Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp172608pxj; Tue, 18 May 2021 00:15:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx8sDTXxJ986jaNaNc2+VATazj0gCs9AZ5eKbFBzQhVhb6QUO+na5UG9f6taUq5WLCALPKF X-Received: by 2002:a02:354c:: with SMTP id y12mr4083803jae.144.1621322141397; Tue, 18 May 2021 00:15:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621322141; cv=none; d=google.com; s=arc-20160816; b=y9Ike6PhGrG0CNQ1vr2QDMzXzxNnByIY6mYtzbKqx5H1EM4RCBZe2u1G3cYMefTa+K d5KrtBDilshxJ29zyXysZIcmTFQL/i6/c2t5s7q/fcW4AndMaTPlTdMWhsc7Hl31nEMg hY3lOaUG1NSdqbWJuncvi/xvaduP+PD1OJT9I93w/rsai+QsGX6mJksKAtpngnhZfBhc rsiMmV7xuTdsMj7EwYtlm0MM9RE0kldjhkFdCWm5sL9eaK+bvNrnoEIc9DD4mk080TC6 3aUekqyXLag1LYB7dUn+Ox1LQbTYjW4pw+sPwvyT7vt36KgI0t6oNg6wDf2dYbiVKqcT 633g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=3kMIRmN20xPNRozmagyMKX7PRiZyuwFmfg3B2rKEUlw=; b=bdpzkKIWs5975+pPg4ewKJakJYlLXPfagmuWsPqfigCV5m6+hWHc6gPVIUbuGNRvvQ wh7DSqdisxhoYLT69Uq6zi/SmW4P4YCoC0M9i6jaZEMOCm69JZZUMk8AEkqKzsBFk245 fj7N+EvDa9WQml4mymg7YQGJrhAWDjShAhR1WrHXWlJCZQ6TcAJYHlfe5vjcSoEHsljR zEz5/t3i4BlhXcegwO9lW5jfCcYZqMhzSWwnob3PZyMLbC6AFsG3+lSFExWKnWGydkdl Dn0UEr6cIhSMCyHNsMJgnW804vk+4PcnGoCZeTFPL8/MzHXjSnsFf4esUyos+IcQlqeQ d1xQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Q77TLo2e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m14si16564631ili.85.2021.05.18.00.15.27; Tue, 18 May 2021 00:15:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Q77TLo2e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238111AbhEQOxQ (ORCPT + 99 others); Mon, 17 May 2021 10:53:16 -0400 Received: from mail.kernel.org ([198.145.29.99]:54300 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241519AbhEQOpI (ORCPT ); Mon, 17 May 2021 10:45:08 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 5E0A761958; Mon, 17 May 2021 14:20:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1621261253; bh=Eg/G/UjjFFu407dQzUK3rl62N3J47c9o9i1w6JqNAWA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Q77TLo2e0gQ6o7p+eTenyPXc+m0xYmVXpEgLEQkQqSuPaXTJaD4y+Ot2SOegVHSKv WTNEjvCnSPTMCWlxin98KDmPRu/+WVeZGT1cqEGFfS8ftBAoj2mL2bGi2AsBnTePrc Z08YdIrcAZMCSUBr8manlxpNpmiHUs9wiJIXJszA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Bauer , Felix Fietkau , Sasha Levin Subject: [PATCH 5.4 025/141] mt76: mt76x0: disable GTK offloading Date: Mon, 17 May 2021 16:01:17 +0200 Message-Id: <20210517140243.610370265@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210517140242.729269392@linuxfoundation.org> References: <20210517140242.729269392@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: David Bauer [ Upstream commit 4b36cc6b390f18dbc59a45fb4141f90d7dfe2b23 ] When operating two VAP on a MT7610 with encryption (PSK2, SAE, OWE), only the first one to be created will transmit properly encrypteded frames. All subsequently created VAPs will sent out frames with the payload left unencrypted, breaking multicast traffic (ICMP6 NDP) and potentially disclosing information to a third party. Disable GTK offloading and encrypt these frames in software to circumvent this issue. THis only seems to be necessary on MT7610 chips, as MT7612 is not affected from our testing. Signed-off-by: David Bauer Signed-off-by: Felix Fietkau Signed-off-by: Sasha Levin --- drivers/net/wireless/mediatek/mt76/mt76x02_util.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02_util.c b/drivers/net/wireless/mediatek/mt76/mt76x02_util.c index de0d6f21c621..075871f52bad 100644 --- a/drivers/net/wireless/mediatek/mt76/mt76x02_util.c +++ b/drivers/net/wireless/mediatek/mt76/mt76x02_util.c @@ -450,6 +450,10 @@ int mt76x02_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd, !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) return -EOPNOTSUPP; + /* MT76x0 GTK offloading does not work with more than one VIF */ + if (is_mt76x0(dev) && !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) + return -EOPNOTSUPP; + msta = sta ? (struct mt76x02_sta *)sta->drv_priv : NULL; wcid = msta ? &msta->wcid : &mvif->group_wcid; -- 2.30.2