Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp280382pxj; Tue, 18 May 2021 03:16:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzE4HOQMhTQ8hTeDOn2w/WFrYF8Y80WYia0Zv1emiZuq/A+tl1YRnptTBDLFP+S4vtNsCzl X-Received: by 2002:a17:906:3b8f:: with SMTP id u15mr5196392ejf.444.1621333008530; Tue, 18 May 2021 03:16:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621333008; cv=none; d=google.com; s=arc-20160816; b=QP0r2yq6r7cmtdMAczxTw3nBLZgOKcD/U++ISnZnAp/NE1WaLqm7xn6ES3FELstxNe 3BhAPfY72nMLWBY/T+NrPimXUIbtPN9TFjsNdZbydpptzrIt7iDOEicaHrntu6BKZT/+ PI5l0xExnHLskgzxpH3/FOxZsZ+dyKbjBnDW/6T2r9rnlhZY963I2ND9uE20YYf4ElTN /yBcoAKCW1rnhaFKg19ZW0YnDp3H68IJqUWTOsY3EPMK23pLmy3l2GHUI+kNjrzUPRTU EVpIji53Qjm9V4EDA4skbZUHmhXD8nvM9jOMQs4wsCFhZjUxp1znD7UqZSDoFYQzpTs2 SV4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=WCT/wUsy4P2JyvPokTiNxmu/wtWgrl7lE4INfqHBHMA=; b=UD5V+YCAcvyebD8KCxk8h2EG629QJvF4wscOn8zrg/v+qMva3Ck4FLtA3/vA+h8RHl 3B4nk5T5kWu85R70c6VEqMSrq/nYRGKWmCeuNeAwV1TtmM9X6nbZNdFsG9e/cPtOtt9X GXCT6KYOQl+bOkIQwbVOlOByU6FxfN/8fgqc54lppeJ67izuQw8FoNJjjW+v0q40ktkz TNFs2psnV57I3Fk6/qB6nqb4tiC9wdZWSr/fb743cqdmyZCopQIPKFgEwaJjsGKKEbwj zQvOUDvwG0w3Hz2DDBcXPJRHEshSoOKgegaX3Zg60LH86o4uGWmuyK+TpyV76pWJZ1Vd ipjA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="IKT9a/+z"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bq8si4491171ejb.149.2021.05.18.03.16.25; Tue, 18 May 2021 03:16:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="IKT9a/+z"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241975AbhEQPMs (ORCPT + 99 others); Mon, 17 May 2021 11:12:48 -0400 Received: from mail.kernel.org ([198.145.29.99]:60754 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240638AbhEQPDB (ORCPT ); Mon, 17 May 2021 11:03:01 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 8B1F7613C8; Mon, 17 May 2021 14:27:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1621261667; bh=7/yiiwyr0m7qxRY/F3kNmtS+61oV1lKmu4wBeIw884Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IKT9a/+zxqiMYzzeupWe8ofKCWNmRW7mn91x+jCbSP8FWYttFebC0PRKdPTFrwA5i oYAF5xuqWo9rzywaa/kryKEa08SJHuc4OolwI7w4XaolOkkHuCi6s2uNQaktUInS9n Bnc/REmUqXns6wBJjoGFwoc67PA9++XBSNPIMoqE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Bauer , Felix Fietkau , Sasha Levin Subject: [PATCH 5.10 049/289] mt76: mt76x0: disable GTK offloading Date: Mon, 17 May 2021 15:59:34 +0200 Message-Id: <20210517140306.848107399@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210517140305.140529752@linuxfoundation.org> References: <20210517140305.140529752@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: David Bauer [ Upstream commit 4b36cc6b390f18dbc59a45fb4141f90d7dfe2b23 ] When operating two VAP on a MT7610 with encryption (PSK2, SAE, OWE), only the first one to be created will transmit properly encrypteded frames. All subsequently created VAPs will sent out frames with the payload left unencrypted, breaking multicast traffic (ICMP6 NDP) and potentially disclosing information to a third party. Disable GTK offloading and encrypt these frames in software to circumvent this issue. THis only seems to be necessary on MT7610 chips, as MT7612 is not affected from our testing. Signed-off-by: David Bauer Signed-off-by: Felix Fietkau Signed-off-by: Sasha Levin --- drivers/net/wireless/mediatek/mt76/mt76x02_util.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02_util.c b/drivers/net/wireless/mediatek/mt76/mt76x02_util.c index 11b769af2f8f..0f191bd28417 100644 --- a/drivers/net/wireless/mediatek/mt76/mt76x02_util.c +++ b/drivers/net/wireless/mediatek/mt76/mt76x02_util.c @@ -446,6 +446,10 @@ int mt76x02_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd, !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) return -EOPNOTSUPP; + /* MT76x0 GTK offloading does not work with more than one VIF */ + if (is_mt76x0(dev) && !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) + return -EOPNOTSUPP; + msta = sta ? (struct mt76x02_sta *)sta->drv_priv : NULL; wcid = msta ? &msta->wcid : &mvif->group_wcid; -- 2.30.2