+ xmXsMMKu9JTo/6kppEx6m3r5aqFoWP71u2lloc4/5x7ZEyFvVjlcHMvtLz8ANTuvU7 kpqgYviwPrWz6JExD22Xx2wmpsbAu29A1TvRlOBM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Bauer , Felix Fietkau , Sasha Levin Subject: [PATCH 5.12 065/363] mt76: mt76x0: disable GTK offloading Date: Mon, 17 May 2021 15:58:51 +0200 Message-Id: <20210517140304.808889693@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210517140302.508966430@linuxfoundation.org> References: <20210517140302.508966430@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: David Bauer [ Upstream commit 4b36cc6b390f18dbc59a45fb4141f90d7dfe2b23 ] When operating two VAP on a MT7610 with encryption (PSK2, SAE, OWE), only the first one to be created will transmit properly encrypteded frames. All subsequently created VAPs will sent out frames with the payload left unencrypted, breaking multicast traffic (ICMP6 NDP) and potentially disclosing information to a third party. Disable GTK offloading and encrypt these frames in software to circumvent this issue. THis only seems to be necessary on MT7610 chips, as MT7612 is not affected from our testing. Signed-off-by: David Bauer Signed-off-by: Felix Fietkau Signed-off-by: Sasha Levin --- drivers/net/wireless/mediatek/mt76/mt76x02_util.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02_util.c b/drivers/net/wireless/mediatek/mt76/mt76x02_util.c index ab671e21f882..02db5d66735d 100644 --- a/drivers/net/wireless/mediatek/mt76/mt76x02_util.c +++ b/drivers/net/wireless/mediatek/mt76/mt76x02_util.c @@ -447,6 +447,10 @@ int mt76x02_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd, !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) return -EOPNOTSUPP; + /* MT76x0 GTK offloading does not work with more than one VIF */ + if (is_mt76x0(dev) && !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) + return -EOPNOTSUPP; + msta = sta ? (struct mt76x02_sta *)sta->drv_priv : NULL; wcid = msta ? &msta->wcid : &mvif->group_wcid; -- 2.30.2