Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp81248pxj; Mon, 17 May 2021 21:32:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxtjxbtfHGdAbOe801s2ue61fWYFRtQ3QC5+dafKKoZz/zTaYtVQmfHbBs7ZXmTIOhN9Cm4 X-Received: by 2002:a05:6e02:1b87:: with SMTP id h7mr2639657ili.185.1621312371777; Mon, 17 May 2021 21:32:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621312371; cv=none; d=google.com; s=arc-20160816; b=QQRUdC6VYPDykurUYqkgstMn+XhcogassSu6fIcmLdU3NDEYhitNwNlcxFdLGjWBNd gZS0VXQFDjsBcYPl7dLRU6cwQ0kp0XPryfVobE4uy7R+Q1JpfyQRPa2nEmtVrN6fyLzG MG75pwTy04xyLwwfZcsOGXRGAAJWSxzX4WWnO5yaMF3MGzrBc2uUL8Q4Qi8h6bDyk6XL YD7zTrKdwo2VFTFRhRSLBPXnTzSBCr1QhXgwnS5Cns+u7yqhm3ZvNiipN95vD7E6c8AD 4oEviSUUQh9lj4K+AAViB2ePl6YRewJ6nYcj26Gwl4ZC1GUtXRjEzIYKQfXx/IdILHDU 5RMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6K/BewMVh8+Bov8x5KovPWe2q2DDgpE3mrXcI7CCMZM=; b=DofcsNR6HqEXS2hx+elbH3/kRe1EUSlTQtQYfPx47fgAqt50x602YqWTgGPGwFbIDA 2Q4Y5dyg4Y+FxaakODeU7wdKMDjf0iezqMaaZrGnOsbNOwZrnRM74ITI87CX3FTagcrP s/i296tGuIj9Raycj6JMVN2KK1i39b1ThE3rDLfqJAM4mm7ALCLP7v87qM0CEXRuwxas P3xsoEFpZrQ7uwjkrHpz2GB/nv91QOD2fINK3sPY07rpqEajhu/EFUvGObAwE6gz5qbj 0IGnX5+rA+h14XxOCj3Efj9lewBbLkpMwg/7YjkDunqodkelwxccSMxmBTItelbf5qlm 67+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=eNkXo2ZP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c188si21168730iof.9.2021.05.17.21.32.38; Mon, 17 May 2021 21:32:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=eNkXo2ZP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240082AbhEQOmX (ORCPT + 99 others); Mon, 17 May 2021 10:42:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:58374 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238635AbhEQOgJ (ORCPT ); Mon, 17 May 2021 10:36:09 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id B06756192B; Mon, 17 May 2021 14:17:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1621261036; bh=IPp4mfL+XvNC0dERM3oeP/v+YbaufMNi1bDToE++chk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eNkXo2ZPH6R6gAbzkwht1TxtZKqmZ2wtRhJNTC2i4xDIi0uJL2zQH92T3aDEgcz+K ROPlgP8YCkEu4ovA2Pdgk6S1Ir0fGPmQ5z+GXAysMBhkoIskrEkKCANWiaWCY4e7fX 8vMqY3rZ9RG0BmxG0kKCG49Gm08oNHI+rHnC2byo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Bauer , Felix Fietkau , Sasha Levin Subject: [PATCH 5.11 060/329] mt76: mt76x0: disable GTK offloading Date: Mon, 17 May 2021 15:59:31 +0200 Message-Id: <20210517140304.095347571@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210517140302.043055203@linuxfoundation.org> References: <20210517140302.043055203@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: David Bauer [ Upstream commit 4b36cc6b390f18dbc59a45fb4141f90d7dfe2b23 ] When operating two VAP on a MT7610 with encryption (PSK2, SAE, OWE), only the first one to be created will transmit properly encrypteded frames. All subsequently created VAPs will sent out frames with the payload left unencrypted, breaking multicast traffic (ICMP6 NDP) and potentially disclosing information to a third party. Disable GTK offloading and encrypt these frames in software to circumvent this issue. THis only seems to be necessary on MT7610 chips, as MT7612 is not affected from our testing. Signed-off-by: David Bauer Signed-off-by: Felix Fietkau Signed-off-by: Sasha Levin --- drivers/net/wireless/mediatek/mt76/mt76x02_util.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02_util.c b/drivers/net/wireless/mediatek/mt76/mt76x02_util.c index 7ac20d3c16d7..aaa597b941cd 100644 --- a/drivers/net/wireless/mediatek/mt76/mt76x02_util.c +++ b/drivers/net/wireless/mediatek/mt76/mt76x02_util.c @@ -447,6 +447,10 @@ int mt76x02_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd, !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) return -EOPNOTSUPP; + /* MT76x0 GTK offloading does not work with more than one VIF */ + if (is_mt76x0(dev) && !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) + return -EOPNOTSUPP; + msta = sta ? (struct mt76x02_sta *)sta->drv_priv : NULL; wcid = msta ? &msta->wcid : &mvif->group_wcid; -- 2.30.2